在先前的設定中,inMemoryDaoImpl將使用者訊息設定在userMap之中:
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
caterpillar=123456,ROLE_SUPERVISOR
user1=user1pwd,ROLE_USER
user2=user2pwd,disabled,ROLE_USER
</value>
</property>
</bean>
您可以撰寫一個屬性檔案/WEB-INF/users.properties:
caterpillar=123456,ROLE_SUPERVISOR
user1=user1pwd,ROLE_USER
user2=user2pwd,disabled,ROLE_USER
然后改設定inMemoryDaoImpl的userProperties:
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="/WEB-INF/users.properties" />
</bean>
</property>
</bean>
如此在需要使用者訊息時,就可以從users.properties中提取。
如果想要將使用者的相關訊息儲存在資料庫中,例如使用以下的SQL在MySQL中建立使用者訊息:
CREATE DATABASE acegi;
USE acegi;
CREATE TABLE USERS(
USERNAME VARCHAR(50) NOT NULL PRIMARY KEY,
PASSWORD VARCHAR(50) NOT NULL,
ENABLED BIT NOT NULL
);
INSERT INTO USERS(username,password,enabled) values('caterpillar' ,'123456', 1);
INSERT INTO USERS(username,password,enabled) values('user1' ,'user1pwd', 1);
INSERT INTO USERS(username,password,enabled) values('user2' ,'user2pwd', 0);
CREATE TABLE AUTHORITIES(
USERNAME VARCHAR( 50 ) NOT NULL,
AUTHORITY VARCHAR( 50 ) NOT NULL,
CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME)
);
INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'caterpillar' , 'ROLE_SUPERVISOR');
INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user1', 'ROLE_USER');
INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user2', 'ROLE_USER');
您可以使用org.acegisecurity.userdetails.jdbc.JdbcDaoImpl作為userDetailsService,它需要一個DataSource,這可以使用Spring的DriverManagerDataSource,例如:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/acegi</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value>123456</value>
</property>
</bean>
<!-- 驗證處理,使用表單 -->
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<!-- 驗證管理員,處理驗證資訊提供者 -->
<property name="authenticationManager" ref="authenticationManager"/>
<!-- 驗證失敗URL -->
<property name="authenticationFailureUrl" value="/acegilogin.jsp"/>
<!-- 驗證成功預設URL -->
<property name="defaultTargetUrl" value="/protected/loginsuccess.jsp"/>
<!-- 驗證處理的提交位址 -->
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
</bean>
<!-- 驗證管理員,管理驗證資訊提供者 -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers"><!-- 可有多個提供者,其中一個驗證通過即可以了 -->
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- 驗證提供者,指定使用資料庫來源中的驗證資訊 -->
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcDaoImpl"/>
</bean>
<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="dataSource"/>
</bean>
<!-- 發生驗證錯誤或權限錯誤時的處理 -->
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>
<!-- FilterSecurityInterceptor 對 URI 進行保護 -->
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<!-- 驗證管理員 -->
<property name="authenticationManager" ref="authenticationManager" />
<!-- 授權管理員 -->
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/protected/**=ROLE_SUPERVISOR,ROLE_USER
</value>
</property>
</bean>
<!-- 授權管理員 -->
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<!-- 是否全部棄權時視為通過 -->
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
</list>
</property>
</bean>
<!-- 利用cookie自動登入 -->
<bean id="rememberMeProcessingFilter"
class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="rememberMeServices"
class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="jdbcDaoImpl"/>
<property name="key" value="javauser"/>
</bean>
<bean id="rememberMeAuthenticationProvider"
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="javauser"/>
</bean>
<!-- 登出處理 -->
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/acegilogin.jsp"/> <!-- 登出后的顯示頁面 -->
<constructor-arg>
<list>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
<!-- Filter Chain -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,
filterSecurityInterceptor,logoutFilter,rememberMeProcessingFilter
</value>
</property>
</bean>
</beans>
當然,別忘了在您的Web應用程式的lib中,加入JDBC驅動程式程式庫。