附录 D. 命名空间

注意

命名空间需要升级到spring security 3.1.3

默认namespace:"http://www.springframework.org/schema/security"

根节点可能是http, authentication-provider, authentication-manager, user-service, jdbc-user-service, ldap-user-service, filter-invocation-definition-source, ldap-server或者global-method-security。

还有几个元素可以嵌入到其他bean标签里,filter-chain-map, custom-filter, custom-authentication-provider, intercept-methods。

<b:bean id="springSecurityFilterChain"
        class="org.springframework.security.util.FilterChainProxy">
    <filter-chain-map path-type="ant">
        <filter-chain pattern="/**"
                      path-type="ant|regex"
                      filters="httpSessionContextIntegrationFilter,
                      authenticationProcessingFilter,
                      exceptionTranslationFilter,
                      filterInvocationInterceptor" />
    </filter-chain-map>
</b:bean>

<filter-invocation-definition-source id="string" lowercase-comparisons="boolean" path-type="ant|regex">
    <intercept-url pattern="string"
                   access="string"
                   method="GET|DELETE|HEAD|OPTIONS|POST|PUT|TRACE"
                   filters="none"
                   requires-channel="http|https|any"/>
</filter-invocation-definition-source>

<b:bean id="authenticationProcessingFilter"
      class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <custom-filter before="AUTHENTICATION_PROCESSING_FILTER" /><!-- before|position|after -->
</b:bean>

named-security-filter =
	"FIRST"
	| "CHANNEL_FILTER"
	| "CONCURRENT_SESSION_FILTER"
	| "SECURITY_CONTEXT_FILTER"
	| "LOGOUT_FILTER"
	| "X509_FILTER"
	| "PRE_AUTH_FILTER"
	| "CAS_FILTER"
	| "FORM_LOGIN_FILTER"
	| "OPENID_FILTER"
	| "BASIC_AUTH_FILTER"
	| "SERVLET_API_SUPPORT_FILTER"
	| "REMEMBER_ME_FILTER"
	| "ANONYMOUS_FILTER"
	| "EXCEPTION_TRANSLATION_FILTER"
	| "SESSION_MANAGEMENT_FILTER"
	| "FILTER_SECURITY_INTERCEPTOR"
	| "SWITCH_USER_FILTER"
	| "LAST"
    

D.1. http

<http auto-config="boolean"
      create-session="ifRequired|always|never"
      path-type="ant|regex"
      lowercase-comparisons="boolean"
      access-decision-manager-ref="string"
      realm="Spring Security Application"
      session-fixation-protection="none|newSession|migrateSession"
      entry-point-ref="string"
      once-per-request="boolean"
      access-denied-page="string">
    <intercept-url pattern="string"
                   access="string"
                   method="GET|DELETE|HEAD|OPTIONS|POST|PUT|TRACE"
                   filters="none"
                   requires-channel="http|https|any"/>
    <form-login login-processing-url="string"
                default-target-url="string"
                always-use-default-target="boolean"
                login-page="string"
                authentication-failure-url="string"/>
    <openid-login login-processing-url="string"
                  default-target-url="string"
                  always-use-default-target="boolean"
                  login-page="string"
                  authentication-failure-url="string"
                  user-service-ref="string"/>
    <x509 subject-principal-regex="string"
          user-service-ref="string"/>
    <http-basic/>
    <logout logout-url=""
            logout-success-url=""
            invalidate-session="boolean"/>
    <concurrent-session-control max-sessions="positiveInteger"
                                expired-url="string"
                                exception-if-maximum-exceeded="boolean"
                                session-registry-alias="string"
                                session-registry-ref="string"/>
    <remember-me key="string"
                 token-repository-ref="string"
                 remember-me-data-source-ref="string"
                 remember-me-services-ref="string"
                 user-service-ref="string"
                 token-validity-seconds="positiveInteger"/>
    <anonymous key="string"
               username="string"
               granted-authority="string"/>
    <port-mappings>
        <port-mapping http="" https=""/>
    </port-mappings>
</http>
        

D.2. authentication-provider

<authentication-provider user-service-ref="string">
    <user-service id="string" properties="string">
        <user name="string" password="string" authorities="string" locked="boolean" disabled="boolean"/>
    </user-service>
    <jdbc-user-service id="string"
                       data-source-ref="string"
                       cache-ref="string"
                       users-by-username-query="string"
                       authorities-by-username-query="string"
                       group-authorities-by-username-query="string"
                       role-prefix="string"/>
    <ldap-user-service id="string"
                       ldap-server-ref="string"
                       user-search-filter="string"
                       user-search-base="string"
                       group-search-filter="string"
                       group-search-base="string"
                       group-role-attribute="string"
                       cache-ref="string"
                       role-prefix="string"
                       user-details-class="string"/>
    <password-encoder hash="plaintext|sha|sha-256|md5|md4|{sha}|{ssha}" base64="boolean">
        <salt-source user-property="string" system-wide="string"/>
    </password-encoder>
</authentication-provider>

<authentication-manager alias="string" session-controller-ref="string"/>

<b:bean id="casAuthenticationProvider"
        class="org.springframework.security.providers.cas.CasAuthenticationProvider">
    <custom-authentication-provider/>
</b:bean>
        

D.3. ldap-server

<ldap-server id="string"
             url="string"
             port="integer"
             manager-dn="string"
             manager-password="string"
             ldif="string"
             root="string"
             server-ref="string">
</ldap-server>

<ldap-authentication-provider ldap-server-ref="string"
                              user-search-filter="string"
                              user-search-base="string"
                              group-search-filter="string"
                              group-search-base="string"
                              group-role-attribute="string"
                              cache-ref="string"
                              role-prefix="string"
                              user-details-class="string">
    <password-compare password-attribute="string" hash="string">
        <password-encoder hash="plaintext|sha|sha-256|md5|md4|{sha}|{ssha}" base64="boolean">
            <salt-source user-property="string" system-wide="string"/>
        </password-encoder>
    </password-compare>
</ldap-authentication-provider>

        

D.4. global-method-security

<b:bean id="securedObject"
        class="com.habuma.expectations.springsecurity.intercept.SecuredObject">
    <intercept-methods access-decision-manager-ref="string">
        <protect access="ROLE_SECRET_AGENT" method="getSecuredData"/>
    </intercept-methods>
</b:bean>

<global-method-security secured-annotations="disabled|enabled"
                        jsr250-annotations="disabled|enabled"
                        access-decision-manager-ref="string">
    <protect-pointcut expression="string" access="string"/>
</global-method-security>