67,513
社区成员
发帖
与我相关
我的任务
分享
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml,classpath:appsecurity.xml</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.util.IntrospectorCleanupListener
</listener-class>
</listener>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>OpenSessionInViewFilter</filter-name>
<filter-class>
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
<init-param>
<param-name>flushMode</param-name>
<param-value>AUTO</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OpenSessionInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts-cleanup</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ActionContextCleanUp
</filter-class>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts-cleanup</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>/login.jsp</welcome-file>
</welcome-file-list>
<http auto-config="true" access-denied-page="/common/403.jsp">
<!-- intercept-url:拦截器,可以设定哪些路径需要哪些权限来访问. filters=none 不使用过滤,也可以理解为忽略 -->
<intercept-url pattern="/index.jsp" access="ROLE_USER" />
<intercept-url pattern="/login.jsp" filters="none" />
<intercept-url pattern="/common/**" filters="none" />
<intercept-url pattern="/js/**" filters="none" />
<!-- session-management是针对session的管理. 这里可以不配置. 如有需求可以配置. -->
<!-- id登陆唯一. 后登陆的账号会挤掉第一次登陆的账号 error-if-maximum-exceeded="true" 禁止2次登陆;
session-fixation-protection="none" 防止伪造sessionid攻击. 用户登录成功后会销毁用户当前的session.
创建新的session,并把用户信息复制到新session中.
-->
<session-management session-fixation-protection="none">
<concurrency-control />
</session-management>
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面 -->
<form-login login-page="/login.jsp"
authentication-failure-url="/common/403.jsp"
default-target-url="/index.jsp" />
<!-- logout-success-url:成功注销后跳转到的页面; -->
<logout logout-success-url="/login.jsp" />
<http-basic />
<custom-filter ref="bdFilter"
before="FILTER_SECURITY_INTERCEPTOR" />
</http>
<beans:bean id="bdFilter" class="com.security.BdFilter">
<beans:property name="authenticationManager"
ref="bdAuthenticationManager" />
<beans:property name="accessDecisionManager"
ref="bdAccessDecisionManager" />
<beans:property name="securityMetadataSource"
ref="bdSecurityMetadataSource" />
</beans:bean>
<!-- 权限管理操作 -->
<authentication-manager alias="bdAuthenticationManager">
<authentication-provider
user-service-ref="userDetailsServiceImpl">
<!--
密码加密方式. 常用的有md5 和 sha.
salt-source:忘记了.. 手头api关了,网速卡就不上网查了. 类似在md5上又加了一层. 防止暴力破解. 追加安全性. -->
<password-encoder hash="md5">
<salt-source user-property="username" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="bdAccessDecisionManager" class="com.security.BdAccessDecision" />
<beans:bean id="bdSecurityMetadataSource" class="com.security.BdSecurityMetadataSoruce" />
<beans:bean id="userDetailsServiceImpl" class="com.security.BdUserService" />