keytool -import -file 12.srt -keystore %JAVA_HOME%/\jre\lib\security\cacerts
一个acegi配置文件
<?
xml version="1.0" encoding="UTF-8"
?>
<!
DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"
>
<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
- $Id: applicationContext-acegi-security.xml,v 1.5 2007/02/03 07:45:46 liqingwei Exp $
-->
<
beans
>
<
bean
id
="filterChainProxy"
class
="org.acegisecurity.util.FilterChainProxy"
>
<
property
name
="filterInvocationDefinitionSource"
>
<
value
>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</
value
>
</
property
>
</
bean
>
<
bean
id
="httpSessionContextIntegrationFilter"
class
="org.acegisecurity.context.HttpSessionContextIntegrationFilter"
/>
<
bean
id
="logoutFilter"
class
="org.acegisecurity.ui.logout.LogoutFilter"
>
<
constructor-arg
value
="https://10.100.2.12:8443/cas/logout"
/>
<!--
URL redirected to after logout
-->
<
constructor-arg
>
<
list
>
<
ref
bean
="rememberMeServices"
/>
<
bean
class
="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"
/>
</
list
>
</
constructor-arg
>
</
bean
>
<
bean
id
="casProcessingFilter"
class
="com.bjjdsy.ky.XbCasProcessingFilter"
>
<
property
name
="authenticationManager"
><
ref
local
="authenticationManager"
/></
property
>
<
property
name
="authenticationFailureUrl"
><
value
>
/casfailed.jsp
</
value
></
property
>
<
property
name
="defaultTargetUrl"
><
value
>
/
</
value
></
property
>
<
property
name
="filterProcessesUrl"
><
value
>
/j_acegi_cas_security_check
</
value
></
property
>
</
bean
>
<
bean
id
="securityContextHolderAwareRequestFilter"
class
="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"
/>
<
bean
id
="rememberMeProcessingFilter"
class
="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"
>
<
property
name
="authenticationManager"
ref
="authenticationManager"
/>
<
property
name
="rememberMeServices"
ref
="rememberMeServices"
/>
</
bean
>
<
bean
id
="anonymousProcessingFilter"
class
="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"
>
<
property
name
="key"
value
="changeThis"
/>
<
property
name
="userAttribute"
value
="anonymousUser,ROLE_ANONYMOUS"
/>
</
bean
>
<
bean
id
="exceptionTranslationFilter"
class
="org.acegisecurity.ui.ExceptionTranslationFilter"
>
<
property
name
="authenticationEntryPoint"
>
<
bean
id
="casProcessingFilterEntryPoint"
class
="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"
>
<
property
name
="loginUrl"
><
value
>
https://10.100.2.12:8443/cas/login
</
value
></
property
>
<
property
name
="serviceProperties"
><
ref
local
="serviceProperties"
/></
property
>
</
bean
>
</
property
>
<
property
name
="accessDeniedHandler"
>
<
bean
class
="org.acegisecurity.ui.AccessDeniedHandlerImpl"
>
<
property
name
="errorPage"
value
="/index.jsp"
/>
</
bean
>
</
property
>
</
bean
>
<
bean
id
="serviceProperties"
class
="org.acegisecurity.ui.cas.ServiceProperties"
>
<
property
name
="service"
><
value
>
http://localhost:8080/ky_zl/j_acegi_cas_security_check
</
value
></
property
>
<
property
name
="sendRenew"
><
value
>
false
</
value
></
property
>
</
bean
>
<
bean
id
="filterInvocationInterceptor"
class
="org.acegisecurity.intercept.web.FilterSecurityInterceptor"
>
<
property
name
="authenticationManager"
ref
="authenticationManager"
/>
<
property
name
="accessDecisionManager"
>
<
bean
class
="org.acegisecurity.vote.AffirmativeBased"
>
<
property
name
="allowIfAllAbstainDecisions"
value
="false"
/>
<
property
name
="decisionVoters"
>
<
list
>
<
bean
class
="org.acegisecurity.vote.RoleVoter"
/>
<
bean
class
="org.acegisecurity.vote.AuthenticatedVoter"
/>
</
list
>
</
property
>
</
bean
>
</
property
>
<
property
name
="objectDefinitionSource"
>
<
value
>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/adduser.do=ROLE_NORMAL
/showmain.do=ROLE_NORMAL
/**=ROLE_NORMAL
/query/queryprice.jsp=ROLE_ANONYMOUS
</
value
>
</
property
>
</
bean
>
<
bean
id
="rememberMeServices"
class
="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"
>
<
property
name
="userDetailsService"
ref
="userDetailsService"
/>
<
property
name
="key"
value
="changeThis"
/>
</
bean
>
<
bean
id
="authenticationManager"
class
="org.acegisecurity.providers.ProviderManager"
>
<
property
name
="providers"
>
<
list
>
<
ref
local
="casAuthenticationProvider"
/>
</
list
>
</
property
>
</
bean
>
<
bean
id
="casAuthenticationProvider"
class
="org.acegisecurity.providers.cas.CasAuthenticationProvider"
>
<
property
name
="casAuthoritiesPopulator"
><
ref
local
="casAuthoritiesPopulator"
/></
property
>
<
property
name
="casProxyDecider"
><
ref
local
="casProxyDecider"
/></
property
>
<
property
name
="ticketValidator"
><
ref
local
="casProxyTicketValidator"
/></
property
>
<
property
name
="statelessTicketCache"
><
ref
local
="statelessTicketCache"
/></
property
>
<
property
name
="key"
><
value
>
my_password_for_this_auth_provider_only
</
value
></
property
>
</
bean
>
<
bean
id
="casProxyTicketValidator"
class
="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"
>
<
property
name
="casValidate"
><
value
>
https://xbappsrv2:8443/cas/proxyValidate
</
value
></
property
>
<
property
name
="proxyCallbackUrl"
><
value
>
https://xbappsrv2:8443/contacts-cas/casProxy/receptor
</
value
></
property
>
<
property
name
="serviceProperties"
><
ref
bean
="serviceProperties"
/></
property
>
<!--
<property name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property>
-->
</
bean
>
<
bean
id
="statelessTicketCache"
class
="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"
>
<
property
name
="cache"
><
ref
local
="ticketCacheBackend"
/></
property
>
</
bean
>
<
bean
id
="cacheManager"
class
="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"
>
<
property
name
="configLocation"
>
<
value
>
classpath:/ehcache-failsafe.xml
</
value
>
</
property
>
</
bean
>
<
bean
id
="ticketCacheBackend"
class
="org.springframework.cache.ehcache.EhCacheFactoryBean"
>
<
property
name
="cacheManager"
>
<
ref
local
="cacheManager"
/>
</
property
>
<
property
name
="cacheName"
>
<
value
>
ticketCache
</
value
>
</
property
>
</
bean
>
<
bean
id
="casAuthoritiesPopulator"
class
="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"
>
<
property
name
="userDetailsService"
><
ref
bean
="userDetailsService"
/></
property
>
</
bean
>
<
bean
id
="userDetailsService"
class
="com.bjjdsy.ky.XbCasUserDetailsService"
>
<
property
name
="filialeDAO"
>
<
ref
bean
="FilialeTabDAO"
/>
</
property
>
<
property
name
="userDAO"
>
<
ref
bean
="User2TabDAO"
/>
</
property
>
<
property
name
="departmentDAO"
>
<
ref
bean
="DepartmentTabDAO"
/>
</
property
>
<
property
name
="authorityTabDAO"
>
<
ref
bean
