<!-- 匿名访问放行资源 -->
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/js/**" security="none"></security:http>
<security:http pattern="/image/**" security="none"></security:http>
<security:http pattern="/plugins/**" security="none"></security:http>
<!--1. 入口点引用-->
<security:http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint" >
<!-- 匿名登录-->
<security:intercept-url pattern="/seckillOrder/**.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:csrf disabled="true"/>
<!-- custom-filter为过滤器, position 表示将过滤器放在指定的位置上,before表示放在指定位置之前 ,after表示放在指定的位置之后 -->
<security:custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
<security:custom-filter ref="logoutFilter" before="LOGOUT_FILTER"/>
<security:custom-filter ref="singleSignOutFilter" before="CAS_FILTER"/>
</security:http>
<!--cas 入口点-->
<bean class="org.springframework.security.cas.web.CasAuthenticationEntryPoint" id="casProcessingFilterEntryPoint">
<property name="loginUrl" value="http://localhost:8090/cas/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties" >
<property name="service" value="http://localhost:8089/login/cas" />
</bean>
<!--cas 入口结束-->
<!--. 认证过滤器开始-->
<bean class="org.springframework.security.cas.web.CasAuthenticationFilter" id="casAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<!--认证管理器-->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider" />
</security:authentication-manager>
<!--认证提供者-->
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailsService" />
</bean>
</property>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://localhost:8090/cas" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
<!--认证类-->
<bean id="userDetailsService" class="com.pinyougou.seckill.service.UserDetailServiceImpl"/>
<!--认证过滤器结束-->
<!--4. 单点登出过滤器-->
<bean class="org.jasig.cas.client.session.SingleSignOutFilter" id="singleSignOutFilter"/>
<bean class="org.springframework.security.web.authentication.logout.LogoutFilter" id="logoutFilter">
<constructor-arg value="http://localhost:8090/cas/logout?service=http://localhost:8089"/>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout/cas" />
</bean>
</beans>
