qo?/strong>
Acegi Security 使用很多U过滤器Q过滤器的内容将会诏I本参考文档的剩余部分?/span>你可以选择怎么样在你的web应用E序中用这些过滤器Q你可以使用FilterToBeanProxy或?/span>FilterChainProxy。下面我们就会讨两个qo器?/span>
大多数过滤器都是使用FilterToBeanProxy配置Q下面是一?/span>web.xml中配|的例子Q?/span>
<filter>
<filter-name>Acegi HTTP Request Security Filter</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.ClassThatImplementsFilter</param-value>
</init-param>
</filter>
h意,?/span>web.xml中配|的qo器实际上是FilterToBeanProxyQ而不是真正实现该qo器逻辑的?/span>FilterToBeanProxy的工作就是将qo器的Ҏ代理l一?/span>beanQ而这?/span>bean能够?/span>Spring应用的上下文中取到。这个将能够?/span>bean享受?/span>Spring应用E序上下文的生命周期的支持和配置的灵zL。当然该bean是必要要实?/span>javax.servlet.Filter的?/span>FilterToBeanProxy仅仅需要一个简单的初始化参敎ͼtargetClass或?/span>targetBean?/span>targetClass是用来定位在应用E序上下文中W一个对象的指定c,?/span>targetBean则是通过bean name来定位对象的。就好像标准?/span>Spring web应用E序FilterToBeanProxy能够通过WebApplicationContextUtils.getWebApplicationContext(ServletContext)讉K应用E序上下文,所以你该在web.xml中定义一?/span>ContextLoaderListener?/span>]]>
]]>
]]>
q次译是因为我在学习这个,随手翻译记录下来了Q看到哪d哪了。多有些地Ҏ握不好语义,而且0.1版本肯定q没有校验的Q经不v考验的?br />
在翻译过E中遇到颇多的术语,鉴于本h知识面比较狭H,语文表达能力比较薄弱。有些地方就译了,多数地方q是用的原文?br />
我希望我能够译一大安能理解,q且没有歧义的东西出来。能够不出现偏差的结果就是我的梦想了。所以就会出C些英文,那些是我一时还没有扑ֈ合适的语言来表辄。还有一些可能是一时犯懒就没翻译的Q?br />
犯懒部分的内容一般会是很Ҏ理解的;q有一U情况可能没有翻译的是英文表达的太完美了,我不忍心破坏。我会在以后的日子里慢慢的完善Acegi Security 参考文档的译。诚然也会写我工作中的用,l对入门。因为我现在q是freshman?br />
一些术语:
AuthenticationQ?w䆾验证Q确认用P有时候也能表辄陆,Zw䆾的验证,证明pȝ存在q个principal
AuthorizationQ?nbsp; 授权验证Q?font style="background-color: #d4d0c8">认已经登陆用户的权?/font>认已经登陆用户的权限,证明是否有够的权限
Application Context 应用E序上下文,ApplicationContext可以讉K
术语部分会逐步d?br /> 所有原文请参考:http://www.acegisecurity.org/guide/springsecurity.html
]]>
在底层,你需要处理诸如transport security 和系ln份验?system identification)Q这栯够减?mitigate)man-in-the-middle attacks(怀疑就是减应用程序受到攻?.下一步,一般来说你需要一个防火墙Q也许是用VPNs或者IP安全措施来保证只有通过授权的系l能够连接。在公司的环境下Q你也许需要布|一个DMZ把公共服务期和后台数据库、应用服务器隔离。你的操作体l同h一个非帔R要的部分
addressing issues such as running processes as
non-privileged users and maximising file system security. An operating system will usually also be
configured with its own firewall. Hopefully somewhere along the way you'll be trying to prevent
denial of service and brute force attacks against the system. An intrusion detection system will also be
especially useful for monitoring and responding to attacks, with such systems able to take protective
action such as blocking offending TCP/IP addresses in real-time. Moving to the higher layers, your
Java Virtual Machine will hopefully be configured to minimize the permissions granted to different
Java types, and then your application will add its own problem domain-specific security configuration.
Acegi Security makes this latter area - application security - much easier.
Of course, you will need to properly address all security layers mentioned above, together with
managerial factors that encompass every layer. A non-exhaustive list of such managerial factors
would include security bulletin monitoring, patching, personnel vetting, audits, change control,
engineering management systems, data backup, disaster recovery, performance benchmarking, load
monitoring, centralised logging, incident response procedures etc.
With Acegi Security being focused on helping you with the enterprise application security layer, you
will find that there are as many different requirements as there are business problem domains. A
banking application has different needs from an ecommerce application. An ecommerce application
has different needs from a corporate sales force automation tool. These custom requirements make
application security interesting, challenging and rewarding.
该参考文档已lؓAcegi Security1.0.0版本重新设计改写。请阅读W一部分Q全面的设计架构Q其他部分就是按照传l的参考文档写的,有需要的时候可以参考?br /> 我们希望你能从参考文档中得到帮助Q同h们也Ƣ迎你的和意见?br /> E后Q欢q来到Acegi Security C?br />
]]>