it still can't work.
/setup/**=httpSessionContextIntegrationFilter,setupAuthen ticationProcessingFilter,basicProcessingFilter,sec urityEnforcementFilter
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans SYSTEM "xsd-dtd/spring-beans.dtd">
<beans>
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy"
class="net.sf.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/setup/**=httpSessionContextIntegrationFilter,setupAuthenticationProcessingFilter,basicProcessingFilter,securityEnforcementFilter
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,securityEnforcementFilter
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="context">
<value>
net.sf.acegisecurity.context.security.SecureContextImpl
</value>
</property>
</bean>
<bean id="jdbcAuthenticationProvider"
class="demoscore.security.JDBCAuthenticationProviderImpl">
<property name="driverClass">
<value>${jdbc.login.driverClass}</value>
</property>
<property name="dbUrl">
<value>${jdbc.login.url}</value>
</property>
<property name="authenticationDao">
<ref local="hibernateDaoImpl" />
</property>
<property name="userCache">
<ref local="userCache" />
</property>
<!-- remove comment on using CTAIS database
<property name="saltSource">
<ref local="saltSource" />
</property>
<property name="passwordEncoder">
<ref local="passwordEncoder" />
</property>
-->
</bean>
<bean id="dbmsAuthenticationProvider"
class="demoscore.security.DBMSAuthenticationProviderImpl">
<property name="driverClass">
<value>${jdbc.login.driverClass}</value>
</property>
<property name="dbUrl">
<value>${jdbc.login.url}</value>
</property>
<property name="authenticationDao">
<ref local="hibernateDaoImpl" />
</property>
<property name="userCache">
<ref local="userCache" />
</property>
<!-- remove comment on using CTAIS database
<property name="saltSource">
<ref local="saltSource" />
</property>
<property name="passwordEncoder">
<ref local="passwordEncoder" />
</property>
-->
</bean>
<bean id="saltSource"
class="net.sf.acegisecurity.providers.dao.salt.ReflectionSaltSource">
<property name="userPropertyToUse">
<value>getUsername</value>
</property>
</bean>
<bean id="hibernateDaoImpl"
class="demoscore.security.AuthenticationDaoHibernateImpl">
<property name="sessionFactory">
<ref local="securitySessionFactory" />
</property>
</bean>
<bean id="securitySessionFactory"
class="org.springframework.orm.hibernate.LocalSessionFactoryBean">
<property name="mappingResources">
<list>
<value>com/fjky/xfile/core/orm/UserDetails.hbm.xml</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${login.hibernate.dialect}</prop>
<prop key="hibernate.connection.provider_class">${login.hibernate.connection.provider_class}</prop>
<prop key="hibernate.show_sql">false</prop>
</props>
</property>
<!--
<property name="dataSource">
<ref bean="securityDataSource" />
</property>
-->
</bean>
<bean id="securityDataSource"
class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:hsql://localhost:9001/fjky-fzgs</value>
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value />
</property>
</bean>
<!-- ======================== AUTHENTICATION ======================= -->
<bean id="authenticationManager"
class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="dbmsAuthenticationProvider" />
<ref local="jdbcAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="passwordEncoder"
class="org.ctais.security.CTAISPasswordEncoder" />
<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
<bean id="userCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager" />
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>
<bean id="userCache"
class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<ref local="userCacheBackend" />
</property>
</bean>
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
<bean id="loggerListener"
class="net.sf.acegisecurity.providers.dao.event.LoggerListener" />
<bean id="basicProcessingFilter"
class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager">
<ref local="authenticationManager" />
</property>
<property name="authenticationEntryPoint">
<ref local="basicProcessingFilterEntryPoint" />
</property>
</bean>
<bean id="basicProcessingFilterEntryPoint"
class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName">
<value>Contacts Realm</value>
</property>
</bean>
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<!-- You will need to uncomment the "Acegi Channel Processing Filter"
<filter-mapping> in web.xml for the following beans to be used -->
<bean id="channelProcessingFilter"
class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager">
<ref local="channelDecisionManager" />
</property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/secure/.*\Z=REQUIRES_SECURE_CHANNEL
\A/customlogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
\A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
\A/setup/customlogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
\A/setup/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
\A.*\Z=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager"
class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref local="secureChannelProcessor" />
<ref local="insecureChannelProcessor" />
</list>
</property>
</bean>
<bean id="secureChannelProcessor"
class="net.sf.acegisecurity.securechannel.SecureChannelProcessor" />
<bean id="insecureChannelProcessor"
class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor" />
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
<bean id="authenticationProcessingFilter"
class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/customlogin.jsp?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
</bean>
<bean id="securityEnforcementFilter"
class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
<property name="filterSecurityInterceptor">
<ref local="filterInvocationInterceptor" />
</property>
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
</bean>
<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
<bean id="filterInvocationInterceptor"
class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/preferences/*.*\Z=ROLE_CONFIG,ROLE_SUPERVISOR,ROLE_ADMIN
\A/xfile/*.*\Z=ROLE_XFILE
\A/enchance/*.*\Z=ROLE_IMPORTER,ROLE_XFILE
\A/online/*.*\Z=ROLE_USER
\A/xource/*.*\Z=ROLE_USER
</value>
</property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/customlogin.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<!-- An access decision voter that reads ROLE_* configuration settings -->
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />
<bean id="setupAuthenticationManager"
class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="jdbcAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="setupAuthenticationProcessingFilter"
class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/setup/customlogin.jsp?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/setup/</value>
</property>
<property name="filterProcessesUrl">
<value>/setup/j_acegi_security_check</value>
</property>
</bean>
<bean id="setupAuthenticationProcessingFilterEntryPoint"
class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/setup/customlogin.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="setupFilterInvocationInterceptor"
class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="setupAuthenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/setup/*.*\Z=ROLE_SETUP
</value>
</property>
</bean>
</beans>
Member
how to config two login entry point?
Originally Posted by creatxr
Posting Permissions
