??xml version="1.0" encoding="utf-8" standalone="yes"?>国产日本在线观看,国产亚洲欧美色,久久精品女人http://www.aygfsteel.com/liuzheng/category/34854.htmlzh-cnFri, 26 Sep 2008 10:35:56 GMTFri, 26 Sep 2008 10:35:56 GMT60Acegi验证授权的数据库设计http://www.aygfsteel.com/liuzheng/articles/231338.html刘铮 刘铮 Fri, 26 Sep 2008 09:24:00 GMThttp://www.aygfsteel.com/liuzheng/articles/231338.htmlhttp://www.aygfsteel.com/liuzheng/comments/231338.htmlhttp://www.aygfsteel.com/liuzheng/articles/231338.html#Feedback0http://www.aygfsteel.com/liuzheng/comments/commentRss/231338.htmlhttp://www.aygfsteel.com/liuzheng/services/trackbacks/231338.htmlCREATE DATABASE acegi;

USE acegi;



CREATE TABLE USERS(

USERNAME VARCHAR(50) NOT NULL PRIMARY KEY,

PASSWORD VARCHAR(50) NOT NULL,

ENABLED BIT NOT NULL

);



INSERT INTO USERS(username,password,enabled) values('caterpillar' ,'123456', 1);

INSERT INTO USERS(username,password,enabled) values('user1' ,'user1pwd', 1);

INSERT INTO USERS(username,password,enabled) values('user2' ,'user2pwd', 0);



CREATE TABLE AUTHORITIES(

USERNAME VARCHAR( 50 ) NOT NULL,

AUTHORITY VARCHAR( 50 ) NOT NULL,

CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME)

);



INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'caterpillar' , 'ROLE_SUPERVISOR');

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user1', 'ROLE_USER');

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user2', 'ROLE_USER');

刘铮 2008-09-26 17:24 发表评论
]]>从业务流E中取出Acegi的SecurityContexthttp://www.aygfsteel.com/liuzheng/articles/231333.html刘铮 刘铮 Fri, 26 Sep 2008 09:06:00 GMThttp://www.aygfsteel.com/liuzheng/articles/231333.htmlhttp://www.aygfsteel.com/liuzheng/comments/231333.htmlhttp://www.aygfsteel.com/liuzheng/articles/231333.html#Feedback0http://www.aygfsteel.com/liuzheng/comments/commentRss/231333.htmlhttp://www.aygfsteel.com/liuzheng/services/trackbacks/231333.html SecurityContext context = SecurityContextHolder.getContext();
可以得C(jin)context


刘铮 2008-09-26 17:06 发表评论
]]>Acegipȝ元ghttp://www.aygfsteel.com/liuzheng/articles/231330.html刘铮 刘铮 Fri, 26 Sep 2008 09:01:00 GMThttp://www.aygfsteel.com/liuzheng/articles/231330.htmlhttp://www.aygfsteel.com/liuzheng/comments/231330.htmlhttp://www.aygfsteel.com/liuzheng/articles/231330.html#Feedback0http://www.aygfsteel.com/liuzheng/comments/commentRss/231330.htmlhttp://www.aygfsteel.com/liuzheng/services/trackbacks/231330.html
  • Filter
当一个请求到来时Q在安全处理上最高层的元Ӟ像是?x)话处理、验证、登出等Qƈ呼叫对应的物件进行处理?/div>
  • Manager
真正处理验证、登出等安全服务之元ӞManager理Provider所提供的安全相兌讯?/div>
  • Provider
提供安全相关资讯lManagerQ安全资讯来源可能是记忆体中的物件、档案、资料库{储存媒介,安全资讯包括?jin)用者名U、密码、角色等讯息?/div>
  • Handler
有时?x)将一个安全服务分作数个小d来进行,每个Q务由一个Handler来进行处理,如此在处理安全服务或讑֮Acegi时可以更有弹性,例如依需求处理登出时Session的失效与Cookie的失效?/div>
Acegi使用Filter来对hq行验证与授权等安全服务Q?br />     <!-- Filter Chain -->
     <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">  
       <property name="filterInvocationDefinitionSource">  
          <value>  
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 
            PATTERN_TYPE_APACHE_ANT 
            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,
                 exceptionTranslationFilter,filterSecurityInterceptor
         </value> 
      </property> 
    </bean>

