日期:2014-05-17 浏览次数:20968 次
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<!-- 过滤器链配置,其中filterInvocationDefinitionSource属性为配置过滤器的种类与先后顺序,注意,顺序不能配置错误哦 -->
    <bean id="filterChainProxy"
         class="org.springframework.security.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value><![CDATA[
             CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
             PATTERN_TYPE_APACHE_ANT
             /**=httpSessionIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor]]>
            </value>
        </property>
    </bean>
    <!-- 看看你是否已经登录了,如果登录了就略过下面的过滤器了,直接访问资源 -->
    <bean id="httpSessionIntegrationFilter"
         class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
    <!-- 安全验证入口 -->
    <bean id="authenticationEntryPoint"
         class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/index.jsp" /><!--默认登录页面-->
        <property name="forceHttps" value="true" /><!--使登录页面通过 HTTPS安全地进行显示-->
    </bean>
    <!-- 身份验证过滤器,就是验证身份用的嘛 -->
    <bean id="authenticationProcessingFilter"
         class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
        <!-- 验证连接名称,对应表单的action -->
        <property name="filterProcessesUrl"
             value="/j_spring_security_check" />
            <!-- 验证失败后去哪 -->
        <property name="authenticationFailureUrl"
             value="/index.jsp?error=1" />
            <!-- 验证成功后去哪 -->
        <property name="defaultTargetUrl"
             value="/security/security.jsp" />
        <!--依靠一个身份验证管理器来验证身份 其实这个才是干活的BEAN-->
        <property name="authenticationManager"
             ref="authenticationManager" />
    </bean>
    <!-- 用于处理登录失败异常和权限不足异常 -->
    <bean id="exceptionTranslationFilter"
         class="org.springframework.security.ui.ExceptionTranslationFilter">
        <!--配置出现exception时跳转到登录页-->
        <property name="authenticationEntryPoint"
             ref="authenticationEntryPoint" />
        <!--配置403(权限不足)错误后跳转的页面-->
        <property name="accessDeniedHandler" ref="accessDeniedHandler" />
    </bean>
    <!-- 配置权限不足时跳转到的页面 -->
    <bean id="accessDeniedHandler"
         class="org.springframework.security.ui.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/error.jsp" />
    <