secruity

security3.x

<?xml version="1.0" encoding="UTF-8"?>  
<beans:beans xmlns="http://www.springframework.org/schema/security"  
    xmlns:beans="http://www.springframework.org/schema/beans"   
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
xsi:schemaLocation="http://www.springframework.org/schema/beans   
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd    
http://www.springframework.org/schema/security   
http://www.springframework.org/schema/security/spring-security-3.1.xsd">  
    <global-method-security pre-post-annotations="enabled">  
    </global-method-security>  
    <!-- 该路径下的资源不用过滤 -->  
    <http pattern="/include/js/**" security="none" />  
    <http pattern="/include/css/**" security="none" />  
    <http pattern="/include/scripts/**" security="none" />  
    <http pattern="/include/jsp/**" security="none" />  
    <http pattern="/images/**" security="none" />  
    <http pattern="/login.jsp" security="none" />  
    <!--auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session).-->  
    <!-- lowercase-comparisons：表示URL比较前先转为小写。-->  
        <!-- path-type：表示使用Apache Ant的匹配模式。-->  
    <!--access-denied-page：访问拒绝时转向的页面。-->  
    <!-- access-decision-manager-ref：指定了自定义的访问策略管理器。-->  
      
    <http use-expressions="true" auto-config="true"  
        access-denied-page="/include/jsp/timeout.jsp">  
<!--login-page：指定登录页面。  -->  
<!-- login-processing-url：指定了客户在登录页面中按下 Sign In 按钮时要访问的 URL。-->  
        <!-- authentication-failure-url：指定了身份验证失败时跳转到的页面。-->  
        <!-- default-target-url：指定了成功进行身份验证和授权后默认呈现给用户的页面。-->  
<!-- always-use-default-target：指定了是否在身份验证通过后总是跳转到default-target-url属性指定的URL。 
-->  
          
<form-login login-page="/login.jsp" default-target-url='/system/default.jsp'  
        always-use-default-target="true" authentication-failure-url="/login.jsp?login_error=1" />  
<!--logout-url：指定了用于响应退出系统请求的URL。其默认值为：/j_spring_security_logout。-->  
        <!-- logout-success-url：退出系统后转向的URL。-->  
        <!-- invalidate-session：指定在退出系统时是否要销毁Session。-->  
        <logout invalidate-session="true" logout-success-url="/login.jsp"  
            logout-url="/j_spring_security_logout" />  
        <!-- 实现免登陆验证 -->  
        <remember-me />  
  
        <!-- max-sessions:允许用户帐号登录的次数。范例限制用户只能登录一次。-->  
<!-- 此值表示：用户第二次登录时，前一次的登录信息都被清空。-->  
 <!--   exception-if-maximum-exceeded:默认为false，-->  
<!-- 当exception-if-maximum-exceeded="true"时系统会拒绝第二次登录。-->  
  
        <session-management invalid-session-url="/login.jsp"  
            session-fixation-protection="none">  
            <concurrency-control max-sessions="1"  
                error-if-maximum-exceeded="false" />  
        </session-management>  
        <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />  
        <session-management  
            session-authentication-strategy-ref="sas" />  
  
