榪欎釜渚嬪瓙浣跨敤浜咹SQL鍋氭暟鎹簱錛宻pring鐨凙OP浣滀負鍩虹錛屼嬌鐢ˋcegi鍋氬畨鍏ㄦ帶鍒剁粍浠躲?br />鑱旂郴浜虹鐞嗙殑web搴旂敤鍦ㄥ惎鍔ㄦ椂鍊欙紝浼氬仛涓緋誨垪鍒濆鍖栧姩浣滐細
1. 璇誨彇web.xml鏂囦歡錛?/p>
2. 騫惰В鏋愭枃浠墮噷鐨勫唴瀹廣?br />a) context-param鍏冪礌銆?br />i. contextConfigLocation灞炴с傝繖涓睘鎬у畾涔変簡spring鎵闇瑕佺殑3涓睘鎬ф枃浠躲傚畠浠垎鍒槸錛歛pplicationContext -acegi-security.xml銆乤pplicationContext-common-business.xml銆?applicationContext-common-authorization.xml
ii. log4jConfigLocation灞炴с傝繖涓睘鎬у畾涔変簡log4j閰嶇疆鏂囦歡銆?/p>
b) filter鍏冪礌銆?br />榪欓噷瀹氫箟浜哸cegi鐨勪竴涓繃婊ゅ櫒銆侫cegi鐨勫ぇ閮ㄥ垎榪囨護鍣ㄩ兘鏄繖鏍烽厤緗殑銆備嬌鐢‵ilterToBeanProxy緇勪歡錛岀粰瀹冧紶閫掍竴涓猼argetClass灞炴с傝繖涓猼argetClass蹇呴』瀹炵幇javax.servlet.Filter鎺ュ彛銆?br />榪欓噷閰嶇疆鐨勬槸FilterChainProxy銆傝繖涓狥ilterChainProxy姣旇緝濂界敤錛屽彲浠ヤ負瀹冨畾涔変竴涓瞗ilter灞炴с傝繖浜沠ilter灝嗕細鎸夌収瀹氫箟鐨勯『搴忚璋冪敤銆備緥濡傦紝
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
</value>
</property>
</bean>
榪欎釜榪囨護鍣ㄧ殑mapping鏄?*鈥濄?br />c) listener鍏冪礌銆?br />i. ContextLoaderListener銆傝繖涓槸Spring浣跨敤鏉ュ姞杞芥牴applicationcontext銆傚茍鍒嗗埆瑙f瀽 applicationContext-acegi-security.xml銆乤pplicationContext-common- business.xml銆乤pplicationContext-common-authorization.xml絳夐厤緗枃浠訛紝鎶婄浉鍏崇殑瀵硅薄鍒濆鍖?br />iii. Log4jConfigListener銆傝繖涓槸spring鐢ㄦ潵鍒濆鍖杔og4j緇勪歡鐨刲istener銆?br />iv. HttpSessionEventPublisher銆傝繖涓粍浠跺皢鍙戝竷HttpSessionCreatedEvent鍜孒ttpSessionDestroyedEvent浜嬩歡緇檚pring鐨刟pplicationcontext銆?br />d) servlet鍏冪礌銆?br />i. contacts銆傝繖閲岄噰鐢ㄤ簡spring鐨凪VC妗嗘灦錛?鎵浠ヨ繖涓猻ervlet鏄痵pring MVC鐨勪竴涓牳蹇冩帶鍒跺櫒錛坥rg.springframework.web.servlet.DispatcherServlet錛夈傝繖涓猻ervlet 鍚姩鏃跺欙紝浼氫粠contacts-servlet.xml閲岄潰璇誨彇淇℃伅錛屽茍鍋氱浉鍏崇殑鍒濆鍖栥?br />v. remoting銆備篃鏄痵pring MVC鐨勪竴涓牳蹇冩帶鍒跺櫒銆備笌contacts涓嶅悓錛岃繖涓猻ervlet涓昏鏄彁渚泈eb services鏈嶅姟銆傝繖涓猻ervlet鍚姩鏃跺欙紝 浼氫粠remoting-servlet.xml閲岄潰璇誨彇淇℃伅錛屽茍鍋氱浉鍏崇殑鍒濆鍖栥?br />e) taglib鍏冪礌銆傝繖閲屽畾涔変簡spring鐨勬爣f) 絳懼簱銆?br />3. 