以下介绍主要的几个FilterQ?br />
  • Session Integration Filter
通常是Filter Chain中第一个FilterQ会(x)建立Security Context 物g用以储存安全相关资讯Q后l的Filter若有需要储存或取得安全相关资讯Q即可利用Security Context 物gQ如果Security Context物g中的资讯有所变动QSession Integration Filter?x)将变动储存至Session物g之中Q否则将Security Context物g弃置Q例?#8220;W一个AcegiE式”中所使用的Authentication Processing FilterQ即利用Security Context物g来储存用者名U、密码等使用者资讯?/div>
  • Authentication Processing Filter
当用者存取受保护资源而需要登入时QAuthentication Processing Filter可提供表单来源给使用者,之后从用者的hQ物Ӟ(j)中取得名U、密码ƈ建立authentication token以储存资讯,接着之交给验证理员(authentication managerQ进行以q行使用者的比对Q所以基本上QAuthentication Processing Filter需要设定以下的资讯Q?/div>
<!-- 验证处理Q用表?-->
    <bean id="authenticationProcessingFilter"
          class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> 
        <!-- 验证理员,处理验证资讯提供?nbsp; -->
        <property name="authenticationManager" ref="authenticationManager"/> 
        <!-- 验证p|URL -->
        <property name="authenticationFailureUrl" value="/acegilogin.jsp"/> 
        <!-- 验证成功预设URL -->
        <property name="defaultTargetUrl" value="/protected/userinfo.jsp"/> 
        <!-- 验证处理的提交位址 -->
        <property name="filterProcessesUrl" value="/j_acegi_security_check"/> 
    </bean>

当验证管理员q行使用者的比对、取得细节资讯ƈq回Authentication Processing Filter后,Authentication Processing Filter?x)徏立Authenticationq将取得的用者资讯储存在Security Context物g中,然后交给下一个Filterl箋q行处理?/div>
  • Exception Translation Filter
当验证或授权q程中发生例外时QException Translation Filter处理例外?br />     <!-- 发生验证错误或权限错误时的处?-->
    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> 
        <property name="authenticationEntryPoint"> 
            <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> 
                <property name="loginFormUrl" value="/acegilogin.jsp"/> 
                <property name="forceHttps" value="false"/> 
            </bean> 
        </property> 
        <property name="accessDeniedHandler"> 
            <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> 
                <property name="errorPage" value="/accessDenied.jsp"/> 
            </bean> 
        </property> 
    </bean>      

  • Logout Processing Filter
理d的处理,实际的登出处理会(x)交给HandlerQ?zhn)可以讄d后的昄面来源Q在 W一个Acegi E式 - d、自动Cookiesd 中,使用?jin)SecurityContextLogoutHandler来让Session交效?/div>      <!-- d处理 --> 
    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> 
        <constructor-arg value="/acegilogin.jsp"/> <!-- d后的昄面 --> 
            <constructor-arg> 
               <list> 
                   <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> 
               </list> 
        </constructor-arg> 
    </bean>

  • Interceptor filters
用来军_是否授权Q验证与授权是一体的Q所以在Authentication Processing Filter之后必须讑֮Interceptor filtersQInterceptor filters使用(zhn)所讑֮的存取控制策略(access control policyQ来军_是否授权Q一个用者的存取控制{略定义?jin)用者、密码、角色等资讯Q?br /> caterpillar=123456,ROLE_SUPERVISOR

(zhn)用Interceptor filters来进行存取控制策略的讑֮Q设定验证管理者与存取决策理员QAccess Decision ManagerQ,受保护的资源可存取之角色Q存取决{管理员?x)以投票方式军_资源是否授权Q例如:(x)
    <!-- FilterSecurityInterceptor ?URI q行保护 -->
    <bean id="filterSecurityInterceptor"
          class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <!-- 验证理?-->
        <property name="authenticationManager" ref="authenticationManager" />
        <!-- 授权理?-->
        <property name="accessDecisionManager" ref="accessDecisionManager" />
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /protected/**=ROLE_SUPERVISOR,ROLE_USER
            </value>
        </property>
    </bean>

刘铮 2008-09-26 17:01 发表评论
]]>Acegi架构http://www.aygfsteel.com/liuzheng/articles/231331.html刘铮 刘铮 Fri, 26 Sep 2008 09:01:00 GMThttp://www.aygfsteel.com/liuzheng/articles/231331.htmlhttp://www.aygfsteel.com/liuzheng/comments/231331.htmlhttp://www.aygfsteel.com/liuzheng/articles/231331.html#Feedback0http://www.aygfsteel.com/liuzheng/comments/commentRss/231331.htmlhttp://www.aygfsteel.com/liuzheng/services/trackbacks/231331.html 下图为Acegi的架构流E简图:(x)



