github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
							<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:util="http://www.springframework.org/schema/util"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
	http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd">

	<!--
		- A simple "base bones" Acegi Security configuration.
		-
		- The sample includes the "popular" features that people tend to use.
		- Specifically, form authentication, remember-me, and anonymous processing.
		- Other features aren't setup, as these can be added later by inserting
		- the relevant XML fragments as specified in the Reference Guide.
		-
		- To assist new users, the filters specified in the FilterChainProxy are
		- declared in the application context in the same order. Collaborators
		- required by those filters are placed at the end of the file.
		-
		- $Id: applicationContext-acegi-security.xml 1513 2006-05-29 13:32:12Z benalex $
	-->


	<bean id="filterChainProxy"
		class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
			</value>
		</property>
	</bean>

	<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
	<security:session-context-integration
		id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />


	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
	<security:logout-support id="logoutFilter"
		redirectAfterLogoutUrl="/index.jsp" />

	<security:authentication-remember-me-services
		id="rememberMeServices" key="someValue" />


	<bean id="SecurityContextLogoutHandler"
		class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />

	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
	<security:authentication-form id="authenticationProcessinFilter"
		authenticationUrl="/j_acegi_security_check" defaultTargetUrl="/"
		errorFormUrl="/acegilogin.jsp?login_error=1" />

	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
	<security:authentication-mechanism id="authenticationManager" />

	<!-- dao authentication provider "authenticationRepository" -->
	<security:authentication-repository id="daoAuthenticationProvider" />

	<bean id="securityContextHolderAwareRequestFilter"
		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />

	<!-- makes the filter, but does little else, as it auto-detects everything -->
	<security:authentication-remember-me-filter id="rememberMeFilter" />

	<bean id="anonymousProcessingFilter"
		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
		<property name="key" value="changeThis" />
		<property name="userAttribute"
			value="anonymousUser,ROLE_ANONYMOUS" />
	</bean>

	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
		other props; i do not mind if you move the access denied stuff to a sub-element -->
	<security:exception-translation id="exceptionTranslationFilter">
		<security:entry-point
			entryPointBeanRef="authenticationEntryPoint" />
	</security:exception-translation>


	<bean id="authenticationEntryPoint"
		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl" value="/acegilogin.jsp" />
		<property name="forceHttps" value="false" />
	</bean>


	<bean id="accessDeniedHandler"
		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
		<property name="errorPage" value="/accessDenied.jsp" />
	</bean>


	<bean id="filterInvocationInterceptor"
		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager"
			ref="authenticationManager" />
		<property name="accessDecisionManager">
			<bean class="org.acegisecurity.vote.AffirmativeBased">
				<property name="allowIfAllAbstainDecisions"
					value="false" />
				<property name="decisionVoters">
					<list>
						<bean class="org.acegisecurity.vote.RoleVoter" />
						<bean
							class="org.acegisecurity.vote.AuthenticatedVoter" />
					</list>
				</property>
			</bean>
		</property>
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/secure/extreme/**=ROLE_SUPERVISOR
				/secure/**=IS_AUTHENTICATED_REMEMBERED
				/**=IS_AUTHENTICATED_ANONYMOUSLY
			</value>
		</property>
	</bean>


	<!--<bean id="authenticationManager"
		class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
		<list>
		<ref local="daoAuthenticationProvider" />
		<bean
					class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
		<property name="key" value="changeThis" />
		</bean>
		<bean
					class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
		<property name="key" value="changeThis" />
		</bean>
		</list>
		</property>
		</bean>-->

	<bean id="userCache"
		class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
		<property name="cache">
			<bean
				class="org.springframework.cache.ehcache.EhCacheFactoryBean">
				<property name="cacheManager">
					<bean
						class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
				</property>
				<property name="cacheName" value="userCache" />
			</bean>
		</property>
	</bean>


	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->

	<security:principal-repository id="userDetailsService">
		<security:properties resource="/WEB-INF/users.properties" />
	</security:principal-repository>


	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
	<bean id="loggerListener"
		class="org.acegisecurity.event.authentication.LoggerListener" />

</beans>