[size=18][color=red]2006-06-06[/color][/size]
acegi的MethodSecurityInterceptor实现
AfterInvocationProviderImp
ApplicationEventPublisherImp
BankManager
BankManagerImp
BankManagerImpTest
applicationContext.xml
users.properties
acegi的MethodSecurityInterceptor实现
AfterInvocationProviderImp
package com.bulain.test;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.Authentication;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.afterinvocation.AfterInvocationProvider;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.log4j.Logger;
public class AfterInvocationProviderImp implements AfterInvocationProvider {
private static Logger logger = Logger.getLogger(AfterInvocationProviderImp.class);
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
throws AccessDeniedException {
return returnedObject;
}
public boolean supports(ConfigAttribute attribute) {
logger.info("ConfigAttribute: " + attribute);
if (attribute.getAttribute().equals("BANKSECURITY_CUSTOMER")) {
return true;
}
return false;
}
public boolean supports(Class clazz) {
logger.info("Class: " + clazz);
if (clazz == MethodInvocation.class) {
return true;
}
return false;
}
}
ApplicationEventPublisherImp
package com.bulain.test;
import org.apache.log4j.Logger;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
public class ApplicationEventPublisherImp implements ApplicationEventPublisher {
private static Logger logger = Logger.getLogger(ApplicationEventPublisherImp.class);
public void publishEvent(ApplicationEvent event) {
logger.info("publishEvent: " + event);
}
}
BankManager
package com.bulain.test;
public interface BankManager {
/**
* Delete something
*/
public void deleteSomething(int id);
/**
* Delete another
*/
public void deleteAnother(int id);
/**
* Get balance
*/
public float getBalance(int id);
}
BankManagerImp
package com.bulain.test;
import org.apache.log4j.Logger;
public class BankManagerImp implements BankManager {
private static Logger logger = Logger.getLogger(BankManagerImp.class);
public void deleteSomething(int id) {
logger.info("deleteSomething()");
}
public void deleteAnother(int id) {
logger.info("deleteAnother()");
}
public float getBalance(int id) {
logger.info("getBalance()");
return 0;
}
}
BankManagerImpTest
package com.bulain.test;
import junit.framework.TestCase;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
public class BankManagerImpTest extends TestCase {
static Resource resource = new ClassPathResource("applicationContext.xml");
static BeanFactory factory = new XmlBeanFactory(resource);
private static void createSecureContext(final BeanFactory bf, final String username, final String password) {
AuthenticationProvider provider = (AuthenticationProvider) bf.getBean("daoAuthenticationProvider");
Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken(username, password));
SecurityContextHolder.getContext().setAuthentication(auth);
}
// Clear the security context after each test.
public void teardown() {
SecurityContextHolder.setContext(new SecurityContextImpl());
}
public static void main(String[] args) {
junit.textui.TestRunner.run(BankManagerImpTest.class);
}
/*
* Test method for 'com.bulain.test.BankManagerImp.deleteSomething(int)'
*/
public void testDeleteSomething() {
BankManager bankManager = (BankManager) factory.getBean("bankManager");
createSecureContext(factory, "marissa", "koala");
bankManager.deleteSomething(10);
}
/*
* Test method for 'com.bulain.test.BankManagerImp.deleteAnother(int)'
*/
public void testDeleteAnother() {
BankManager bankManager = (BankManager) factory.getBean("bankManager");
createSecureContext(factory, "marissa", "koala");
bankManager.deleteAnother(10);
}
/*
* Test method for 'com.bulain.test.BankManagerImp.getBalance(int)'
*/
public void testGetBalance() {
BankManager bankManager = (BankManager) factory.getBean("bankManager");
createSecureContext(factory, "manager", "manager");
bankManager.getBalance(10);
}
}
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="bankManagerSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="validateConfigAttributes">
<value>true</value>
</property>
<property name="applicationEventPublisher">
<bean class="com.bulain.test.ApplicationEventPublisherImp"/>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/>
</property>
<property name="runAsManager">
<ref bean="runAsManager"/>
</property>
<property name="afterInvocationManager">
<ref bean="afterInvocationManager"/>
</property>
<property name="objectDefinitionSource">
<value>com.bulain.test.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVER
com.bulain.test.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER</value>
</property>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter"/>
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<bean id="runAsManager" class="org.acegisecurity.runas.RunAsManagerImpl">
<property name="key" value="KEY"/>
</bean>
<bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager">
<property name="providers">
<list>
<bean class="com.bulain.test.AfterInvocationProviderImp"/>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="userCache">
<bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</property>
<property name="cacheName" value="userCache"/>
</bean>
</property>
</bean>
</property>
</bean>
<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="users.properties"/>
</bean>
</property>
</bean>
<bean id="bankManagerImp" class="com.bulain.test.BankManagerImp"/>
<bean id="bankManager" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="interceptorNames">
<list>
<value>bankManagerSecurity</value>
</list>
</property>
<property name="target"><ref local="bankManagerImp"/></property>
</bean>
</beans>
users.properties
marissa=koala,ROLE_SUPERVISOR
dianne=emu,ROLE_USER
scott=wombat,ROLE_USER
peter=opal,disabled,ROLE_USER