Configuring Spring Security |
Login http://static.springsource.org/spring-security/site/downloads.html and download Spring Security. The version is 3.1.0.
Download spring-web.jar(), jstl.jar(http://jstl.java.net)
Decompress Spring Security. Place *.jar, spring-web.jar, jstl.jar to %SuperMap iServer Java_HOME%/webapps/iserver/WEB-INF/lib
Add Spring Security filter to web.xml (web.xml is in %SuperMap iServer Java_HOME%/webapps/iserver/WEB-INF), with name springSecurityFilterChain. The springSecurityFilterChain shoud be placed to the above of iserver-services:
<!--Sping Security Filter Configuration-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
Where <url-pattern>/*</url-pattern> represents that all URLs will go by springSecurityFilterChain. applicationContext-security.xml controls the users' authority. The framework of applicationContext-security.xml:
<?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?>
<beans:beans xmlns=quot;http://www.springframework.org/schema/securityquot;
xmlns:beans=quot;http://www.springframework.org/schema/beansquot;
xmlns:xsi=quot;http://www.w3.org/2001/XMLSchema-instancequot;
xsi:schemaLocation=quot;http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsdquot;>
<!�Config item-->
...
</beans:beans>
Add china, world to applicationContext-security.xml
<authentication-manager>
<authentication-provider>
<user-service>
<user name=quot;chinaquot; password=quot;chinaquot; authorities=quot;ROLE_CHINAquot; />
<user name=quot;worldquot; password=quot;worldquot; authorities=quot;ROLE_WORLDquot; />
</user-service>
</authentication-provider>
</authentication-manager>
This is clear text way.
Add URL to eliminate /services/map-china/** and /services/map-world/**:
<http use-expressions=quot;truequot;>
<intercept-url pattern=quot;/services/map-china/**quot; access=quot;hasRole('ROLE_CHINA')quot; />
<intercept-url pattern=quot;/services/map-world/**quot; access=quot;hasRole('ROLE_WORLD')quot; />
<intercept-url pattern=quot;/**quot; access=quot;permitAllquot; />
<form-login />
<logout />
<remember-me />
<!-- Eliminate session number -->
<session-management invalid-session-url=quot;/timeout.jspquot;>
<concurrency-control max-sessions=quot;1quot; error-if-maximum-exceeded=quot;truequot; />
</session-management>
</http>
<session-management />Eliminate session number to 1. timeout.jsp code:
<%@page session=quot;falsequot; %>
<%@taglib prefix=quot;cquot; uri=quot;http://java.sun.com/jsp/jstl/corequot; %>
<!DOCTYPE HTML PUBLIC quot;-//W3C//DTD HTML 4.01 Transitional//ENquot;>
<html>
<head>
<meta http-equiv=quot;content-typequot; content=quot;text/html; charset=UTF-8quot;>
<title>Session Obsolete</title>
</head>
<body>
<div id=quot;contentquot;>
<h2>Illegal Session</h2>
<p>
session Obsolete, please <a href=quot;<c:url value='/'/>quot;>relogin</a>.
</p>
</div>
</body>
</html>