标签:
没有任何注释,表怪我(¬_¬)
在本地用户验证,Windows域验证,公司单点登录服务器测试通过
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <global-method-security pre-post-annotations="enabled" order="0" proxy-target-class="true"> </global-method-security> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <http security="none" pattern="/resources/**" /> <beans:beans profile="local,ldap"> <http use-expressions="true"> <intercept-url pattern="/login" access="permitAll" /> <intercept-url pattern="/login/**" access="permitAll" /> <intercept-url pattern="/logout" access="permitAll" /> <intercept-url pattern="/webapi/**" access="permitAll" /> <intercept-url pattern="/**" access="isFullyAuthenticated()" /> <form-login login-page="/login" login-processing-url="/login" authentication-failure-url="/login?error" default-target-url="/" username-parameter="username" password-parameter="password" /> <logout logout-url="/logout" logout-success-url="/login?loggedOut" invalidate-session="true" delete-cookies="JSESSIONID" /> <session-management invalid-session-url="/login" session-fixation-protection="migrateSession"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-ref="sessionRegistry" /> </session-management> <csrf disabled="true" /> </http> </beans:beans> <beans:beans profile="local"> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> <password-encoder ref="passwordEncoder" /> </authentication-provider> </authentication-manager> </beans:beans> <beans:beans profile="ldap"> <authentication-manager> <authentication-provider ref="ldapAuthenticationProvider" /> </authentication-manager> <beans:bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <beans:constructor-arg index="0" ref="ldapAuthenticator" /> <beans:constructor-arg index="1" ref="ldapAuthoritiesPopulator" /> </beans:bean> <beans:bean id="ldapAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator"> <beans:constructor-arg ref="ldapContextSource" /> <beans:property name="userSearch" ref="ldapUserSearch" /> </beans:bean> <beans:bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <beans:constructor-arg index="0" value="${ldap.searchBase}" /> <beans:constructor-arg index="1" value="${ldap.searchFilter}" /> <beans:constructor-arg index="2" ref="ldapContextSource" /> </beans:bean> <beans:bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <beans:constructor-arg value="${ldap.url}" /> <beans:property name="userDn" value="${ldap.userDN}" /> <beans:property name="password" value="${ldap.password}" /> </beans:bean> <beans:bean id="ldapAuthoritiesPopulator" class="org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator"> <beans:constructor-arg ref="userDetailsService" /> </beans:bean> </beans:beans> <beans:beans profile="cas"> <http use-expressions="true" auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true"> <intercept-url pattern="${cas.localSystemLoginUrl}" access="permitAll" /> <intercept-url pattern="/login" access="permitAll" /> <intercept-url pattern="/login/**" access="permitAll" /> <intercept-url pattern="/logout" access="permitAll" /> <intercept-url pattern="/webapi/**" access="permitAll" /> <intercept-url pattern="/**" access="isFullyAuthenticated()" /> <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter" /> <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" /> <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" /> <logout logout-url="/logout" logout-success-url="/" invalidate-session="true" delete-cookies="JSESSIONID" /> <session-management invalid-session-url="/login" session-fixation-protection="migrateSession"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <csrf disabled="true" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <beans:property name="service" value="${cas.localSystemUrl}${cas.localSystemLoginUrl}" /> <beans:property name="sendRenew" value="false" /> </beans:bean> <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <beans:property name="loginUrl" value="${cas.loginUrl}" /> <beans:property name="serviceProperties" ref="serviceProperties" /> </beans:bean> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="${cas.url}" /> </beans:bean> </beans:property> <beans:property name="key" value="an_id_for_this_auth_provider_only" /> </beans:bean> <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="filterProcessesUrl" value="${cas.localSystemLoginUrl}" /> </beans:bean> <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" /> <beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="${cas.logoutUrl}" /> <beans:constructor-arg> <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> </beans:constructor-arg> <beans:property name="filterProcessesUrl" value="/logout" /> </beans:bean> </beans:beans> </beans:beans>
随附配置文件内容
cas.localSystemUrl=http://www.example.com
cas.localSystemLoginUrl=/j_spring_security_cas_check cas.url=http://cas.server.com/cas cas.loginUrl=http://cas.server.com/cas/login cas.logoutUrl=http://cas.server.com/cas/logout?service=http://www.example.com/logoutPage ldap.url=ldap://XXX.XXX.XXX.XXX:389 ldap.userDN=CN=XXX,OU=XXX,DC=XXX,DC=XXX ldap.password=XXX ldap.searchBase=DC=XXX,DC=XXX ldap.searchFilter=(sAMAccountName={0})
一份包含本地数据库验证,Windows域验证,单点登录的Spring Security配置文件
标签:
原文地址:http://www.cnblogs.com/cfrost/p/5491394.html