相关文章
http://www.iteye.com/article/17538
http://www.iteye.com/topic/18635
下面为org.acegisecurity.intercept.web。FilterSecurityInterceptor 的源码摘录
通常的配置为:
我们可以看出,其实我们只需要提供一个FilterInvocationDefinitionSource接口的实现,就可以完成从数据库读取资源配置的工作。
以下为我写的一个实现(参考了阿飞的书《敏捷Acegi,Cas》),没有使用缓存,实际的环境中应该缓存数据,避免每次查询数据库。
数据库关系图:见附件
关键类
配置如下:
由于项目的工期很紧(国内好像没有那个项目工期不紧的),没有时间将我的思路组织成文章,详细的见附件,不难理解。
注:示例需要jdk1.6,可以自己稍稍改一下就应该可以在jdk1.5下运行。 :wink:
http://www.iteye.com/article/17538
http://www.iteye.com/topic/18635
下面为org.acegisecurity.intercept.web。FilterSecurityInterceptor 的源码摘录
/**
* Performs security handling of HTTP resources via a filter implementation.<p>The
* <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
* FilterInvocationDefinitionSource}.</p>
* <P>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
*
* @author Ben Alex
* @version $Id: FilterSecurityInterceptor.java 1496 2006-05-23 13:38:33Z benalex $
*/
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
//~ Static fields/initializers =====================================================================================
private static final String FILTER_APPLIED = "__acegi_filterSecurityInterceptor_filterApplied";
//~ Instance fields ================================================================================================
private FilterInvocationDefinitionSource objectDefinitionSource;
。。。省略部分内容
public void setObjectDefinitionSource(FilterInvocationDefinitionSource newSource) {
this.objectDefinitionSource = newSource;
}
public void setObserveOncePerRequest(boolean observeOncePerRequest) {
this.observeOncePerRequest = observeOncePerRequest;
}
}
通常的配置为:
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager">
</property>
<property name="accessDecisionManager"
ref="httpRequestAccesssDecisionManager">
</property>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/admin/securedpage.jsp=ROLE_ADMIN
/admin/securedpage.jsp=ROLE_UNIT
</value>
</property>
</bean>
我们可以看出,其实我们只需要提供一个FilterInvocationDefinitionSource接口的实现,就可以完成从数据库读取资源配置的工作。
以下为我写的一个实现(参考了阿飞的书《敏捷Acegi,Cas》),没有使用缓存,实际的环境中应该缓存数据,避免每次查询数据库。
数据库关系图:见附件
关键类
package net.imzw.acegi;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.intercept.web.FilterInvocation;
import org.acegisecurity.intercept.web.FilterInvocationDefinitionSource;
import org.springframework.jdbc.core.support.JdbcDaoSupport;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
public class RdbmsFilterInvocationDefinitionSource extends JdbcDaoSupport
implements FilterInvocationDefinitionSource {
private RdbmsFilterInvocationDefinition rdbmsFilterInvocationDefinition;
private PathMatcher pathMatcher = new AntPathMatcher();
public ConfigAttributeDefinition getAttributes(Object object)
throws IllegalArgumentException {
if ((object == null) || !this.supports(object.getClass())) {
throw new IllegalArgumentException(
"Object must be a FilterInvocation");
}
String url = ((FilterInvocation) object).getRequestUrl();
return this.lookupAttributes(url);
}
@Override
protected void initDao() throws Exception {
this.rdbmsFilterInvocationDefinition = new RdbmsFilterInvocationDefinition(
this.getDataSource());
}
public ConfigAttributeDefinition lookupAttributes(String url) {
if(logger.isDebugEnabled()){
logger.debug("lookup Attributes for "+url);
}
List<RdbmsEntryHolder> hodlers = getRdbmsEntryHolderList();
if (hodlers == null || hodlers.size() == 0) {
return null;
}
int firstQuestionMarkIndex = url.indexOf("?");
if (firstQuestionMarkIndex != -1) {
url = url.substring(0, firstQuestionMarkIndex);
}
Iterator<RdbmsEntryHolder> ite = hodlers.iterator();
while (ite.hasNext()) {
RdbmsEntryHolder holder = ite.next();
boolean matched = pathMatcher.match(holder.getUrl(), url);
if (matched) {
return holder.getConfigAttributeDefinition();
}
}
return null;
}
public boolean supports(Class clazz) {
return FilterInvocation.class.isAssignableFrom(clazz);
}
public Iterator getConfigAttributeDefinitions() {
Set<ConfigAttributeDefinition> cads=new HashSet<ConfigAttributeDefinition>();
List<RdbmsEntryHolder> hodlers = getRdbmsEntryHolderList();
Iterator<RdbmsEntryHolder> ite = hodlers.iterator();
while (ite.hasNext()) {
cads.add(ite.next().getConfigAttributeDefinition());
}
return cads.iterator();
}
public RdbmsFilterInvocationDefinition getRdbmsFilterInvocationDefinition() {
return rdbmsFilterInvocationDefinition;
}
public void setRdbmsFilterInvocationDefinition(
RdbmsFilterInvocationDefinition rdbmsFilterInvocationDefinition) {
this.rdbmsFilterInvocationDefinition = rdbmsFilterInvocationDefinition;
}
private List<RdbmsEntryHolder> getRdbmsEntryHolderList() {
List<RdbmsEntryHolder> list = getRdbmsFilterInvocationDefinition()
.execute();
if(logger.isDebugEnabled()){
for(RdbmsEntryHolder h:list){
logger.debug(h);
}
}
return list;
}
}
配置如下:
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager">
</property>
<property name="accessDecisionManager"
ref="httpRequestAccesssDecisionManager">
</property>
<property name="objectDefinitionSource">
<ref local="rdbmsFilterInvocationDefinitionSource" />
</property>
</bean>
<bean id="rdbmsFilterInvocationDefinitionSource"
class="net.imzw.acegi.RdbmsFilterInvocationDefinitionSource">
<property name="dataSource">
<ref local="dataSource" />
</property>
</bean>
由于项目的工期很紧(国内好像没有那个项目工期不紧的),没有时间将我的思路组织成文章,详细的见附件,不难理解。
注:示例需要jdk1.6,可以自己稍稍改一下就应该可以在jdk1.5下运行。 :wink: