最近在弄一个acegi到spring security2的迁移,
数据在数据库中,是经典的user,role,user-role,resource,role-resource的结构
迁移过程中 找不到很好的文档,也没找到 spring security代码解析的文章,照着 别人说的方法配置了半天还是出错
这是配置文件
- XML code
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> <authentication-manager alias="authenticationManager"/> <!-- <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> <beans:property name="allowIfAllAbstainDecisions" value="false"/> <beans:property name="decisionVoters"> <beans:list> <beans:bean class="org.springframework.security.vote.RoleVoter"/> <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/> </beans:list> </beans:property> </beans:bean> <beans:bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="accessDecisionManager" ref="accessDecisionManager"/> <beans:property name="objectDefinitionSource" ref="secureResourceFilter" /> </beans:bean> <beans:bean id="secureResourceFilter" class="com.mpc.security.resourcedetails.MySecureResourceFilter"></beans:bean> --> <beans:bean id="filterInvocationDefinitionSource" class="com.mpc.security.resourcedetails.JdbcFilterInvocationDefinitionSourceFactoryBean"> <beans:property name="dataSource" ref="dataSource"/> <beans:property name="resourceQuery" value=" 这里的代码没有什么问题,测试过 "/> </beans:bean> <beans:bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor" autowire="byType"> <custom-filter before="FILTER_SECURITY_INTERCEPTOR" /> <beans:property name="objectDefinitionSource" ref="filterInvocationDefinitionSource"/> <!--<beans:property name="accessDecisionManager" ref="accessDecisionManager"/>--> </beans:bean> <http auto-config="true" access-denied-page="/403.jsp"> <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" /> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=1" default-target-url="/index.jsp" /> <logout logout-success-url="/login.jsp"/> </http> <beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/> <authentication-provider > <jdbc-user-service data-source-ref="dataSource" users-by-username-query="略" authorities-by-username-query="略"/> </authentication-provider></beans:beans>