spring acegi如何配置,我配的不对请大家指点

spring acegi如何配置?我是按下面配置做的
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

<bean id="filterChainProxy"
class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
<![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=concurrentSessionFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
]]>
</value>
</property>
</bean>

<!-- 控制并发HttpSession; 限制同一账号在同一时间登录到同一Web应用的次数,即控制并发HttpSession数量 -->
<bean id="concurrentSessionFilter"
class="org.springframework.security.concurrent.ConcurrentSessionFilter">

<!-- 引用一个HttpSession注册器 -->
<property name="sessionRegistry" ref="sessionRegistry"></property>

<!-- 设置HttpSession失效后重定向的URL -->
<property name="expiredUrl">
<value>/</value>
</property>
</bean>

<!-- 一个HttpSession注册器,动态维护登录到这一Web应用的所有HttpSession信息 -->
<bean id="sessionRegistry"
class="org.springframework.security.concurrent.SessionRegistryImpl">
</bean> <bean id="concurrentSessionController"
class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl"> <property name="maximumSessions" value="5"></property>

<property name="exceptionIfMaximumExceeded" value="false" /> <property name="sessionRegistry" ref="sessionRegistry" />
</bean>

<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">

<constructor-arg value="/login.do" />
<constructor-arg>
<list>
<ref bean="rememberMeServices" />
<bean
class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>

<bean id="authenticationProcessingFilter"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">

<property name="authenticationManager" ref="authenticationManager" /> <property name="authenticationFailureUrl" value="/login.do" />

<property name="defaultTargetUrl" value="/page/chaddNews.do" />

<property name="filterProcessesUrl" value="/j_spring_security_check" />

<property name="rememberMeServices" ref="rememberMeServices" />

<property name="exceptionMappings">
<props>
<prop key="org.springframework.security.BadCredentialsException">
/login.do?error=badCredentials
</prop>
<prop key="org.springframework.security.DisabledException">
/login.do?error=disabled
</prop>
</props>
</property>
</bean>

<bean id="httpSessionContextIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
<property name="forceEagerSessionCreation" value="true" />
</bean>

<bean id="daoAuthenticationProvider"
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">

<property name="userDetailsService" ref="userDetailsService" />
<property name="userCache">
<ref local="userCache" />
</property>
</bean>

<bean id="userCache"
class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<ref local="userCacheBackend" />
</property>
</bean>

<bean id="cacheManager" 
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" /> <bean id="userCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager" ref="cacheManager" />
<property name="cacheName" value="userCache" />
</bean>

<bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<bean
class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis" />
</bean>
<bean
class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="springRocks" />
</bean>
</list>
</property>
<property name="sessionController" ref="concurrentSessionController" />
</bean>

<bean id="userDetailsService"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">

<property name="dataSource">
<ref bean="dataSource" />
</property> <property name="usersByUsernameQuery">
<value>
select username,password,status from 
t_user 
where username=? and status != '废弃'
</value>
</property>
<property name="rolePrefix" value="PRIV_"></property>
<property name="authoritiesByUsernameQuery">
<value>
select distinct u.username,p.priv_name from 
t_user u,t_user_priv p 
where u.user_id = p.user_id and u.username = ?
</value>
</property>
</bean>

<bean id="securityContextHolderAwareRequestFilter"
class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" /> <bean id="rememberMeProcessingFilter"
class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">

<property name="authenticationManager" ref="authenticationManager" />

<property name="rememberMeServices" ref="rememberMeServices" />
</bean>

<bean id="rememberMeServices"
class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
<!-- 引用一个userDetailsService实例 -->
<property name="userDetailsService" ref="userDetailsService" />
<property name="key" value="springRocks" />
</bean>

<!-- 访问异常过滤器 -->
<bean id="exceptionTranslationFilter"
class="org.springframework.security.ui.ExceptionTranslationFilter">

<!-- 设置认证入口点 -->
<property name="authenticationEntryPoint">
<bean
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<!-- 用于登录的表单URL -->
<property name="loginFormUrl"
value="/login.do" />
<!-- 是否使用HTTPS -->
<property name="forceHttps" value="false" />
</bean>
</property>

<!-- 权限访问否决处理 -->
<property name="accessDeniedHandler">
<bean
class="org.springframework.security.ui.AccessDeniedHandlerImpl">

<!-- 设置否决后重定向的页面URL -->
<property name="errorPage" value="/denied.do" />
</bean>
</property>
</bean>

<!-- 安全强制过滤器 -->
<bean id="filterInvocationInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">

<!-- 为它提供一个认证管理器 -->
<property name="authenticationManager" ref="authenticationManager" />

<!-- 访问决策管理 -->
<property name="accessDecisionManager">
<bean class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />

<!-- 决策投票器 -->
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="PRIV_" />
</bean>
<bean class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>

<!-- 设置资源访问权限 -->
<property name="objectDefinitionSource">
<value>
<![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT

