standardSecurity.xml 7.25 KB
Newer Older
Spencer Chang's avatar
Spencer Chang committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135
<!-- 此文件用于标准登录方式 -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
                                 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <http security="none" pattern="/get_contract_image"/>
    <http security="none" pattern="/post_sign"/>
    <http security="none" pattern="/sign_keyword_locations"/>
    <http security="none" pattern="/aes/encrypt"/>
    <http security="none" pattern="/aes/decrypt"/>
    <http security="none" pattern="/hls_file/**"/>

    <http security="none" pattern="/resources/**"/>
    <http security="none" pattern="/leafresource/**"/>
    <http security="none" pattern="/lib/**"/>
    <http security="none" pattern="/timeout"/>
    <http security="none" pattern="/verifiCode"/>
    <http security="none" pattern="/resource/**"/>

    <!--leaf-->
    <http security="none" pattern="/css/**"/>
    <http security="none" pattern="/sys/office/open/* "/>
    <http security="none" pattern="/images/**"/>
    <http security="none" pattern="/javascripts/**"/>
    <http security="none" pattern="/kindeditor/**"/>
    <http security="none" pattern="/office_edit_online/**"/>
    <http security="none" pattern="/modules/zjwfl/javascripts/**"/>
    <http security="none" pattern="/modules/doodream/doodream_response.lsc"/>
    <http security="none" pattern="/modules/sys/SYS404/ds_sys_sms_send.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_EtPayment.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_MoAccount.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_CrAccount_job.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_ReAccount_job.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_WX/wx_update_company_Info.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_WX/wx_update_trailer_result.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_WX/get_wx_trailer_Info.lsc"/>
    <http security="none" pattern="/modules/interface/INTERFACE_WX/get_wx_usedcar_Info.lsc"/>
    <http security="none" pattern="/contract/signature/**"/>
    <http security="none" pattern="/jacob/**"/>
    <!--<http security="none" pattern="/**/*.lsc"/>-->
    <!--<http security="none" pattern="/**/*.lview"/>-->

    <http access-decision-manager-ref="accessDecisionManager" entry-point-ref="loginEntryPoint">
        <csrf request-matcher-ref="csrfSecurityRequestMatcher"/>
        <!--<csrf disabled="true"/>-->

        <intercept-url pattern="/**/*.lsc" access="permitAll"/>
        <intercept-url pattern="/**/*.lview" access="permitAll"/>
        <intercept-url pattern="/autocrud/**" access="permitAll"/>
        <intercept-url pattern="/sys/office/**" access="permitAll" />
        <intercept-url pattern="/login" access="permitAll"/>
        <intercept-url pattern="/login.html" access="permitAll"/>
        <!--       <intercept-url pattern="/common/**" access="permitAll" />-->
        <intercept-url pattern="/websocket/**" access="permitAll"/>
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
        <access-denied-handler error-page="/access-denied"/>
        <session-management invalid-session-url="/timeout"/>

        <!--<form-login login-page='/login' authentication-success-handler-ref="successHandler"
                    authentication-failure-handler-ref="loginFailureHandler"/>-->
        <!--authentication-failure-url="/login?error=true"/>-->
        <!-- 验证码拦截器 -->
        <custom-filter ref="captchaVerifierFilter" before="FORM_LOGIN_FILTER"/>
        <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />

        <logout logout-url="/logout" success-handler-ref="logoutHandler"/>

        <headers defaults-disabled="true">
            <!--    <xss-protection enabled="true"></xss-protection>-->
            <cache-control/>
        </headers>
    </http>

    <beans:bean id="loginFailureHandler" class="com.hand.hap.security.LoginFailureHandler"/>
    <beans:bean class="com.hand.hap.security.UserLoginInfoCollectionLisenter"></beans:bean>

    <!-- 认证管理器,确定用户,角色及相应的权限 -->
    <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
        <!-- 投票器 -->
        <beans:constructor-arg>
            <beans:list>
                <beans:bean class="com.hand.hap.security.CustomWebExpressionVoter"/>
                <beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
                <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
                <beans:bean class="com.hand.hls.security.LeafResourceVoter"/>
            </beans:list>
        </beans:constructor-arg>
    </beans:bean>

    <!-- 扩展UsernamePasswordAuthenticationFilter并替代<login-form> -->
    <beans:bean id="authenticationFilter" class="com.hand.hap.security.filter.UsernamePasswordAuthenticationExtendFilter" >
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationSuccessHandler" ref="successHandler" />
        <beans:property name="authenticationFailureHandler" ref="loginFailureHandler"/>
    </beans:bean>

    <beans:bean id="loginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:constructor-arg value="/login" />
    </beans:bean>

    <!--<beans:import resource="standardSecurity-LDAP.xml"/>-->
    <authentication-manager  alias="authenticationManager">
        <!--Ldap验证-->
        <!-- <authentication-provider ref="ldapAuthProvider" />-->
        <!--标准登录验证-->
        <!--生成开发此处不同 add chenlingfeng for ds-->
        <authentication-provider user-service-ref="customUserDetailsService">
        <!--<authentication-provider user-service-ref="leafUserDetailsService">-->
            <password-encoder ref="passwordManager"/>
        </authentication-provider>
    </authentication-manager>

    <beans:bean id="captchaVerifierFilter" class="com.hand.hap.security.CaptchaVerifierFilter">
        <beans:property name="captchaField" value="verifiCode"/>
    </beans:bean>

    <beans:bean id="successHandler" class="com.hand.hap.security.CustomAuthenticationSuccessHandler"/>

    <beans:bean id="logoutHandler" class="com.hand.hap.security.CustomLogoutSuccessHandler"/>

    <beans:bean id="csrfSecurityRequestMatcher" class="com.hand.hls.security.LeafCsrfSecurityRequestMatcher">
        <beans:property name="excludeUrls">
            <beans:list>
                <beans:value>/login</beans:value>
                <beans:value>/websocket/**</beans:value>
                <beans:value>/autocrud/**</beans:value>
                <beans:value>/sys/office/**</beans:value>
                <beans:value>/atm_upload.lsc;**</beans:value>
            </beans:list>
        </beans:property>
    </beans:bean>

</beans:beans>