當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

spring security只要熟悉每个filter的作用和顺序

發布時間：2023/12/15 编程问答 20 豆豆

生活随笔收集整理的這篇文章主要介紹了 spring security只要熟悉每个filter的作用和顺序小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

來源：http://blog.sina.com.cn/s/blog_6fda308501016wjh.html

<?xml?version="1.0"?encoding="UTF-8"?>??

<beans?xmlns="http://www.springframework.org/schema/beans"??

????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"??

????xmlns:context="http://www.springframework.org/schema/context"??

????xmlns:sec="http://www.springframework.org/schema/security"??

????xsi:schemaLocation="??

????????http://www.springframework.org/schema/beans?http://www.springframework.org/schema/beans/spring-beans-3.0.xsd??

????????http://www.springframework.org/schema/context?http://www.springframework.org/schema/context/spring-context-3.0.xsd??

????????http://www.springframework.org/schema/security?http://www.springframework.org/schema/security/spring-security-3.0.xsd">??

????<bean?id="springSecurityFilterChain"?class="org.springframework.security.web.FilterChainProxy">??

????????<sec:filter-chain-map?path-type="ant">??

????????????<sec:filter-chain?pattern="/**"?filters="??

????????????????securityContextPersistenceFilter,??

????????????????logoutFilter,??

????????????????usernamePasswordAuthenticationFilter,??

????????????????securityContextHolderAwareRequestFilte,??

????????????????rememberMeFilter,??

????????????????sessionManagementFilter,??

????????????????anonymousProcessingFilter,??

????????????????exceptionTranslationFilter,??

????????????????filterSecurityInterceptor"?/>??

????????</sec:filter-chain-map>??

????</bean>??

??????

????<bean?id="securityContextRepository"?class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"?/>??

????<bean?id="securityContextPersistenceFilter"?class="org.springframework.security.web.context.SecurityContextPersistenceFilter">??

????????<property?name="securityContextRepository"?ref="securityContextRepository"/>??

????</bean>??

????

????<bean?id="logoutFilter"?class="org.springframework.security.web.authentication.logout.LogoutFilter">??

????????<constructor-arg?value="/security/notLogin"/>??

????????<constructor-arg>??

????????????<list>??

????????????????<ref?local="rememberMeServices"/>??

????????????????<bean?class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean>??

????????????</list>??

????????</constructor-arg>??

????</bean>??

??????

????<bean?id="usernamePasswordAuthenticationFilter"?class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">??

????????<property?name="authenticationManager"?ref="authenticationManager"/>??

????????<property?name="authenticationFailureHandler"?ref="failureHandler"?/>??

????????<property?name="authenticationSuccessHandler"?ref="successHandler"?/>??

????????<property?name="rememberMeServices"?ref="rememberMeServices"/>??

????</bean>??

????<bean?id="successHandler"?class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"?>??

????????<property?name="defaultTargetUrl"?value="/security/loginSuccess.json"?/>??

????????<property?name="alwaysUseDefaultTargetUrl"?value="true"?/>??

????</bean>??

????<bean?id="failureHandler"?class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"?>??

????????<property?name="defaultFailureUrl"?value="/security/loginFailure.json"?/>??

????</bean>??

??????

????<bean?name="securityContextHolderAwareRequestFilte"?class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"></bean>??

??????

????<bean?id="rememberMeFilter"?class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">??

????????<property?name="authenticationManager"?ref="authenticationManager"/>??

????????<property?name="rememberMeServices"?ref="rememberMeServices"/>??

????</bean>??

??????

????<bean?id="rememberMeServices"?class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">??

????????<property?name="userDetailsService"?ref="userDetailsService"/>??

????????<property?name="key"?value="springRocks"/>??

????????<property?name="alwaysRemember"?value="false"/>??

????</bean>??

??????

????<bean?id="rememberMeAuthenticationProvider"??

????????class="org.springframework.security.authentication.RememberMeAuthenticationProvider">??

????????<property?name="key"?value="springRocks"/>??

