小伙伴们了解springsecurity两套登陆规则吗?它们怎么实现呢?springsecurity中可能会需要用到,下面一起来看看吧。
实例:
<http name="admin" pattern="/admin/**" use-expressions="true" entry-point-ref="adminAuthProcessingFilterEntryPoint" access-denied-page="/admin/login"> <!-- 检测失效的sessionId,超时时定位到另外一个URL --> <session-management invalid-session-url="/admin/login" /> <custom-filter ref="adminLoginFilter" position="FORM_LOGIN_FILTER" /> <!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前, 实现用户、角色、权限、资源的数据库管理。 --> <custom-filter ref="adminCustomFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> < !--用户Token登录控制-- > <http name="publisher" pattern="/publisher/**" use-expressions="true" entry-point-ref="tokenAuthProcessingFilterEntryPoint" access-denied-page="/publisher/login"> <!-- 检测失效的sessionId,超时时定位到另外一个URL --> <session-management invalid-session-url="/publisher/login" /> <custom-filter ref="tokenLoginFilter" positon="FORM_LOGIN_FILTER" /> <!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前, 实现用户、角色、权限、资源的数据库管理。 --> <custom-filter ref="tokenCustomFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> < !--<http use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint"> --> <!-- <form-login login-page="/login" authentication-failure-url="/login?error=true" default-target-url="/login" /> --> <!-- <intercept-url pattern="/admin/**" access="ROLE_USER" /> --> <!-- "记住我"功能,采用持久化策略(将用户的登录信息存放在数据库表中) --> <!-- <remember-me data-source-ref="dataSource" /> --> <!-- 检测失效的sessionId,超时时定位到另外一个URL --> <!-- <session-management invalid-session-url="/publisher/login" /> --> <!-- <custom-filter ref="adminLoginFilter" position="FORM_LOGIN_FILTER" /> 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前, 实现用户、角色、权限、资源的数据库管理。 <custom-filter ref="customFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http>-- > <!-- 未登录的切入点 --> <beans:bean id="adminAuthProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/admin/login"></beans:property> </beans:bean> < beans: bean id = "tokenAuthProcessingFilterEntryPoint" class = "org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" > <beans:property name="loginFormUrl" value="/publisher/login"></beans:property> < /beans:bean> < !--登录验证器-- > <beans:bean id="adminLoginFilter" class="com.sportedu.server.security.admin.AdminUsernamePasswordAuthenticationFilter"> <!-- 处理登录 --> <beans:property name="filterProcessesUrl" value="/j_spring_security_check" /> <beans:property name="authenticationSuccessHandler" ref="loginAdminAuthenticationSuccessHandler" /> <beans:property name="authenticationFailureHandler" ref="simpleAdminUrlAuthenticationFailureHandler" /> <beans:property name="authenticationManager" ref="adminauthenticationManager" /> </beans:bean> < !--登录成功页面跳转-- > <beans:bean id="loginAdminAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/jsp/admin/common/main.jsp" /> </beans:bean> < !--登录失败返回页面-- > <beans:bean id="simpleAdminUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <beans:property name="defaultFailureUrl" value="/admin/login" /> </beans:bean> < beans: bean id = "tokenLoginFilter" class = "com.sportedu.server.security.token.TokenUsernamePasswordAuthenticationFilter" > <!-- 处理登录 --> <beans:property name="filterProcessesUrl" value="/j_spring_security_check" /> < beans: property name = "authenticationSuccessHandler" ref = "loginPublisherAuthenticationSuccessHandler" / > <beans:property name="authenticationFailureHandler" ref="simplePublisehrUrlAuthenticationFailureHandler" /> < beans: property name = "authenticationManager" ref = "tokenauthenticationManager" / > </beans:bean> < !--登录成功页面跳转-- > <beans:bean id="loginPublisherAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/jsp/publisher/common/main.jsp" /> </beans:bean> < !--登录失败返回页面-- > <beans:bean id="simplePublisehrUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <beans:property name="defaultFailureUrl" value="/publisher/login" /> </beans:bean> < !--一个自定义的filter, 必须包含authenticationManager, accessDecisionManager, securityMetadataSource三个属性。-- > <beans:bean id="adminCustomFilter" class="com.sportedu.server.security.admin.AdminFilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="adminauthenticationManager" /> <beans:property name="accessDecisionManager" ref="adminAccessDecisionManager" /> <beans:property name="securityMetadataSource" ref="adminSecurityMetadataSource" /> </beans:bean> < beans: bean id = "tokenCustomFilter" class = "com.sportedu.server.security.token.TokenFilterSecurityInterceptor" > <beans:property name="authenticationManager" ref="tokenauthenticationManager" /> < beans: property name = "accessDecisionManager" ref = "tokenAccessDecisionManager" / > <beans:property name="securityMetadataSource" ref="tokenSecurityMetadataSource" /> < /beans:bean> < !--注意能够为authentication - manager 设置alias别名-- > <authentication-manager alias="adminauthenticationManager"> <authentication-provider user-service-ref="adminDetailsService" /> </authentication-manager> < authentication - manager alias = "tokenauthenticationManager" > <authentication-provider user-service-ref="tokenDetailsService" /> < /authentication-manager> < !--自定义权限处理-- > <beans:bean name="adminDetailsService" class="com.sportedu.server.security.admin.AdminUserDetailsService" /> < beans: bean name = "tokenDetailsService" class = "com.sportedu.server.security.token.TokenUserDetailsService" / > <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源。 --> <beans:bean id="adminAccessDecisionManager" class="com.sportedu.server.security.admin.AdminAccessDecisionManager"> </beans:bean> < beans: bean id = "tokenAccessDecisionManager" class = "com.sportedu.server.security.token.TokenAccessDecisionManager" > </beans:bean> < !--资源源数据定义, 将所有的资源和权限对应关系建立起来, 即定义某一资源可以被哪些角色去访问。-- > <beans:bean id="adminSecurityMetadataSource" class="com.sportedu.server.security.admin.AdminInvocationSecurityMetadataSourceService"> </beans:bean> < beans: bean id = "tokenSecurityMetadataSource" class = "com.sportedu.server.security.token.TokenInvocationSecurityMetadataSourceService" > </beans:bean> < /beans:beans>
以上就是本篇文章的所有内容,关于java架构师如果小伙伴们还有想了解的知识可以关注我们了解详情。