  1. 览器发?gu)求?/li>
  2. 容器请求包装ؓ(f)h物g与回应物Ӟ然后呼叫Acegi的Filter Chain ProxyQ将h物g与回应物件传递给它?/li>
  3. Filter Chain Proxy呼叫Filter Chain的第一个FilterQ通常是Session Integration FilterQ将h物g与回应物件传递给它?/li>
  4. Session Integration Filter(g)查Session物g是否存在Qƈ且包括Security Context物gQ如果否则徏立Security Context物gq将之放入security context holder之中Q一个存在于application scope的物件?/li>
  5. 每个Filter完成后会(x)呼叫下一个Filter?/li>
  6. ? 个Filter?x)读取或变更Security ContextQ每个Filter处理完成之后Q最后控制权再度回到Session Integration Filter后,Session Integration Filter(g)查Security Context是否有变_(d)如果有变_(d)使用Security Context中的资讯更新Session物g?/li>
  7. 完成Filter ChainQ控制权q入应用E式Q开始处理请求ƈ准备回应?/li>
  8. 结果回应传回至览器?/li>


刘铮 2008-09-26 17:01 发表评论
]]>Acegi基本配置 -信息攑֜数据库中http://www.aygfsteel.com/liuzheng/articles/231327.html刘铮 刘铮 Fri, 26 Sep 2008 09:00:00 GMThttp://www.aygfsteel.com/liuzheng/articles/231327.htmlhttp://www.aygfsteel.com/liuzheng/comments/231327.htmlhttp://www.aygfsteel.com/liuzheng/articles/231327.html#Feedback0http://www.aygfsteel.com/liuzheng/comments/commentRss/231327.htmlhttp://www.aygfsteel.com/liuzheng/services/trackbacks/231327.html
   <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userMap">   
            <value>   
                caterpillar=123456,ROLE_SUPERVISOR
                user1=user1pwd,ROLE_USER
                user2=user2pwd,disabled,ROLE_USER    
            </value>   
        </property>   
    </bean>

(zhn)可以撰写一个属性档?WEB-INF/users.propertiesQ?br />
  • users.properties
caterpillar=123456,ROLE_SUPERVISOR

user1=user1pwd,ROLE_USER

user2=user2pwd,disabled,ROLE_USER

然后改设定inMemoryDaoImpl的userPropertiesQ?br />
   <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
       <property name="userProperties">
           <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
               <property name="location" value="/WEB-INF/users.properties" />
           </bean>
       </property>
   </bean>

如此在需要用者讯息时Q就可以从users.properties中提取?br />
如果惌用者的相关讯息储存在资料库中,例如使用以下的SQL在MySQL中徏立用者讯息:(x)
  • users.sql
CREATE DATABASE acegi;

USE acegi;



CREATE TABLE USERS(  

USERNAME VARCHAR(50) NOT NULL PRIMARY KEY,  

PASSWORD VARCHAR(50) NOT NULL,  

ENABLED BIT NOT NULL

);



INSERT INTO USERS(username,password,enabled) values('caterpillar' ,'123456', 1);

INSERT INTO USERS(username,password,enabled) values('user1' ,'user1pwd', 1);

INSERT INTO USERS(username,password,enabled) values('user2' ,'user2pwd', 0);



CREATE TABLE AUTHORITIES(  

USERNAME VARCHAR( 50 ) NOT NULL,  

AUTHORITY VARCHAR( 50 ) NOT NULL,  

CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME)  

);  



INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'caterpillar' , 'ROLE_SUPERVISOR');

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user1', 'ROLE_USER');  

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user2', 'ROLE_USER');

(zhn)可以用org.acegisecurity.userdetails.jdbc.JdbcDaoImpl作ؓ(f)userDetailsServiceQ它需要一个DataSourceQ这可以使用Spring的DriverManagerDataSourceQ例如:(x)
  • acegi-config.xml
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">  

