<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:security="http://www.springframework.org/schema/security"

       xsi:schemaLocation="http://www.springframework.org/schema/beans

       http://www.springframework.org/schema/beans/spring-beans.xsd

       http://www.springframework.org/schema/security

       http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- entry-point-ref指定登录入口 -->

    <security:http entry-point-ref="authEntryPoint">

        <security:logout delete-cookies="JSESSIONID" />

        <security:intercept-url pattern="/login*.jsp*"

                                access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <security:intercept-url pattern="/**" access="ROLE_USER" />

        <!-- 添加自己定义的AuthenticationFilter到FilterChain的FORM_LOGIN_FILTER位置 -->

        <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>

    </security:http>

    <!-- AuthenticationEntryPoint，引导用户进行登录 -->

    <bean id="authEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">

        <property name="loginFormUrl" value="/login.jsp">

        </property>

    </bean>

    <!-- 认证过滤器 -->

    <bean id="authenticationFilter"

          class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">

        <property name="authenticationManager" ref="authenticationManager" />

        <property name="usernameParameter" value="username"/>

        <property name="passwordParameter" value="password"/>

        <property name="filterProcessesUrl" value="/login.do" />

    </bean>

    <security:authentication-manager alias="authenticationManager">

        <security:authentication-provider user-service-ref="userDetailsService">

            <security:password-encoder hash="md5"></security:password-encoder>

        </security:authentication-provider>

    </security:authentication-manager>

    <bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">

        <property name="dataSource" ref="dataSource"></property>

    </bean>

    <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">

        <property name="driverClass" value="com.mysql.jdbc.Driver"></property>

        <property name="jdbcUrl" value="jdbc:mysql://localhost:3306/security"></property>

        <property name="user" value="root"></property>

        <property name="password" value="root"></property>

        <property name="acquireIncrement" value="5"></property>  <!-- 当连接池中的连接用完时，C3P0一次性创建新连接的数目2 -->

        <property name="initialPoolSize" value="10"></property>  <!-- 初始化时创建的连接数，必须在minPoolSize和maxPoolSize之间 -->

        <property name="minPoolSize" value="5"></property>

        <property name="maxPoolSize" value="20"></property>

        <!-- 最大空闲时间，超过空闲时间的连接将被丢弃

        [需要注意：mysql默认的连接时长为8小时(28800）【可在my.ini中添加 wait_timeout=30(单位秒)设置连接超时】,这里设置c3p0的超时必须<28800]

        -->

        <property name="maxIdleTime" value="300"></property>

        <property name="idleConnectionTestPeriod" value="60"></property> <!-- 每60秒检查连接池中的空闲连接 -->

        <property name="maxStatements" value="20"></property>  <!-- jdbc的标准参数  用以控制数据源内加载的PreparedStatement数量，但由于预缓存的Statement属 于单个Connection而不是整个连接 -->

    </bean>

</beans>