Acegi+Tomcat5.5(测试例子问题汇总)
Acegi+Tomcat(测试例子问题汇总)
从网上下了个达人的Acegi的例子,可能是我学习Acegi太晚的原因,那个例子是acegi-0.8的版本,而我刚入手用的就是Acegi1.0.4的版本,故在看了看其中的例子后,开始进行版本的切换问题。
首先需要替换掉acegi的jar包.
然后修改在applicationContext-basic.xml,applicationContext-security-acegi.xml,web.xml文件中对应的类名.
都比较简单,主要是在Acegi0.8版本中有一个securityEnforcementFilter. 作用主要是将http请求转发给filterSecurityInterceptor,由filterSecurityInterceptor来对HTTP请求的合法性进行判断。
filterSecurityInterceptor 实现对URL资源进行授权访问。 authenticationEntryPoint 配置登录界面信息。
但是在1.0版本中,无此过滤器.故单独修改applicationContext-security-acegi.xml文件中的filterChainProxyfilter项.在其中单独增加filterInvocationInterceptor过滤器.屏蔽掉对securityEnforcementFilter的定义.
同时,该例子未进行exceptionTranslationFilter过滤器的定义.
造成在访问http://localhost:8080/Sample/contactlist.jsp的时候,直接出现以下错误:
org.acegisecurity.AccessDeniedException: Access is denied
org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:292)
org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:104)
org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:229)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:286)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
而不是像在struts中增加一个过滤器,如果判断无登陆信息,会自动跳转到登陆页面中.
故我增加了exceptionTranslationFilter
增加后,当未登陆,直接访问http://localhost:8080/Sample/contactlist.jsp时,其会自动跳转到login.jsp页面.
同时我在定义filterChainProxyfilter的filterInvocationDefinitionSource属性时候,
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,
exceptionTranslationFilter,filterInvocationInterceptor
出现了以下问题:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' is defined: org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [dataSource,contactDao,contactManagerTarget,transactionManager,jdbcTemplate,businessAccessDecisionManager,customEditorConfigurer,transactionInterceptor,contactManagerSecurity,contactManager,filterChainProxy,httpSessionContextIntegrationFilter,authenticationManager,jdbcDaoImpl,cacheManager,userCacheBackend,userCache,daoAuthenticationProvider,loggerListener,anonymousProcessingFilter,anonymousAuthenticationProvider,authenticationProcessingFilter,authenticationProcessingFilterEntryPoint,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,exceptionTranslationFilter]; root of BeanFactory hierarchy
org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:349)
org.springframework.beans.factory.support.AbstractBeanFactory.getMergedBeanDefinition(AbstractBeanFactory.java:671)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:198)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:151)
org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:557)
org.acegisecurity.util.FilterChainProxy.obtainAllDefinedFilters(FilterChainProxy.java:221)
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:136)
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
弄得我非常之郁闷,结果在我修改了filterInvocationDefinitionSource属性定义为:
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
后,程序问题解决,只是多了一个换行而已,不知道为什么没有准确识别.或许是因为我的写法有问题吧,我暂时的认为是多了一个换行符.不知道你们有没有碰到过,我看网上别的介绍,经常出现换行的那种写法,我这里就是不行,如果有看到这个问题的达人,能帮我指明是最好的了,谢谢.
同时,例子中只用到了用户表和权限表,我按照RBAC的要求,对表进行了修改,主要是为了适应对domain object的控制,但是这部分还有问题,我现在还不太清楚acegi是怎样对对象的实例进行控制的.希望有达人看到后,如果有合适的例子能给我发一个,虽然在一般的项目中用不到对实例的控制,一般都是控制到方法.但是多学学总没有坏处,^0^.
根据我自己建立的表,对xml中的相关sql语句进行了修改.其中建表规则符合RBAC规范.就不再发出来了.同时符上我修改后的3个xml文件.
如果有和我情况相同的朋友,给个小小的提示哈,别忘了修改工程里的index.jsp.那里引用了很多acegi0.8包中的类,别忘了修改.(^0^)
我还在web.xml文件中增加了一个欢迎页面,否则也还是有点小郁闷的.
