acegi form认证具体demo

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> <!-- 通过过滤连形式，acegi提供很多filter，其中过滤器执行也有一定的顺序 ，同事支持正则和ant匹配--> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> PATTERN_TYPE_APACHE_ANT /**=authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor </value> </property> </bean> <!-- 表单认证处理filter --> <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <!-- 认证管理器，然后委托给Provides --> <property name="authenticationManager" ref="authenticationManager"/> <!-- 认证失败后转向的url，包含出错信息的的登陆页面 --> <property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/> <!-- 登陆成功后转向的url --> <property name="defaultTargetUrl" value="/userinfo.jsp"/> <!-- 登陆的url，这个是默认的acegi自带的 --> <property name="filterProcessesUrl" value="/j_acegi_security_check"/> </bean> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider" /> </list> </property> </bean> <!-- 从数据库中读取用户信息验证身份 --> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="inMemDaoImpl" /> </bean> <!-- 基于内存实现方式--> <bean id="inMemDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> test=1,ROLE_USER lisi=1,ROLE_SUPERVISOR zhangsan=1,ROLE_SUPERVISOR,disabled </value> </property> </bean> <!-- exception filter --> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <!-- 尚未登录, 进入非法(未认证不可访问)区域 --> <property name="authenticationEntryPoint"> <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl" value="/login.jsp"/> <!--若没登陆，则转向 用户登陆页面 --> <property name="forceHttps" value="false"/> <!-- 是否强制使用https --> </bean> </property> <!-- 登录后, 进入非授权区域 --> <property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/accessDenied.jsp"/> <!-- 进入无权限页面 ，根据需求写相应的信息--> </bean> </property> </bean> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" /> <property name="objectDefinitionSource"> <value><![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /userinfo.jsp=ROLE_SUPERVISOR ]]></value> </property> </bean> <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean class="org.acegisecurity.vote.RoleVoter"/> </list> </property> </bean> </beans>