一、环境设定:
相关jar:
acegi-security-1.0.5.jar - Main classes of the Acegi Security system
cglib-2.1.3.jar - Code-generation library used by Spring
commons-codec-1.3.jar - Encoders and decoders such as Base64, Hex, Phonetic, and URLs
commons-lang-2.1.jar - Helper utilities for java.lang APIs
ehcache-1.2.3.jar - Used for basic caching purposes
freemarker-2.3.8.jar - Used by the Struts implementation
jstl.jar, standard.jar - JavaServer Pages Standard Tag Library (JSTL) tag library
log4j-1.2.13.jar - For logging
ognl-2.6.11.jar - OGNL library used by the Struts implementation
sitemesh-2.3.jar - SiteMesh JAR
spring.jar - Spring Framework JAR
struts2-core-2.0.8.jar - Struts 2 core JAR
xwork-2.0.3.jar - Used by Struts
修改web.xml:
作用是利用spring AOP将filter Proxy到web.xml里去,并拦截相关的request
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>AcegiTraining</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
...
...
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_security_check</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_logout</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
...
</web-app>
二、身份验证
WEB-INF下增加applicationContext-acegi-security.xml文件,并增加验证服务所需要的filter:
web.xml中的FilterToBeanProxy将拦截的内容:
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter
/**/*=httpSessionContextIntegrationFilter,logoutFilter,
authenticationProcessingFilter,securityContextHolderAwareRequestFilter,
anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
...
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</bean>
authenticationProcessingFilter就是进行身份验证所用到的的filter,其主要是依靠authenticationManager来进行数据库或文本文件上存放的注册信息来进行核对:
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/login.jsp?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<ref local="anonymousAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"/><ref local="userDetailsService"/></property>
<property name="userCache">
...
</property>
</bean>
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location"
value="/WEB-INF/users.properties" />
</bean>
</property>
</bean>
users.properties:
james=tom@1231,ROLE_TECHNICIAN
krishna=krish2341,ROLE_TECHNICIAN
smith=pravah@001,ROLE_ADMIN
三、权限验证
在身份验证后,通过权限验证来决定哪些资源由拥有哪些权限的用户使用,httpRequestAccessDecisionManager控制投票方式,exceptionTranslationFilter增加了如果权限验证失败后所转到的处理页面,logoutFilter定义登出后转到首页:
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/index.jsp=ROLE_ADMIN,ROLE_TECHNICIAN
/order/createOrder.jsp=ROLE_TECHNICIAN
/order/authorizeOrder.jsp=ROLE_ADMIN
/login.jsp=ROLE_ANONYMOUS,ROLE_TECHNICIAN,ROLE_ADMIN
</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
<bean id="logoutFilter"
class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
至此,acegi配置部分完成,剩下相关页面设计部分。