这是我的一点心得,没准有您用得上的,不过如果我的描述有问题,也请你指出,不过千万别拿砖拍我哈.
看着觉得不怎么样的,也请一笑而过,因为我是个小菜鸟.......(-_-!)
/*********************************(1) web.xml**************************************************************************/
XMNMS
log4jConfigLocation
/WEB-INF/classes/log4j.properties
contextConfigLocation
/WEB-INF/applicationContext-basic.xml
/WEB-INF/applicationContext-security-acegi.xml
AcegiProxy
org.acegisecurity.util.FilterToBeanProxy
targetClass
org.acegisecurity.util.FilterChainProxy
AcegiProxy
/*
org.springframework.web.context.ContextLoaderListener
org.springframework.web.util.Log4jConfigListener
org.acegisecurity.ui.session.HttpSessionEventPublisher
login.jsp
/*********************************(2) applicationContext-basic.xml*****************************************************/
com.ibm.db2.jcc.DB2Driver
jdbc:db2://localhost:50000/TestDB
db2test
db2test
10
10
50
5000
1800
3000
5
false
sample.service.impl.ContactManager.*=PROPAGATION_REQUIRED
select p.name as authority,r.res_string as PROTECTED_RES
from sw_permissions as p ,sw_permission_resource as pr,sw_resources as r
where p.id = pr.permission_id and pr.resource_id = r.id
and p.name like 'AUTH_FUNC_ContactManager%' and r.res_type ='FUNCTION'
sample.service.IContactManager
/*********************************(3) applicationContext-security-acegi.xml********************************************/
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
SELECT LOGINID, PASSWORD,STATUS AS ENABLED FROM SW_USERS WHERE LOGINID=?
select u.loginid as username, p.name as authority
from sw_users as u,sw_user_role as ur,sw_role_permission as rp,sw_permissions as p
where u.id = ur.user_id and ur.role_id = rp.role_id and rp.permission_id = p.id and u.loginid =?
userCache
foobar
anonymousUser,AUTH_ANONYMOUS
foobar
/login.jsp?login_error=1
/index.jsp
/j_acegi_security_check
/login.jsp
false
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/*.jpg=AUTH_ANONYMOUS,AUTH_USER
/**/*.gif=AUTH_ANONYMOUS,AUTH_USER
/**/*.png=AUTH_ANONYMOUS,AUTH_USER
/login.jsp*=AUTH_ANONYMOUS,AUTH_USER
/**=AUTH_USER
false
AUTH_
从网上下了个达人的Acegi的例子,可能是我学习Acegi太晚的原因,那个例子是acegi-0.8的版本,而我刚入手用的就是Acegi1.0.4的版本,故在看了看其中的例子后,开始进行版本的切换问题。
首先需要替换掉acegi的jar包.
然后修改在applicationContext-basic.xml,applicationContext-security-acegi.xml,web.xml文件中对应的类名.
都比较简单,主要是在Acegi0.8版本中有一个securityEnforcementFilter. 作用主要是将http请求转发给filterSecurityInterceptor,由filterSecurityInterceptor来对HTTP请求的合法性进行判断。
filterSecurityInterceptor 实现对URL资源进行授权访问。 authenticationEntryPoint 配置登录界面信息。
但是在1.0版本中,无此过滤器.故单独修改applicationContext-security-acegi.xml文件中的filterChainProxyfilter项.在其中单独增加filterInvocationInterceptor过滤器.屏蔽掉对securityEnforcementFilter的定义.
同时,该例子未进行exceptionTranslationFilter过滤器的定义.
造成在访问http://localhost:8080/Sample/contactlist.jsp的时候,直接出现以下错误:
org.acegisecurity.AccessDeniedException: Access is denied
org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:292)
org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:104)
org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:229)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:286)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
而不是像在struts中增加一个过滤器,如果判断无登陆信息,会自动跳转到登陆页面中.
