1。web.xml
acegi需要的配置代码:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-config/applicationContext.xml,
/WEB-INF/spring-config/applicationContext-acegi-security.xml(注:spring容器中acegi的配置文件)
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<context-param>
<param-name>log4jRefreshInterval</param-name>
<param-value>60000</param-value>
</context-param>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy(注:acegi1.0全权代理)
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.do</url-pattern>(注:只对*.do,*.jsp的url过滤)
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.util.Log4jConfigListener
</listener-class>
</listener>
<listener>
<listener-class>
org.acegisecurity.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>
2。applicationContext-acegi-security.xml
spring容器中acegi的配置代码,去掉了匿名,cookie验证,参考acegi1.0提供的例子来做的修改:
<beans>
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<!--通过代理分别执行Filter-->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!-- ======================== AUTHENTICATION ======================= -->
<!--验证管理器-->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
</list>
</property>
</bean>
<!--采用数据库验证-->
<bean id="jdbcDaoImpl"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="usersByUsernameQuery">
<value>
SELECT ACCOUNT,PASSWORD,1 FROM SYSTEM_USER WHERE ACCOUNT=?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
SELECT U.ACCOUNT,R.NAME FROM SYSTEM_USER U,SYSTEM_ROLE R
WHERE R.ID=U.ROLEID AND U.ACCOUNT=?
</value>
</property>
</bean>
<bean id="passwordEncoder"
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref local="jdbcDaoImpl" />
</property>
<property name="userCache">
<ref local="userCache" />
</property>
<property name="passwordEncoder">
<ref local="passwordEncoder" />
</property>
</bean>
<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
<bean id="userCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager" />
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>
<bean id="userCache"
class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<ref local="userCacheBackend" />
</property>
</bean>
<!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
</bean>
<bean id="securityContextHolderAwareRequestFilter"
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<!-- You will need to uncomment the "Acegi Channel Processing Filter"
<filter-mapping> in web.xml for the following beans to be used -->
<bean id="channelProcessingFilter"
class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager">
<ref local="channelDecisionManager" />
</property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
/A/login.jsp.*/Z=REQUIRES_SECURE_CHANNEL
/A.*/Z=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager"
class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref local="secureChannelProcessor" />
<ref local="insecureChannelProcessor" />
</list>
</property>
</bean>
<bean id="secureChannelProcessor"
class="org.acegisecurity.securechannel.SecureChannelProcessor" />
<bean id="insecureChannelProcessor"
class="org.acegisecurity.securechannel.InsecureChannelProcessor" />
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/login.jsp" />
</bean>
</property>
</bean>
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/login.jsp?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/acegi.bmp</value>
</property>
<property name="filterProcessesUrl">
<value>/logon.do</value>
</property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<!-- An access decision voter that reads ROLE_* configuration settings -->
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/index.jsp=ROLE_USER
/acegi.jsp=ROLE_USER,ROLE_SUPER
</value>
</property>
</bean>
</beans>
3。数据库
自己随便定义的非常简单的两个表SYSTEM_USER和SYSTEM_ROLE
例子嘛,我不希望数据库搞得太复杂了,能说明问题就行
SYSTEM_USER表字段:id,account,password,roleid
SYSTEM_ROLE表字段:id,name(两条记录name=ROLE_USER,name=ROLE_SUPER)
====================================================================
上面的applicationContext-acegi-security.xml文件里面的配置有看不懂的地方可以留言,我再补充解释
扫一扫
85
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
