日期:2014-05-20  浏览次数:20790 次

acegi 迁移到 spring security 的问题
最近在弄一个acegi到spring security2的迁移,
数据在数据库中,是经典的user,role,user-role,resource,role-resource的结构
迁移过程中 找不到很好的文档,也没找到 spring security代码解析的文章,照着 别人说的方法配置了半天还是出错


这是配置文件
XML code

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

    <authentication-manager alias="authenticationManager"/>
    <!-- 
    <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
        <beans:property name="allowIfAllAbstainDecisions" value="false"/>
        <beans:property name="decisionVoters">
            <beans:list>
                <beans:bean class="org.springframework.security.vote.RoleVoter"/>
                <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
            </beans:list>
        </beans:property>
    </beans:bean>
    
    <beans:bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
        <beans:property name="objectDefinitionSource" ref="secureResourceFilter" />
    </beans:bean>
    
    <beans:bean id="secureResourceFilter" class="com.mpc.security.resourcedetails.MySecureResourceFilter"></beans:bean>
    -->
    <beans:bean id="filterInvocationDefinitionSource"
        class="com.mpc.security.resourcedetails.JdbcFilterInvocationDefinitionSourceFactoryBean">
        <beans:property name="dataSource" ref="dataSource"/>
        <beans:property name="resourceQuery" value="
            这里的代码没有什么问题,测试过
        "/>
        
    </beans:bean>
    <beans:bean id="filterSecurityInterceptor"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor" autowire="byType">
        <custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
        <beans:property name="objectDefinitionSource" ref="filterInvocationDefinitionSource"/>
        <!--<beans:property name="accessDecisionManager" ref="accessDecisionManager"/>-->
    </beans:bean>
 
    <http auto-config="true" access-denied-page="/403.jsp">
        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />
            <form-login login-page="/login.jsp" 
                authentication-failure-url="/login.jsp?error=1" 
                default-target-url="/index.jsp" />
        <logout logout-success-url="/login.jsp"/>
    </http>

    
    <beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>

    <authentication-provider >
        <jdbc-user-service 
        data-source-ref="dataSource" 
        users-by-username-query="略"
        authorities-by-username-query="略"/>
    </authentication-provider>

</beans:beans>