acegi安全是一個強大的,靈活的安全解決方案的企業軟件,并特別著重于應用,利用spring。用acegi安全,為用戶的應用與全面的認證,授權,例如基于職務的訪問控制,通道安全和人類用戶檢測能力。(google 對acegid的翻譯)
參考資料:http://www.tfo-eservices.eu/wb_tutorials/media/SpringAcegiTutorial/HTML/SpringAcegiTutorial-1_1-html.html
里面有一個例子:SpringAcegiTutorial,可以進行下載,并運行,做為一個實例,已經相當不錯了。
講述了admin ,user的登錄問題。及權限控件,acegi 的配置。
這個例子是spring mvc + spring acegi 的例子,閱讀前最好有spring mvc 的基礎。這里只摘錄簡單的配置說明。
<!-- ****** START ACEGI Security Configuration *******-->
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<!-- Start Security filter config -->
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="formLoginAuthenticationEntryPoint" />
</property>
</bean>
<!-- Define filter to handle BASIC authentication -->
<bean id="basicProcessingFilter"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationEntryPoint">
<ref bean="authenticationEntryPoint" />
</property>
</bean>
<!-- Define realm for BASIC login-->
<bean id="authenticationEntryPoint"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName">
<value>Spring Web Realm</value>
</property>
</bean>
<!-- Define filter to handle FORM authentication -->
<bean id="formAuthenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
<property name="authenticationFailureUrl">
<value>/loginFailed.html</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
</bean>
<!-- Define realm for FORM login-->
<bean id="formLoginAuthenticationEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
</bean>
<!-- End Security filter config -->
<!-- Start Security interceptor config -->
<!-- Define authentication manager, decision manager and secure URL patterns -->
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/admin/*=ROLE_ADMIN
/secure/app/*=ROLE_USER
</value>
</property>
</bean>
<!-- End Security interceptor config -->
<!-- Start authentication config -->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDetailsService" />
</property>
</bean>
<!-- Authentication using In-memory Dao -->
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
jklaassen=4moreyears,ROLE_ADMIN
bouerj=ineedsleep,ROLE_USER
</value>
</property>
</bean>
<!-- Authentication using JDBC Dao -->
<!--
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
</bean>
-->
<!-- End authentication config -->
<!-- Start authorization config -->
<bean id="accessDecisionManager"
class="org.acegisecurity.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<property name="rolePrefix">
<value>ROLE_</value>
</property>
</bean>
<!-- End authorization config -->
<!-- ****** END ACEGI Security Configuration *******-->
以上就是所有的源代碼配置在spring 的配置文件中。詳細的說明在官方的文檔上。<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<!-- Start Security filter config -->
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="formLoginAuthenticationEntryPoint" />
</property>
</bean>
<!-- Define filter to handle BASIC authentication -->
<bean id="basicProcessingFilter"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationEntryPoint">
<ref bean="authenticationEntryPoint" />
</property>
</bean>
<!-- Define realm for BASIC login-->
<bean id="authenticationEntryPoint"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName">
<value>Spring Web Realm</value>
</property>
</bean>
<!-- Define filter to handle FORM authentication -->
<bean id="formAuthenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
<property name="authenticationFailureUrl">
<value>/loginFailed.html</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
</bean>
<!-- Define realm for FORM login-->
<bean id="formLoginAuthenticationEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
</bean>
<!-- End Security filter config -->
<!-- Start Security interceptor config -->
<!-- Define authentication manager, decision manager and secure URL patterns -->
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/admin/*=ROLE_ADMIN
/secure/app/*=ROLE_USER
</value>
</property>
</bean>
<!-- End Security interceptor config -->
<!-- Start authentication config -->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDetailsService" />
</property>
</bean>
<!-- Authentication using In-memory Dao -->
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
jklaassen=4moreyears,ROLE_ADMIN
bouerj=ineedsleep,ROLE_USER
</value>
</property>
</bean>
<!-- Authentication using JDBC Dao -->
<!--
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
</bean>
-->
<!-- End authentication config -->
<!-- Start authorization config -->
<bean id="accessDecisionManager"
class="org.acegisecurity.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<property name="rolePrefix">
<value>ROLE_</value>
</property>
</bean>
<!-- End authorization config -->
<!-- ****** END ACEGI Security Configuration *******-->
在上面的配置文件的方式是以in-memory 的方法,也就是在配置文件中指定登錄的用戶名及密碼。在實際的應用中,應用到數據庫或其它技術。
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/test</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value>1</value>
</property>
</bean>
以上兩個bean的代碼就是把信息存儲到數據庫中。class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/test</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value>1</value>
</property>
</bean>
sql 語句如下:
CREATE TABLE `users` (
`username` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
`enabled` varchar(50) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `users` VALUES ('dianne','emu','true');