故我增加了exceptionTranslationFilter
增加后,当未登陆,直接访问http://localhost:8080/Sample/contactlist.jsp时,其会自动跳转到login.jsp页面.
同时我在定义filterChainProxyfilter的filterInvocationDefinitionSource属性时候,
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,
exceptionTranslationFilter,filterInvocationInterceptor
出现了以下问题:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' is defined: org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [dataSource,contactDao,contactManagerTarget,transactionManager,jdbcTemplate,businessAccessDecisionManager,customEditorConfigurer,transactionInterceptor,contactManagerSecurity,contactManager,filterChainProxy,httpSessionContextIntegrationFilter,authenticationManager,jdbcDaoImpl,cacheManager,userCacheBackend,userCache,daoAuthenticationProvider,loggerListener,anonymousProcessingFilter,anonymousAuthenticationProvider,authenticationProcessingFilter,authenticationProcessingFilterEntryPoint,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,exceptionTranslationFilter]; root of BeanFactory hierarchy
org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:349)
org.springframework.beans.factory.support.AbstractBeanFactory.getMergedBeanDefinition(AbstractBeanFactory.java:671)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:198)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:151)
org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:557)
org.acegisecurity.util.FilterChainProxy.obtainAllDefinedFilters(FilterChainProxy.java:221)
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:136)
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
弄得我非常之郁闷,结果在我修改了filterInvocationDefinitionSource属性定义为:
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
后,程序问题解决,只是多了一个换行而已,不知道为什么没有准确识别.或许是因为我的写法有问题吧,我暂时的认为是多了一个换行符.不知道你们有没有碰到过,我看网上别的介绍,经常出现换行的那种写法,我这里就是不行,如果有看到这个问题的达人,能帮我指明是最好的了,谢谢.
同时,例子中只用到了用户表和权限表,我按照RBAC的要求,对表进行了修改,主要是为了适应对domain object的控制,但是这部分还有问题,我现在还不太清楚acegi是怎样对对象的实例进行控制的.希望有达人看到后,如果有合适的例子能给我发一个,虽然在一般的项目中用不到对实例的控制,一般都是控制到方法.但是多学学总没有坏处,^0^.
根据我自己建立的表,对xml中的相关sql语句进行了修改.其中建表规则符合RBAC规范.就不再发出来了.同时符上我修改后的3个xml文件.
如果有和我情况相同的朋友,给个小小的提示哈,别忘了修改工程里的index.jsp.那里引用了很多acegi0.8包中的类,别忘了修改.(^0^)
我还在web.xml文件中增加了一个欢迎页面,否则也还是有点小郁闷的.
这是我的一点心得,没准有您用得上的,不过如果我的描述有问题,也请你指出,不过千万别拿砖拍我哈.
看着觉得不怎么样的,也请一笑而过,因为我是个小菜鸟.......(-_-!)
/*********************************(1) web.xml**************************************************************************/
/WEB-INF/applicationContext-basic.xml
/WEB-INF/applicationContext-security-acegi.xml
/*********************************(2) applicationContext-basic.xml*****************************************************/
sample.service.impl.ContactManager.*=PROPAGATION_REQUIRED
select p.name as authority,r.res_string as PROTECTED_RES
from sw_permissions as p ,sw_permission_resource as pr,sw_resources as r
where p.id = pr.permission_id and pr.resource_id = r.id
and p.name like 'AUTH_FUNC_ContactManager%' and r.res_type ='FUNCTION'
/*********************************(3) applicationContext-security-acegi.xml********************************************/
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
select u.loginid as username, p.name as authority
from sw_users as u,sw_user_role as ur,sw_role_permission as rp,sw_permissions as p
where u.id = ur.user_id and ur.role_id = rp.role_id and rp.permission_id = p.id and u.loginid =?
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/*.jpg=AUTH_ANONYMOUS,AUTH_USER
/**/*.gif=AUTH_ANONYMOUS,AUTH_USER
/**/*.png=AUTH_ANONYMOUS,AUTH_USER
/login.jsp*=AUTH_ANONYMOUS,AUTH_USER
/**=AUTH_USER