    </http>  
<beans:bean id="sas"  
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">  
        <beans:constructor-arg name="sessionRegistry"  
            ref="sessionRegistry" />  
        <beans:property name="maximumSessions" value="1" />  
        <!-- 防止session攻击 -->  
        <beans:property name="alwaysCreateSession" value="true" />  
        <beans:property name="migrateSessionAttributes" value="false" />  
        <!--  同一个帐号 同时只能一个人登录 -->  
        <beans:property name="exceptionIfMaximumExceeded"  
            value="false" />  
    </beans:bean>  
    <beans:bean id="sessionRegistry"  
        class="org.springframework.security.core.session.SessionRegistryImpl" />  
    <!-- 
事件监听:实现了ApplicationListener监听接口，包括AuthenticationCredentialsNotFoundEvent 事件，-->  
    <!-- AuthorizationFailureEvent事件，AuthorizedEvent事件， PublicInvocationEvent事件-->  
    <beans:bean  
        class="org.springframework.security.authentication.event.LoggerListener" />  
    <!-- 自定义资源文件   提示信息 -->  
    <beans:bean id="messageSource"  
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">  
        <beans:property name="basenames" value="classpath:message_zh_CN">  
</beans:property>  
    </beans:bean>  
    <!-- 配置过滤器 -->  
    <beans:bean id="myFilter"  
        class="com.taskmanager.web.security.MySecurityFilter">  
    <!-- 用户拥有的权限 -->  
    <beans:property name="authenticationManager" ref="myAuthenticationManager" />  
    <!-- 用户是否拥有所请求资源的权限 -->  
    <beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />  
    <!-- 资源与权限对应关系 -->  
    <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource" />  
    </beans:bean>  
    <!-- 实现了UserDetailsService的Bean -->  
    <authentication-manager alias="myAuthenticationManager">  
        <authentication-provider user-service-ref="myUserDetailServiceImpl">  
            <!-- 登入 密码  采用MD5加密 -->  
            <password-encoder hash="md5" ref="passwordEncoder">  
            </password-encoder>  
        </authentication-provider>  
    </authentication-manager>  
    <!-- 验证用户请求资源  是否拥有权限 -->  
    <beans:bean id="myAccessDecisionManager"  
        class="com.taskmanager.web.security.MyAccessDecisionManager">  
    </beans:bean>  
    <!-- 系统运行时加载 系统要拦截的资源   与用户请求时要过滤的资源 -->  
    <beans:bean id="mySecurityMetadataSource"  
        class="com.taskmanager.web.security.MySecurityMetadataSource">  
        <beans:constructor-arg name="powerService" ref="powerService">  
</beans:constructor-arg>  
    </beans:bean>  
    <!-- 获取用户登入角色信息 -->  
    <beans:bean id="myUserDetailServiceImpl"  
        class="com.taskmanager.web.security.MyUserDetailServiceImpl">  
        <beans:property name="userService" ref="userService"></beans:property>  
    </beans:bean>  
  
    <!-- 用户的密码加密或解密 -->  
    <beans:bean id="passwordEncoder"  
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />  
</beans:beans>

security4.x

<beans:beans  
        xmlns="http://www.springframework.org/schema/security"  
        xmlns:beans="http://www.springframework.org/schema/beans"  
        xmlns:p="http://www.springframework.org/schema/p"  
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
        xmlns:context="http://www.springframework.org/schema/context"  
        xsi:schemaLocation="http://www.springframework.org/schema/beans  
          http://www.springframework.org/schema/beans/spring-beans.xsd  
          http://www.springframework.org/schema/context  
          http://www.springframework.org/schema/context/spring-context.xsd  
          http://www.springframework.org/schema/security  
              http://www.springframework.org/schema/security/spring-security.xsd">  
  
  
    <context:component-scan base-package="com.framework.security"/>  
  
  
    <!--<http pattern="/pm/**" security="none" />-->  
    <http pattern="/login.jsp" security="none" />  
    <http pattern="/common/**" security="none" />  
    <http pattern="/*.ico" security="none" />  
  
  
    <http  use-expressions="false" >  
        <!-- IS_AUTHENTICATED_ANONYMOUSLY 匿名登录 -->  
        <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />  
        <intercept-url pattern="/pm/**/*.jsp" access="ROLE_STATIC" />  
        <form-login login-page="/login"    authentication-failure-url="/login?error=1" authentication-success-forward-url="/main.to" />  
        <logout invalidate-session="true" logout-url="/logout"  logout-success-url="/"  />  
        <http-basic/>  
        <headers >  
            <frame-options disabled="true"></frame-options>  
        </headers>  
  
  
        <csrf token-repository-ref="csrfTokenRepository" />  
  
  
        <session-management session-authentication-error-url="/frame.expired" >  
            <!-- max-sessions只容许一个账号登录，error-if-maximum-exceeded 后面账号登录后踢出前一个账号，expired-url session过期跳转界面 -->  
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/frame.expired" session-registry-ref="sessionRegistry" />  
        </session-management>  
  
  
        <expression-handler ref="webexpressionHandler" ></expression-handler>  
    </http>  
  
  
    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />  
  
  
    <beans:bean id="userDetailsService" class="com.framework.security.UserDetailsServiceImpl" />  
  
  
    <!--配置web端使用权限控制-->  
    <beans:bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />  
  
  
    <authentication-manager >  
        <authentication-provider ref="authenticationProvider" />  
    </authentication-manager>  
  
