好长时间没有写文章了,因为最近用到Acegi做安全认证,就把以前写的一个文章,翻出来晒晒,呵呵
1、建立两个表
CREATE
TABLE
users (
username VARCHAR ( 50 ) NOT NULL PRIMARY KEY ,
password VARCHAR ( 50 ) NOT NULL ,
enabled BIT NOT NULL
);
CREATE TABLE authorities (
username VARCHAR ( 50 ) NOT NULL ,
authority VARCHAR ( 50 ) NOT NULL
);
CREATE UNIQUE INDEX ix_auth_username ON authorities ( username, authority );
ALTER TABLE authorities ADD CONSTRAINT fk_authorities_users foreign key (username) REFERENCES users(username);
INSERT INTO users VALUES ( ' marissa ' , ' koala ' , true);
INSERT INTO users VALUES ( ' dianne ' , ' emu ' , true);
INSERT INTO users VALUES ( ' scott ' , ' wombat ' , true);
INSERT INTO users VALUES ( ' peter ' , ' opal ' , false);
INSERT INTO authorities VALUES ( ' marissa ' , ' ROLE_TELLER ' );
INSERT INTO authorities VALUES ( ' marissa ' , ' ROLE_SUPERVISOR ' );
INSERT INTO authorities VALUES ( ' dianne ' , ' ROLE_TELLER ' );
INSERT INTO authorities VALUES ( ' scott ' , ' ROLE_TELLER ' );
INSERT INTO authorities VALUES ( ' peter ' , ' ROLE_TELLER ' );
username VARCHAR ( 50 ) NOT NULL PRIMARY KEY ,
password VARCHAR ( 50 ) NOT NULL ,
enabled BIT NOT NULL
);
CREATE TABLE authorities (
username VARCHAR ( 50 ) NOT NULL ,
authority VARCHAR ( 50 ) NOT NULL
);
CREATE UNIQUE INDEX ix_auth_username ON authorities ( username, authority );
ALTER TABLE authorities ADD CONSTRAINT fk_authorities_users foreign key (username) REFERENCES users(username);
INSERT INTO users VALUES ( ' marissa ' , ' koala ' , true);
INSERT INTO users VALUES ( ' dianne ' , ' emu ' , true);
INSERT INTO users VALUES ( ' scott ' , ' wombat ' , true);
INSERT INTO users VALUES ( ' peter ' , ' opal ' , false);
INSERT INTO authorities VALUES ( ' marissa ' , ' ROLE_TELLER ' );
INSERT INTO authorities VALUES ( ' marissa ' , ' ROLE_SUPERVISOR ' );
INSERT INTO authorities VALUES ( ' dianne ' , ' ROLE_TELLER ' );
INSERT INTO authorities VALUES ( ' scott ' , ' ROLE_TELLER ' );
INSERT INTO authorities VALUES ( ' peter ' , ' ROLE_TELLER ' );
2、Spring 中建一个DataSource Bean
<
bean
id
="dataSource"
class
="org.springframework.jdbc.datasource.DriverManagerDataSource"
>
< property name ="driverClassName" >
< value > com.mysql.jdbc.Driver </ value >
</ property >
< property name ="url" >
< value > jdbc:mysql://localhost:3306/eReview?autoReconnect=true & amp;useUnicode=true & amp;characterEncoding=utf-8 & amp;mysqlEncoding=utf8 </ value >
</ property >
< property name ="username" >
< value > leo </ value >
</ property >
< property name ="password" >
< value > 111111 </ value >
</ property >
</ bean >
< property name ="driverClassName" >
< value > com.mysql.jdbc.Driver </ value >
</ property >
< property name ="url" >
< value > jdbc:mysql://localhost:3306/eReview?autoReconnect=true & amp;useUnicode=true & amp;characterEncoding=utf-8 & amp;mysqlEncoding=utf8 </ value >
</ property >
< property name ="username" >
< value > leo </ value >
</ property >
< property name ="password" >
< value > 111111 </ value >
</ property >
</ bean >
注意:原来用dbcp的一个dataSource Class配置数据源,不成功,改为Spring2.0自带的驱动类后成功;
3、配置Spring的acegi配置文件
<
bean
id
="daoAuthenticationProvider"
class
="org.acegisecurity.providers.dao.DaoAuthenticationProvider"
>
< property name ="userDetailsService" ref ="userDetailsService" />
< property name ="userCache" >
< bean class ="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache" >
< property name ="cache" >
< bean class ="org.springframework.cache.ehcache.EhCacheFactoryBean" >
< property name ="cacheManager" >
< bean class ="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</ property >
< property name ="cacheName" value ="userCache" />
</ bean >
</ property >
</ bean >
</ property >
</ bean >
< bean id ="userDetailsService" class ="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl" >
< property name ="dataSource" >< ref bean ="dataSource" /></ property >
< property name ="usersByUsernameQuery" >
< value > SELECT USERNAME, PASSWORD,ENABLED FROM USERS WHERE USERNAME=? </ value >
</ property >
< property name ="authoritiesByUsernameQuery" >
< value >
SELECT username,authority FROM authorities WHERE username = ?
</ value >
</ property >
</ bean >
< property name ="userDetailsService" ref ="userDetailsService" />
< property name ="userCache" >
< bean class ="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache" >
< property name ="cache" >
< bean class ="org.springframework.cache.ehcache.EhCacheFactoryBean" >
< property name ="cacheManager" >
< bean class ="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</ property >
< property name ="cacheName" value ="userCache" />
</ bean >
</ property >
</ bean >
</ property >
</ bean >
< bean id ="userDetailsService" class ="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl" >
< property name ="dataSource" >< ref bean ="dataSource" /></ property >
< property name ="usersByUsernameQuery" >
< value > SELECT USERNAME, PASSWORD,ENABLED FROM USERS WHERE USERNAME=? </ value >
</ property >
< property name ="authoritiesByUsernameQuery" >
< value >
SELECT username,authority FROM authorities WHERE username = ?
</ value >
</ property >
</ bean >
另外,在定义“filterInvocationInterceptor”时,属性设置为:
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/*.action=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
</property>
4、其他部分可参见Acegi的范例;
总结:
本方法只是实现了简单的用户身份认证的功能,其权限设置也相对简单,只要是合法用户,就可以访问*.action, 如果需要复杂业务相关的权限认证,还需要查看Acegi的详细教程