         <property name="driverClassName">  

             <value>com.mysql.jdbc.Driver</value>              

         </property>  

         <property name="url">  

             <value>jdbc:mysql://localhost:3306/acegi</value>  

         </property>  

         <property name="username">  

             <value>root</value>  

         </property>  

         <property name="password">  

             <value>123456</value>  

         </property>  

     </bean>  



<!-- 验证处理Q用表?-->

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">  

<!-- 验证理员,处理验证资讯提供? -->

<property name="authenticationManager" ref="authenticationManager"/>  

<!-- 验证p|URL -->

<property name="authenticationFailureUrl" value="/acegilogin.jsp"/>  

<!-- 验证成功预设URL -->

<property name="defaultTargetUrl" value="/protected/loginsuccess.jsp"/>  

<!-- 验证处理的提交位址 -->

<property name="filterProcessesUrl" value="/j_acegi_security_check"/>  

</bean>



<!-- 验证理员,理验证资讯提供?-->

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">  

<property name="providers"><!-- 可有多个提供?其中一个验证通过卛_以了(jin) -->  

<list>  

<ref local="daoAuthenticationProvider"/> 

<ref local="rememberMeAuthenticationProvider"/>

</list>  

</property>  

</bean>



<!-- 验证提供者,指定使用资料库来源中的验证资?-->

<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">  

<property name="userDetailsService" ref="jdbcDaoImpl"/>

</bean> 



   <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">  

       <property name="dataSource" ref="dataSource"/>

   </bean>  



<!-- 发生验证错误或权限错误时的处?-->

<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">  

<property name="authenticationEntryPoint">  

<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">  

<property name="loginFormUrl" value="/acegilogin.jsp"/>  

<property name="forceHttps" value="false"/>  

</bean>  

</property>  

<property name="accessDeniedHandler">  

<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">  

<property name="errorPage" value="/accessDenied.jsp"/>  

</bean>  

</property>  

</bean>    



<!-- FilterSecurityInterceptor ?URI q行保护 -->

<bean id="filterSecurityInterceptor"

class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">

<!-- 验证理?-->

<property name="authenticationManager" ref="authenticationManager" />

<!-- 授权理?-->

<property name="accessDecisionManager" ref="accessDecisionManager" />

<property name="objectDefinitionSource">

<value>

CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON

PATTERN_TYPE_APACHE_ANT

/protected/**=ROLE_SUPERVISOR,ROLE_USER

</value>

</property>

</bean>



<!-- 授权理?-->

<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">

<!-- 是否全部弃权时视为通过 -->

<property name="allowIfAllAbstainDecisions" value="false" />

<property name="decisionVoters">

<list>

<bean class="org.acegisecurity.vote.RoleVoter" />

</list>

</property>

</bean>        



<!-- 利用cookie自动d -->  

<bean id="rememberMeProcessingFilter"  

class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">  

<property name="authenticationManager"  ref="authenticationManager"/>  

<property name="rememberMeServices" ref="rememberMeServices"/>  

</bean>      

<bean id="rememberMeServices"  

class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">  

<property name="userDetailsService" ref="jdbcDaoImpl"/>  

<property name="key" value="javauser"/>  

</bean>

<bean id="rememberMeAuthenticationProvider"  

class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">  

<property name="key" value="javauser"/>  

</bean>   



<!-- d处理 -->  

<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">  

<constructor-arg value="/acegilogin.jsp"/> <!-- d后的昄面 -->  

<constructor-arg>  

<list>  

<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>  

</list>  

</constructor-arg>  

</bean> 



<bean id="httpSessionContextIntegrationFilter"

class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />



<!-- Filter Chain -->

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">  

<property name="filterInvocationDefinitionSource">  

<value>  

CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 

PATTERN_TYPE_APACHE_ANT 

/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,

filterSecurityInterceptor,logoutFilter,rememberMeProcessingFilter

</value> 

</property> 

</bean>    

</beans>

当然Q别忘了(jin)在?zhn)的Web应用E式的lib中,加入JDBC驱动E式E式库?

刘铮 2008-09-26 17:00 发表评论
]]>Acegi学习(fn)W记http://www.aygfsteel.com/liuzheng/articles/231325.html刘铮 刘铮 Fri, 26 Sep 2008 08:59:00 GMThttp://www.aygfsteel.com/liuzheng/articles/231325.htmlhttp://www.aygfsteel.com/liuzheng/comments/231325.htmlhttp://www.aygfsteel.com/liuzheng/articles/231325.html#Feedback0http://www.aygfsteel.com/liuzheng/comments/commentRss/231325.htmlhttp://www.aygfsteel.com/liuzheng/services/trackbacks/231325.html http://caterpillar.onlyfun.net/GossipCN/AcegiGossip/AcegiGossip.html


刘铮 2008-09-26 16:59 发表评论
]]> վ֩ģ壺 | | ɽ| ԭ| | | | е| | | | | ɽ| | Ϫ| | | | | | Ԫ| ų| | ɽ| ͨμ| ξ| ƺ| ³| ֬| | | Ǹ| ۷| | | | ˮ| Ϫ| | Ϫ| |