INSERT INTO `users` VALUES ('marissa','koala','true');
INSERT INTO `users` VALUES ('peter','opal','true');
INSERT INTO `users` VALUES ('scott','wombat','true');
CREATE TABLE `authorities` (
`username` varchar(50) NOT NULL,
`authority` varchar(50) NOT NULL,
UNIQUE KEY `ix_auth_username` (`username`,`authority`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `authorities` VALUES ('dianne','ROLE_ADMIN');
INSERT INTO `authorities` VALUES ('marissa','ROLE_ADMIN');
INSERT INTO `authorities` VALUES ('marissa','ROLE_USER');
INSERT INTO `authorities` VALUES ('peter','ROLE_USER');
INSERT INTO `authorities` VALUES ('scott','ROLE_ADMIN');
ALTER TABLE `authorities`
ADD FOREIGN KEY (`username`) REFERENCES `users` (`username`);
所有的配置就是這些:`username` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
`enabled` varchar(50) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `users` VALUES ('dianne','emu','true');
INSERT INTO `users` VALUES ('marissa','koala','true');
INSERT INTO `users` VALUES ('peter','opal','true');
INSERT INTO `users` VALUES ('scott','wombat','true');
CREATE TABLE `authorities` (
`username` varchar(50) NOT NULL,
`authority` varchar(50) NOT NULL,
UNIQUE KEY `ix_auth_username` (`username`,`authority`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `authorities` VALUES ('dianne','ROLE_ADMIN');
INSERT INTO `authorities` VALUES ('marissa','ROLE_ADMIN');
INSERT INTO `authorities` VALUES ('marissa','ROLE_USER');
INSERT INTO `authorities` VALUES ('peter','ROLE_USER');
INSERT INTO `authorities` VALUES ('scott','ROLE_ADMIN');
ALTER TABLE `authorities`
ADD FOREIGN KEY (`username`) REFERENCES `users` (`username`);
理解一下原理:
1。acegi的添加,可以在程序寫完之后再添加,配置靈活但并不簡單。
2.四個步驟:
安全是實施這四項檢查:
1 限制出入檢查(是以資源擔保? ) ;
2 現有的認證檢查(有用戶被認證? ) ;
3 如果沒有有效的登錄用戶:認證要求退房(都是正確的用戶名和密碼提供? ) ;
4 授權入住(不含用戶擁有所需的角色? ) ;
3.對于授權的處理,未授權的用戶無法進行訪問。應該設置 403.jsp未授權頁面。
]]>
spring mvc 與struts jsf 類似。表現層,因為前幾天看例子,是spring mvc寫的,所以就做個小例子吧。
參考資料:http://www.ideawu.net/person/spring_mvc.html ,這是個入門的例子,但是新手做起來,真麻煩,代碼前面帶編號,真是個問題。
能過輸入:http://localhost/springmvc1/hello.do 調用 hello.jsp 打印出Hello World 頁面。
1.包配置:spring.jar ,common-logging.jar jstl.jar standard.jar
2.后臺類書寫:HelloController.java
package com.ideawu;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
public class HelloController implements Controller {
/*
* private HelloManager helloManager;
*
* public void setHelloManager(HelloManager helloManager) {
* this.helloManager = helloManager; }
*/
public ModelAndView handleRequest(HttpServletRequest request,
HttpServletResponse response) throws Exception {
request.setAttribute("hello_1", "你好啊, Spring!");
request.setAttribute("hello_2", "Hello World!");
return new ModelAndView("hello");
}
}
3.xml配置: ideawu-servlet.xmlimport javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
public class HelloController implements Controller {
/*
* private HelloManager helloManager;
*
* public void setHelloManager(HelloManager helloManager) {
* this.helloManager = helloManager; }
*/
public ModelAndView handleRequest(HttpServletRequest request,
HttpServletResponse response) throws Exception {
request.setAttribute("hello_1", "你好啊, Spring!");
request.setAttribute("hello_2", "Hello World!");
return new ModelAndView("hello");
}
}
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="simpleUrlHandlerMapping"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/hello.do">helloController</prop>
</props>
</property>
</bean>
<bean id="helloController" class="com.ideawu.HelloController">
<!--
<property name="helloManager" ref="helloManager" />
-->
</bean>
</beans>
4.jsp 文件: /WEB-INF/jsp/hello.jsp<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="simpleUrlHandlerMapping"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/hello.do">helloController</prop>
</props>
</property>
</bean>
<bean id="helloController" class="com.ideawu.HelloController">
<!--
<property name="helloManager" ref="helloManager" />
-->
</bean>
</beans>
<%@ page contentType="text/html; charset=UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Hello World!</title>
</head>
<body>
<h2>
${hello_1}
</h2>
<h2>
${hello_2}
</h2>
</body>
</html>
5.web.xml配置:<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Hello World!</title>
</head>
<body>
<h2>
${hello_1}
</h2>
<h2>
${hello_2}
</h2>
</body>
</html>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>ideawu</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ideawu</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<jsp-config>
<taglib>
<taglib-uri>http://java.sun.com/jsp/jstl/core</taglib-uri>
<taglib-location>/WEB-INF/tld/c.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>http://java.sun.com/jsp/jstl/fmt</taglib-uri>
<taglib-location>/WEB-INF/tld/fmt.tld</taglib-location>
</taglib>
</jsp-config>
以上就是程序的所代碼了。總之,就是在web.xml中進行過慮器配置,寫后臺處理程序,xml中進行后臺處理的映射,編寫.jsp頁面。也就通過訪問*.do(或其它格式),來映射到相應的.jsp程序上。<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>ideawu</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ideawu</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<jsp-config>
<taglib>
<taglib-uri>http://java.sun.com/jsp/jstl/core</taglib-uri>
<taglib-location>/WEB-INF/tld/c.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>http://java.sun.com/jsp/jstl/fmt</taglib-uri>
<taglib-location>/WEB-INF/tld/fmt.tld</taglib-location>
</taglib>
</jsp-config>
]]>