spring security2.0+hibernate3.2笔记之配置文件

目录结构：src/applicationContext.xml;WebRoot/WEB-INF/security.xml;WebRoot/WEB-INF/web.xml;

配置文件：

web.xml

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xml/WEB-INF/security.xml</param-value></context-param><welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list><!-- 延迟加载  开始--><filter><filter-name>lazy</filter-name><filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class></filter><filter-mapping><filter-name>lazy</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- 延迟加载  结束--><!-- Spring 开始--><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><!-- Spring 结束--><!-- Spring Security 开始--><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- Spring Security 结束--><!-- Spring Security 会话管理  开始--><listener><listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class></listener><!-- Spring Security 会话管理  结束--></web-app>

?applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:context="http://www.springframework.org/schema/context"xmlns:tx="http://www.springframework.org/schema/tx"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"xsi:schemaLocation="http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd         http://www.springframework.org/schema/context         http://www.springframework.org/schema/context/spring-context-3.0.xsd         http://www.springframework.org/schema/aop         http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"default-autowire="byType"><!-- 启动注解 --><context:annotation-config /><!-- 指定使用了注解的类所在包  --><context:component-scan base-package="com.ss3" /><!-- 启用注解事务 --><bean id="transactionManager"value="${jdbc.driverClassName}"></property><property name="url" value="${jdbc.url}"></property><property name="username" value="${jdbc.userName}"></property><property name="password" value="${jdbc.pwd}"></property></bean><bean id="sessionFactory"autowire="byName"><property name="dataSource" ref="dataSource"></property><property name="configLocation" value="classpath:hibernate.cfg.xml"></property></bean></beans>

?security.xml


<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"default-autowire="byType"><http auto-config="true" access-denied-page="/deny.html"><intercept-url pattern="/index.jsp" filters="none" /><!-- 控制多用户登陆 --><session-management><concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/></session-management><!--增加一个filter位于FILTER_SECURITY_INTERCEPTOR之前--><custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" /></http><!--一个自定义的filter，必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性--><beans:bean id="myFilter" ref="myAuthenticationManager" /><!-- 访问决策器，决定某个用户具有的角色，是否有足够的权限去访问某个资源     注解--><beans:property name="accessDecisionManager" ref="myAccessDecisionManager" /><!-- 资源源数据定义，将所有的资源和权限对应关系建立起来，即定义某一资源被允许访问的角色 --><beans:property name="securityMetadataSource" ref="myInvocationSecurityMetadataSourceService" /></beans:bean><!-- 验证配置 ， 认证管理器，实现用户认证的入口，实现UserDetailsService接口即可 --><authentication-manager alias="myAuthenticationManager"><authentication-provider user-service-ref="myUserDetailsService"><password-encoder hash="md5"><salt-source user-property="username" /></password-encoder></authentication-provider></authentication-manager></beans:beans>

?