????</bean>??

??????

????<bean?name="sessionManagementFilter"?class="org.springframework.security.web.session.SessionManagementFilter">??

????????<constructor-arg?name="securityContextRepository"?ref="securityContextRepository"/>??

????????<property?name="invalidSessionUrl"?value="/security/notLogin"></property>??

????</bean>??

??????

????<bean?id="anonymousProcessingFilter"?class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">??

????????<property?name="key"?value="changeThis"/>??

????????<property?name="userAttribute"?value="anonymousUser,ROLE_ANONYMOUS"/>??

????</bean>?????

????<bean?id="exceptionTranslationFilter"?class="org.springframework.security.web.access.ExceptionTranslationFilter">??

????????<property?name="authenticationEntryPoint">?????

????????????<bean?class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">?????

????????????????<property?name="loginFormUrl"?value="/security/notLogin"/>?????

????????????</bean>?????

????????</property>?????

????????<property?name="accessDeniedHandler">?????

????????????<bean?class="org.springframework.security.web.access.AccessDeniedHandlerImpl">?????

????????????????<property?name="errorPage"?value="/resources/page/login.jsp?login_error=2"/>??

????????????</bean>?????

????????</property>?????

????</bean>??

??????

????<bean?id="filterSecurityInterceptor"?class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">??

????????<property?name="authenticationManager"?ref="authenticationManager"/>??

????????<property?name="accessDecisionManager"?ref="accessDecisionManager"/>??

????????<property?name="securityMetadataSource">??

????????????<sec:filter-security-metadata-source>??

????????????????<sec:intercept-url?pattern="/security/notLogin"?access="IS_AUTHENTICATED_ANONYMOUSLY"/>??

????????????????<sec:intercept-url?pattern="/security/loginFailure.json"?access="IS_AUTHENTICATED_ANONYMOUSLY"/>??

????????????????<sec:intercept-url?pattern="/images/**"?access="IS_AUTHENTICATED_ANONYMOUSLY"/>??

????????????????<sec:intercept-url?pattern="/scripts/**"?access="IS_AUTHENTICATED_ANONYMOUSLY"/>??

????????????????<sec:intercept-url?pattern="/styles/**"?access="IS_AUTHENTICATED_ANONYMOUSLY"/>??

????????????????<sec:intercept-url?pattern="/**"?access="ROLE_USER,ROLE_ADMIN,ROLE_SUPER_ADMIN"/>??

????????????</sec:filter-security-metadata-source>??

????????</property>??

????</bean>??

??????

????<bean?id="accessDecisionManager"?class="org.springframework.security.access.vote.AffirmativeBased">??

????????<property?name="allowIfAllAbstainDecisions"?value="false"/>??

????????<property?name="decisionVoters">??

????????????<list>??

????????????????<bean?class="org.springframework.security.access.vote.RoleVoter"/>??

????????????????<bean?class="org.springframework.security.access.vote.AuthenticatedVoter"/>??

????????????</list>??

????????</property>??

????</bean>??

????<bean?id="authenticationManager"?class="org.springframework.security.authentication.ProviderManager">??

????????<property?name="providers">??

????????????<list>??

????????????????<ref?local="daoAuthenticationProvider"/>??

????????????????<ref?local="rememberMeAuthenticationProvider"?/>????

????????????</list>??

????????</property>??

????</bean>??

????<bean?id="daoAuthenticationProvider"?class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">??

????????<property?name="userDetailsService"?ref="userDetailsService"/>??

????</bean>??

????<bean?id="userDetailsService"?class="com.javaeye.melin.core.spring.userdetails.IBatisDaoImpl"?/>??

????<!--????

????<bean?id="authenticationLoggerListener"?class="org.springframework.security.authentication.event.LoggerListener"/>??

????<bean?id="authorizationLoggerListener"?class="org.springframework.security.access.event.LoggerListener"/>??

????-->??

</beans> ?

總結

以上是生活随笔為你收集整理的spring security只要熟悉每个filter的作用和顺序的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。