集成acegi进行权限控制续
AuthorizedTag.java
1
public
class
AuthorizedTag
extends
ConditionalTagSupport {
2
3 protected Log logger = LogFactory.getLog( this .getClass());
4
5 @Autowired
6
7 private FilterInvocationDefinitionSource objectDefinitionSource;
8
9 @Autowired
10
11 private FilterSecurityInterceptor filterInvocationInterceptor;
12
13 private String url;
14
15 /**
16 * Get Authentication Token from IUserDetails object
17 * @param user
18 * @return Authentication
19 */
20 protected Authentication getAuthentication(IUserDetails user){
21
22 IUserDetails userDetail = user;
23
24 Authentication authenticated;
25
26 if (userDetail == null ){
27
28 authenticated = new UsernamePasswordAuthenticationToken( null , null , new GrantedAuthority[]{ new GrantedAuthorityImpl( " ROLE_ANONYMOUS " )});
29
30 } else {
31
32 if (userDetail.isEnabled()){
33
34 authenticated = new UsernamePasswordAuthenticationToken(userDetail, userDetail.getUsername(), userDetail.getAuthorities());
35
36 } else {
37
38 authenticated = new AnonymousAuthenticationToken(userDetail.getUsername(), userDetail, userDetail.getAuthorities());
39
40 }
41
42 }
43
44 return authenticated;
45
46 }
47
48 /**
49 * get FilterInvocation from the url
50 * @param url
51 * @return FilterInvocation
52 */
53 protected FilterInvocation getRequestedResource(String url){
54
55 MockHttpServletRequest request = new MockHttpServletRequest(pageContext.getServletContext());
56
57 request.setServletPath(url);
58
59 FilterChain filterchain = new FilterChain(){
60
61 public void doFilter(ServletRequest arg0, ServletResponse arg1)
62
63 throws IOException, ServletException {
64
65 }};
66
67 FilterInvocation object = new FilterInvocation(request, pageContext.getResponse(), filterchain);
68
69 return object;
70
71 }
72
73 @Override
74
75 protected boolean condition() throws JspTagException {
76
77 boolean result = false ;
78
79 IUserDetails user = CurrentUser.getUser();
80
81 ServletContext servletContext = pageContext.getServletContext();
82
83 WebApplicationContext wac = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
84
85 wac.getAutowireCapableBeanFactory().autowireBeanProperties( this , AutowireCapableBeanFactory.AUTOWIRE_BY_TYPE, false );
86
87 ConfigAttributeDefinition attr = objectDefinitionSource.getAttributes(getRequestedResource(url));
88
89 try {
90
91 filterInvocationInterceptor.getAccessDecisionManager().decide(getAuthentication(user), url, attr);
92
93 result = true ;
94
95 } catch (AccessDeniedException e){
96
97 result = false ;
98
99 if (user == null ){
100
101 logger.debug( " anonymous has no permission on : " + url);
102
103 } else {
104
105 logger.debug(user.getUsername() + " has no permission on : " + url);
106
107 }
108
109 }
110
111 return result;
112
113 }
114
115 public String getUrl() {
116
117 return url;
118
119 }
120
121 public void setUrl(String url) {
122
123 this .url = url;
124
125 }
126
127 }
2
3 protected Log logger = LogFactory.getLog( this .getClass());
4
5 @Autowired
6
7 private FilterInvocationDefinitionSource objectDefinitionSource;
8
9 @Autowired
10
11 private FilterSecurityInterceptor filterInvocationInterceptor;
12
13 private String url;
14
15 /**
16 * Get Authentication Token from IUserDetails object
17 * @param user
18 * @return Authentication
19 */
20 protected Authentication getAuthentication(IUserDetails user){
21
22 IUserDetails userDetail = user;
