一般情况下,在ACEGI中队filterChainProxy如下配置
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,captchaValidationProcessingFilter,
authenticationProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,
logoutFilter,channelProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,
exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
当系统中受保护的Resource过多时,会出现这样的一个问题,页面加载速度明显变慢了,特别是在用户登录系统后。为什么这么说呢,我们先分析下filterInvocationInterceptor(即org.acegisecurity.intercept.web.FilterSecurityInterceptor)的工作原理便可知道一二。
在FilterSecurityInterceptor的父类AbstractSecurityInterceptor中使用beforeInvocation方法对用户访问的资源进行抉择,判断用户是否有访问权限,这里主要是对URL进行判断,在URL转发之前判断该用户是否有访问该URL的权限。这样一来因为filterInvocationInterceptor对所有路径进行过滤上面的(/**)设置,包括静态图片文件,css文件,flash文件等,这些url都要经过FilterSecurityInterceptor的判断,这样势必影响页面加载速度。那为什么登陆后系统会明显变慢了,因为匿名用户时,ACEGI读取的匿名用户的Resource列表为空,虽然也对所有的URL进行了权限判断,但页面加载并不显得慢。经过上面的分析,尝试了作了下面的修改,把每个Filter需要过滤的URL单独写,有公用的写成一行,示例如下。作了这样的优化,页面加载的速度有了明显的提升。
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_security_check=httpSessionContextIntegrationFilter,captchaValidationProcessingFilter,
authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
/j_acegi_logout=httpSessionContextIntegrationFilter,rememberMeProcessingFilter,
anonymousProcessingFilter,logoutFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,
exceptionTranslationFilter,filterInvocationInterceptor
/**/*.html=httpSessionContextIntegrationFilter,rememberMeProcessingFilter,anonymousProcessingFilter,
basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
/**/*.htm=httpSessionContextIntegrationFilter,rememberMeProcessingFilter,anonymousProcessingFilter,
basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
/**/*.jsp=httpSessionContextIntegrationFilter,rememberMeProcessingFilter,anonymousProcessingFilter,
basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
/**/*.do=httpSessionContextIntegrationFilter,rememberMeProcessingFilter,anonymousProcessingFilter,
basicProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
/**/*.ajax=httpSessionContextIntegrationFilter,rememberMeProcessingFilter,anonymousProcessingFilter,
basicProcessingFilter,securityContextHolderAwareRequestFilter,ajaxExceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
value部分一行显示不下,我手动折行了