一、环境设定:
相关jar:
acegi-security-1.0.5.jar - Main classes of the Acegi Security system
cglib-2.1.3.jar - Code-generation library used by Spring
commons-codec-1.3.jar - Encoders and decoders such as Base64, Hex, Phonetic, and URLs
commons-lang-2.1.jar - Helper utilities for java.lang APIs
ehcache-1.2.3.jar - Used for basic caching purposes
freemarker-2.3.8.jar - Used by the Struts implementation
jstl.jar, standard.jar - JavaServer Pages Standard Tag Library (JSTL) tag library
log4j-1.2.13.jar - For logging
ognl-2.6.11.jar - OGNL library used by the Struts implementation
sitemesh-2.3.jar - SiteMesh JAR
spring.jar - Spring Framework JAR
struts2-core-2.0.8.jar - Struts 2 core JAR
xwork-2.0.3.jar - Used by Struts
修改web.xml:
作用是利用spring AOP将filter Proxy到web.xml里去,并拦截相关的request
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>AcegiTraining</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
...
...
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_security_check</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_logout</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
...
</web-app>
二、身份验证
WEB-INF下增加applicationContext-acegi-security.xml文件,并增加验证服务所需要的filter:
web.xml中的FilterToBeanProxy将拦截的内容:
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter
/**/*=httpSessionContextIntegrationFilter,logoutFilter,
authenticationProcessingFilter,securityContextHolderAwareRequestFilter,
anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
如果未经过允许的请求,将会由exceptionTranslationFilter处理,将页面转到注册页面处去处理,authenticationProcessingFilterEntryPoint,是身份验证的入口:
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
...
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</bean>
authenticationProcessingFilter就是进行身份验证所用到的的filter,其主要是依靠authenticationManager来进行数据库或文本文件上存放的注册信息来进行核对:
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/login.jsp?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<ref local="anonymousAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"/><ref local="userDetailsService"/></property>
<property name="userCache">
...
</property>
</bean>
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location"
value="/WEB-INF/users.properties" />
</bean>
</property>
</bean>
users.properties:
james=tom@1231,ROLE_TECHNICIAN
krishna=krish2341,ROLE_TECHNICIAN
smith=pravah@001,ROLE_ADMIN
三、权限验证
在身份验证后,通过权限验证来决定哪些资源由拥有哪些权限的用户使用,httpRequestAccessDecisionManager控制投票方式,exceptionTranslationFilter增加了如果权限验证失败后所转到的处理页面,logoutFilter定义登出后转到首页:
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/index.jsp=ROLE_ADMIN,ROLE_TECHNICIAN
/order/createOrder.jsp=ROLE_TECHNICIAN
/order/authorizeOrder.jsp=ROLE_ADMIN
/login.jsp=ROLE_ANONYMOUS,ROLE_TECHNICIAN,ROLE_ADMIN
</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
<bean id="logoutFilter"
class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
至此,acegi配置部分完成,剩下相关页面设计部分。
分享到:
相关推荐
acegi,acegi,acegi
不错的ACEGI 教程
Acegi文档 spring acegi 详细文档
acegi 框架 介绍 spring 安全
Acegi能做什么 Acegi的体系结构 Acegi核心组件 典型的web认证过程 Acegi的登陆认证 Acegi对安全对象的访问控制 Filter 组件 Acegi的不足之处
acegi,spring的安全验证框架
关于Acegi的安全框架,里面有Acegi的实例,讲述得挺清楚的,
acegi-security 1.0.2.jar
ACEGI数据库保存 ACEGI数据库保存 ACEGI数据库保存
1、一个Acegi的例子,可以运行 2、一个很好的学Acegi的网址,0基础学习Acegi,强烈推荐 3、有什么问题可以发邮件heroshen@126.com讨论
包含acegi-security-1.0.7.jar,acegi-security-1.0.7-sources.jar,acegi-security-cas-1.0.7.jar,acegi-security-cas-1.0.7-sources.jar,acegi-security-catalina-1.0.7.jar,acegi-security-catalina-1.0.7-...
Acegi安全系统,是一个用于Spring Framework的安全框架,能够和目前流行的Web容器无缝集成。它使用了Spring的方式提供了安全和认证安全服务,包括使用Bean Context,拦截器和面向接口的编程方式。因此,Acegi安全...
Acegi使用.pdf
Acegi安全系统,是一个用于Spring Framework的安全框架,能够和目前流行的Web容器无缝集成。它使用了Spring的方式提供了安全和认证安全服务,包括使用Bean Context,拦截器和面向接口的编程方式。因此,Acegi安全...
spring acegi 使用工程demo
AcegiSecurity-1_0_6-Api 最新版本已经变更为Spring Security 2.0
将acegi和cas的war包修改并整合测试,里面包含所需依赖包。经过分卷压缩一共3个文件.
实战Acegi:使用Acegi作为基于Spring框架的WEB应