一、環(huán)境設(shè)定:
相關(guān)jar:
acegi-security-1.0.5.jar - Main classes of the Acegi Security system
cglib-2.1.3.jar - Code-generation library used by Spring
commons-codec-1.3.jar - Encoders and decoders such as Base64, Hex, Phonetic, and URLs
commons-lang-2.1.jar - Helper utilities for java.lang APIs
ehcache-1.2.3.jar - Used for basic caching purposes
freemarker-2.3.8.jar - Used by the Struts implementation
jstl.jar, standard.jar - JavaServer Pages Standard Tag Library (JSTL) tag library
log4j-1.2.13.jar - For logging
ognl-2.6.11.jar - OGNL library used by the Struts implementation
sitemesh-2.3.jar - SiteMesh JAR
spring.jar - Spring Framework JAR
struts2-core-2.0.8.jar - Struts 2 core JAR
xwork-2.0.3.jar - Used by Struts
修改web.xml:
作用是利用spring AOP將filter Proxy到web.xml里去,并攔截相關(guān)的request
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>AcegiTraining</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
...
...
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_security_check</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_logout</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
...
</web-app>
二、身份驗(yàn)證
WEB-INF下增加applicationContext-acegi-security.xml文件,并增加驗(yàn)證服務(wù)所需要的filter:
web.xml中的FilterToBeanProxy將攔截的內(nèi)容:
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter
/**/*=httpSessionContextIntegrationFilter,logoutFilter,
authenticationProcessingFilter,securityContextHolderAwareRequestFilter,
anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
如果未經(jīng)過允許的請求,將會(huì)由exceptionTranslationFilter處理,將頁面轉(zhuǎn)到注冊頁面處去處理,authenticationProcessingFilterEntryPoint,是身份驗(yàn)證的入口:
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
...
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</bean>
authenticationProcessingFilter就是進(jìn)行身份驗(yàn)證所用到的的filter,其主要是依靠authenticationManager來進(jìn)行數(shù)據(jù)庫或文本文件上存放的注冊信息來進(jìn)行核對(duì):
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/login.jsp?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<ref local="anonymousAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"/><ref local="userDetailsService"/></property>
<property name="userCache">
...
</property>
</bean>
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location"
value="/WEB-INF/users.properties" />
</bean>
</property>
</bean>
users.properties:
james=tom@1231,ROLE_TECHNICIAN
krishna=krish2341,ROLE_TECHNICIAN
smith=pravah@001,ROLE_ADMIN
三、權(quán)限驗(yàn)證
在身份驗(yàn)證后,通過權(quán)限驗(yàn)證來決定哪些資源由擁有哪些權(quán)限的用戶使用,httpRequestAccessDecisionManager控制投票方式,exceptionTranslationFilter增加了如果權(quán)限驗(yàn)證失敗后所轉(zhuǎn)到的處理頁面,logoutFilter定義登出后轉(zhuǎn)到首頁:
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/index.jsp=ROLE_ADMIN,ROLE_TECHNICIAN
/order/createOrder.jsp=ROLE_TECHNICIAN
/order/authorizeOrder.jsp=ROLE_ADMIN
/login.jsp=ROLE_ANONYMOUS,ROLE_TECHNICIAN,ROLE_ADMIN
</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
<bean id="logoutFilter"
class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
至此,acegi配置部分完成,剩下相關(guān)頁面設(shè)計(jì)部分。
posted on 2008-02-28 17:54
lzj520 閱讀(492)
評(píng)論(0) 編輯 收藏 所屬分類:
Spring 、
個(gè)人學(xué)習(xí)日記