第一步:在web.xml中的配置
1、filter
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy(FilterChainProxy包含了处理认证过程的filter列表,每个filter都有各自的功能。)
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>(可以通过修改只进行相应的URL匹配,如<url-pattern>*.do</url-pattern>、<url-pattern>*.jsp</url-pattern>等)
</filter-mapping>
3、 <listener>的HttpSessionEventPublisher用于发布HttpSessionApplicationEvents和HttpSessionDestroyedEvent事件给spring的applicationcontext。
<listener>
<listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
4、对applicationContext-acegi1.xml文件的调用。
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml
classpath:applicationContext-acegi1.xml
</param-value>
</context-param>
第二步、applicationContext-acegi1.xml文件中的配置。
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
]]></value>
</property>
</bean>
基础认证:
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />(从数据库中读取用户信息验证身份)
<ref local="anonymousAuthenticationProvider" />( 匿名用户身份认证)
<ref local="rememberMeAuthenticationProvider" />(已存cookie中的用户信息身份认证)
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailServiceImpl"></property>
<!-- <property name="saltSource" ref="saltSource"></property> -->
<!-- <property name="passwordEncoder" ref="passwordEncoder"></property> -->
</bean>
<!-- 匿名登录 -->
<bean id="anonymousAuthenticationProvider"
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="foobar"></property>
</bean>
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="foobar"></property>
<property name="userAttribute">
<value>anonymousUser,ROLE_ANONYMOUS</value>
</property>
</bean>
<!-- cookie记录 -->
<bean id="rememberMeAuthenticationProvider"
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="classnet_key"></property>
</bean>