首页 > 代码库 > spring security与cas client集成(无http标签方式)
spring security与cas client集成(无http标签方式)
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd"> <bean id="securityFilter" class="org.springframework.security.web.FilterChainProxy"> <constructor-arg> <util:list> <!-- <security:filter-chain pattern="/" filters="casValidationFilter, wrappingFilter" /> <security:filter-chain pattern="/secure/receptor" filters="casValidationFilter" /> <security:filter-chain pattern="/index.xhtml" filters="requestSingleLogoutFilter,securityContextFilter,rememberMeFilter" /> <security:filter-chain pattern="/j_spring_security_logout" filters="requestSingleLogoutFilter,exceptionTranslationFilter,filterSecurityInterceptor" /> --> <security:filter-chain pattern="/**" filters="securityContextFilter,testFilter,casFilter,sessionManagementFilter, exceptionTranslationFilter,filterSecurityInterceptor" /> </util:list> </constructor-arg> </bean> <bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter"> <constructor-arg index="0" ref="httpSessionSecurityContextRepository"/> </bean> <bean id="httpSessionSecurityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/> <bean id="securityContextFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource"> <security:filter-invocation-definition-source> <security:intercept-url pattern="/admin" access="ROLE_ADMIN"/> <security:intercept-url pattern="/index" access="ROLE_USER"/> </security:filter-invocation-definition-source> </property> </bean> <bean id="testFilter" class="test.TestFilter"/> <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <property name="service" value=http://www.mamicode.com/"http://test.eteams.cn:9088/j_spring_cas_security_check"/>>自定义了一个testfilter用于测试,可以删掉,usermanager是实现的UserDetailsService接口,至于为什么不用http标签方式配置,因为这个灵活度高,可扩展性强,这个还没有配好单点登出功能,后面配好会更新,后面还会实现动态验证码等等功能!
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。