/page/chinitializeNews.do** = PRIV_MANAGER
/page/chinitializeSearchNews.do** = PRIV_MANAGER
/page/viewNews.do** = PRIV_USER
/**=PRIV_ALL
]]>
</value>
</property>
</bean>

<!-- 启用匿名认证服务 -->
<bean id="anonymousProcessingFilter"
class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<!-- 是否要给未登录的用户创建匿名帐户 -->
<property name="createAnonymous" value="false" />

<!-- 标识符,要和authenticationManager一致 -->
<property name="key" value="changeThis" />

<!-- 用于指定匿名用户(anonymousUser)、权限信息(ROLE_ANONYMOUS)、启动状态(enabled/disabled) -->
<property name="userAttribute" value="anonymousUser,PRIV_ANONYMOUS" />
</bean>

<!-- 认证监听器 -->
<bean id="loggerListener"
class="org.springframework.security.event.authentication.LoggerListener" />
     
</beans>

解决方案 »

  1.   

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
    <beans>
       <!-- ======================== FILTER CHAIN ======================= -->
       <!--  if you wish to use channel security, add "channelProcessingFilter," in front
          of "httpSessionContextIntegrationFilter" in the list below -->
       <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
          <property name="filterInvocationDefinitionSource">
             <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityEnforcementFilter
             </value>
          </property>
       </bean>
       <!-- ======================== AUTHENTICATION ======================= -->
       <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
          <property name="providers">
             <list>
                <ref local="daoAuthenticationProvider"/>
             </list>
          </property>
       </bean>
       <bean id="jdbcDaoImpl" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
          <property name="dataSource">
             <ref bean="jndiDataSource"/>
          </property>      
          <property name="usersByUsernameQuery">
             <value>SELECT logging_in_account,logging_in_password, '1' FROM user_info WHERE logging_in_account = ?</value>
          </property>
          <property name="authoritiesByUsernameQuery">
             <value> SELECT usr.logging_in_account, func.function_name FROM user_info usr, user_role_relation urrel, role,
                system_function func, role_system_function_relation  rfrel WHERE usr.user_Id = urrel.user_id AND
                urrel.role_id = role.role_id AND role.role_id = rfrel.role_id AND
                rfrel.function_id = func.function_id AND usr.logging_in_account = ? </value>
          </property>
          <property name="rolePrefix">
             <value></value>
          </property>
       </bean>     <bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.ShaPasswordEncoder"/>
    <bean id="daoAuthenticationProvider"  class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="authenticationDao">
    <ref local="jdbcDaoImpl"/>
    </property>
    <property name="passwordEncoder">
    <ref bean="passwordEncoder"/>
    </property>
    </bean>   <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
       <bean id="httpSessionContextIntegrationFilter"
          class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
          <property name="context">
             <value>net.sf.acegisecurity.context.security.SecureContextImpl</value>
          </property>
       </bean>
       <!-- ===================== HTTP REQUEST SECURITY ==================== -->
       <bean id="securityEnforcementFilter"
          class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
          <property name="filterSecurityInterceptor">
             <ref local="filterInvocationInterceptor"/>
          </property>
          <property name="authenticationEntryPoint">
             <ref local="authenticationProcessingFilterEntryPoint"/>
          </property>
       </bean>
       <bean id="filterInvocationInterceptor"
          class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
          <property name="authenticationManager">
             <ref bean="authenticationManager"/>
          </property>
          <property name="accessDecisionManager">
             <ref local="httpRequestAccessDecisionManager"/>
          </property>
          <property name="objectDefinitionSource">
             <value> 
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT 
                /review.jsf=test,tbst
                /myjob.jsf=test,tbst
                /**/*.jsf=test,tbst
             </value>
          </property>
       </bean>
    <bean id="authenticationProcessingFilter"
    class="cn.ccb.clpm.web.common.ClpmAuthenticationProcessingFilter">
    <property name="authenticationManager">
    <ref bean="authenticationManager" />
    </property>
    <property name="authenticationFailureUrl">
    <value>/login_passworderror.jsp</value>
    </property>
    <property name="defaultTargetUrl">
    <value>/gotoViewPage.jsf</value>
    </property>
    <property name="filterProcessesUrl">
    <value>/j_acegi_security_check</value>
    </property>
    <property name="userBS">
    <ref bean="userBS" />
    </property>
    <property name="organizationBS">
    <ref bean="organizationBS" />
    </property>
    <property name="sysLoginUCC">
    <ref bean="sysLoginUCC" />
    </property>
    </bean>
       <bean id="authenticationProcessingFilterEntryPoint"
          class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl">
             <value>/login.jsp</value>
          </property>
          <property name="forceHttps">
             <value>false</value>
          </property>
       </bean>
       <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions">
             <value>false</value>
          </property>
          <property name="decisionVoters">
             <list>
                <ref bean="roleVoter"/>
             </list>
          </property>
       </bean>
       <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter">
          <property name="rolePrefix">
             <value></value>
          </property>
       </bean>

       <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
            The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
            Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
    </beans>
      

  2.   

    http://zhanjia.javaeye.com/category/43399
    慢慢看吧