  
    <!-- 自定义userDetailsService， 盐值加密 -->  
    <beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">  
        <beans:property name="hideUserNotFoundExceptions" value="true" />  
        <beans:property name="userDetailsService" ref="userDetailsService" />  
        <beans:property name="passwordEncoder" ref="passwordEncoder" />  
        <beans:property name="saltSource" ref="saltSource" />  
    </beans:bean>  
  
  
    <!-- Md5加密 -->  
    <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />  
  
  
    <!-- 盐值加密 salt对应数据库字段-->  
    <beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">  
        <beans:property name="userPropertyToUse" value="salt"/>  
    </beans:bean>  
  
  
    <beans:bean id="csrfTokenRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository" />  
</beans:beans>

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <global-method-security pre-post-annotations="enabled">
    </global-method-security>
    
    <http pattern="/include/js/**" security="none" />
    <http pattern="/include/css/**" security="none" />
    <http pattern="/include/scripts/**" security="none" />
    <http pattern="/include/jsp/**" security="none" />
    <http pattern="/images/**" security="none" />
    <http pattern="/login.jsp" security="none" />
    
    
        
    
    

    <http use-expressions="true" auto-config="true"
        access-denied-page="/include/jsp/timeout.jsp">


        
        


<form-login login-page="/login.jsp" default-target-url='/system/default.jsp'
        always-use-default-target="true" authentication-failure-url="/login.jsp?login_error=1" />

        
        
        <logout invalidate-session="true" logout-success-url="/login.jsp"
            logout-url="/j_spring_security_logout" />
        
        <remember-me />

        




        <session-management invalid-session-url="/login.jsp"
            session-fixation-protection="none">
            <concurrency-control max-sessions="1"
                error-if-maximum-exceeded="false" />
        </session-management>
        <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />
        <session-management
            session-authentication-strategy-ref="sas" />

    </http>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
        <beans:constructor-arg name="sessionRegistry"
            ref="sessionRegistry" />
        <beans:property name="maximumSessions" value="1" />
        
        <beans:property name="alwaysCreateSession" value="true" />
        <beans:property name="migrateSessionAttributes" value="false" />
        
        <beans:property name="exceptionIfMaximumExceeded"
            value="false" />
    </beans:bean>
    <beans:bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl" />
    
    
    <beans:bean
        class="org.springframework.security.authentication.event.LoggerListener" />
    
    <beans:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <beans:property name="basenames" value="classpath:message_zh_CN">
</beans:property>
    </beans:bean>
    
    <beans:bean id="myFilter"
        class="com.taskmanager.web.security.MySecurityFilter">
    
    <beans:property name="authenticationManager" ref="myAuthenticationManager" />
    
    <beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />
    
    <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource" />
    </beans:bean>
    
    <authentication-manager alias="myAuthenticationManager">
        <authentication-provider user-service-ref="myUserDetailServiceImpl">
            
            <password-encoder hash="md5" ref="passwordEncoder">
            </password-encoder>
        </authentication-provider>
    </authentication-manager>
    
    <beans:bean id="myAccessDecisionManager"
        class="com.taskmanager.web.security.MyAccessDecisionManager">
    </beans:bean>
    
    <beans:bean id="mySecurityMetadataSource"
        class="com.taskmanager.web.security.MySecurityMetadataSource">
        <beans:constructor-arg name="powerService" ref="powerService">
</beans:constructor-arg>
    </beans:bean>
    
    <beans:bean id="myUserDetailServiceImpl"
        class="com.taskmanager.web.security.MyUserDetailServiceImpl">
        <beans:property name="userService" ref="userService"></beans:property>
    </beans:bean>

    
    <beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
</beans:beans>

相关阅读:
Leetcode Reverse Words in a String
topcoder SRM 619 DIV2 GoodCompanyDivTwo
topcoder SRM 618 DIV2 MovingRooksDiv2
topcoder SRM 618 DIV2 WritingWords
topcoder SRM 618 DIV2 LongWordsDiv2
Zepto Code Rush 2014 A. Feed with Candy
Zepto Code Rush 2014 B
Codeforces Round #245 (Div. 2) B
Codeforces Round #245 (Div. 2) A
Codeforces Round #247 (Div. 2) B
原文地址：https://www.cnblogs.com/zhouyun-yx/p/10915894.html