23
24 Authentication authenticated;
25
26 if (userDetail == null ){
27
28 authenticated = new UsernamePasswordAuthenticationToken( null , null , new GrantedAuthority[]{ new GrantedAuthorityImpl( " ROLE_ANONYMOUS " )});
29
30 } else {
31
32 if (userDetail.isEnabled()){
33
34 authenticated = new UsernamePasswordAuthenticationToken(userDetail, userDetail.getUsername(), userDetail.getAuthorities());
35
36 } else {
37
38 authenticated = new AnonymousAuthenticationToken(userDetail.getUsername(), userDetail, userDetail.getAuthorities());
39
40 }
41
42 }
43
44 return authenticated;
45
46 }
47
48 /**
49 * get FilterInvocation from the url
50 * @param url
51 * @return FilterInvocation
52 */
53 protected FilterInvocation getRequestedResource(String url){
54
55 MockHttpServletRequest request = new MockHttpServletRequest(pageContext.getServletContext());
56
57 request.setServletPath(url);
58
59 FilterChain filterchain = new FilterChain(){
60
61 public void doFilter(ServletRequest arg0, ServletResponse arg1)
62
63 throws IOException, ServletException {
64
65 }};
66
67 FilterInvocation object = new FilterInvocation(request, pageContext.getResponse(), filterchain);
68
69 return object;
70
71 }
72
73 @Override
74
75 protected boolean condition() throws JspTagException {
76
77 boolean result = false ;
78
79 IUserDetails user = CurrentUser.getUser();
80
81 ServletContext servletContext = pageContext.getServletContext();
82
83 WebApplicationContext wac = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
84
85 wac.getAutowireCapableBeanFactory().autowireBeanProperties( this , AutowireCapableBeanFactory.AUTOWIRE_BY_TYPE, false );
86
87 ConfigAttributeDefinition attr = objectDefinitionSource.getAttributes(getRequestedResource(url));
88
89 try {
90
91 filterInvocationInterceptor.getAccessDecisionManager().decide(getAuthentication(user), url, attr);
92
93 result = true ;
94
95 } catch (AccessDeniedException e){
96
97 result = false ;
98
99 if (user == null ){
100
101 logger.debug( " anonymous has no permission on : " + url);
102
103 } else {
104
105 logger.debug(user.getUsername() + " has no permission on : " + url);
106
107 }
108
109 }
110
111 return result;
112
113 }
114
115 public String getUrl() {
116
117 return url;
118
119 }
120
121 public void setUrl(String url) {
122
123 this .url = url;
124
125 }
126
127 }
添加Jsp页面测试新添加的Tag, 在文所附的例子程序中, 将Tag的测试代码放在index.jsp页面中, 任何人都可以访问该页面, 在页面上列出了全部地址的链接, 同时列出了当前用户有权限的地址, 这样可以方便地知道当前用户有哪些权限, 如果你想修改数据库中的权限, 然后再次测试, 可以点击页面右上侧的Reload Permission重新从数据库加载权限.
<auth:ifAuthrized url="/admin"> <p><a href="admin">Admin page</a></p> </auth:ifAuthrized>
四. 参考文档
1. 更多深入介绍,可以根据Acegi官方提供的Suggested Steps ( [url]http://www.acegisecurity.org/suggested.html[/url]) 一步一步学习.
2. 如果要了解Acegi提供的各种功能, 可以参考 [url]http://www.acegisecurity.org/reference.html[/url]
3. 阅读本文需要对Spring有一定的了解, [url]http://www.springframework.org/documentation[/url]
4. 扩展jstl的tag, 可以参看 [url]http://www.onjava.com/pub/a/onjava/2002/10/30/jstl3.html?page=1[/url]
5. 从 [url]https://sourceforge.net/project/platformdownload.php?group_id=216220[/url]下载本文附带的例子代码, 通过acegi.sql建立数据库, 然后将acegi-test.war放到Tomcat的webapps目录下, 或者你可以下载acegi-test.zip文件, 里面包含了完整的eclipse的项目以及sql文件.
访问 [url]http://youip:port/acegi-test[/url], 列出全部地址的链接, 同时列出了当前用户有权限的地址链接
转自: [url]http://acegi-test.sourceforge.net/[/url]
转自: [url]http://acegi-test.sourceforge.net/[/url]