瑙f瀽applicationContext-acegi-security.xml銆?br />a) 榪囨護鍣ㄩ摼銆傚畾涔変簡涓涓狥ilterChainProxy錛宐) 騫舵寚c) 瀹氫簡涓緋誨垪鐨勮繃婊ゅ櫒閾俱俬ttpSessionContextIntegrationFilter, authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
d) 璁よ瘉綆$悊鍣ㄣ傝繖涓鐞嗗櫒鐢盿cegi鎻愪緵銆傝繖涓鐞嗗櫒闇瑕佷竴涓猵roviders鍙傛暟銆傝繖涓猵roviders鍙傛暟鍖呭惈浜嗘彁渚涚郴緇熻璇佺殑瀵硅薄銆?br />i. daoAuthenticationProvider銆備竴鑸敤鎴瘋璇併?br />ii. anonymousAuthenticationProvider銆傚尶鍚嶇敤鎴瘋璇併?br />iv. rememberMeAuthenticationProvider銆傝浣忔垜璁よ瘉銆?/p>
e) 瀵嗙爜鍔犲瘑銆傝繖閲屽畾涔変簡涓涓猘cegi鐨凪d5綆楁硶鍔犲瘑瀵硅薄Md5PasswordEncoder銆?br />f) 瀹氫箟浜嗕竴涓猨dbcDao瀹炵幇綾匯傝繖涓被鐢盿cegi鎻愪緵鐨刵et.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl銆傝繖涓璞¢渶瑕佷竴涓猟ataSource鐨勫弬鏁般?br />g) 瀹氫箟daoAuthenticationProvider銆傝繖涓璞$敱acegi鎻愪緵銆傚畠鏈?涓睘鎬э細
authenticationDao銆傝繖閲屾寚鍚戝墠闈㈠畾涔夌殑jdbcDao銆?br />userCache銆傝繖閲屾寚鍚戝悗闈㈠畾涔夌殑user緙撳瓨瀵硅薄銆?br />passwordEncoder銆傝繖閲屾寚鍚戝墠闈㈠畾涔夌殑瀵嗙爜鍔犲瘑瀵硅薄銆?br />h) 鐢ㄦ埛緙撳瓨綆$悊銆?br />涓轟簡緙撳瓨user錛岃繖閲屼嬌鐢╯pring鐨別hcache鏉ョ紦瀛榰ser銆傜紦瀛樻満鍒訛細
i. 瀹氫箟緙撳瓨綆$悊鍣ㄢ曗旵acheManager銆傝繖涓璞℃槸spring鐨凟hCacheManagerFactoryBean瀵硅薄
ii. 瀹氫箟user緙撳瓨瀹為檯鎵ц瀵硅薄鈥曗昒serCacheBackend銆傝繖涓璞℃槸spring鐨凟hCacheFactoryBean銆傚畠鏈変袱涓睘鎬э細
1. cacheManager銆傝繖閲屾寚鍚戝墠闈㈠畾涔夌殑緙撳瓨綆$悊鍣ㄣ?br />2. cacheName銆?br />iii. 瀹氫箟user緙撳瓨鈥曗昒serCache銆傚畠鏄痑cegi鎻愪緵鐨凟hCacheBasedUserCache瀵硅薄銆傚畠鏈変竴涓睘鎬э細
1. cache銆傝繖閲屾寚鍚戠殑鏄墠闈㈠畾涔夌殑userCacheBackend銆?/p>
i) 瀹氫箟鎺ユ敹鏉ヨ嚜DaoAuthenticationProvider鐨勮璇佷簨浠剁殑listener鈥曗昄oggerListener銆?br />j)
4. 瑙f瀽applicationContext-common-business.xml銆?br />a) dataSource.
榪欓噷浣跨敤浜唖pring鐨凞riverManagerDataSource瀵硅薄銆傝繖涓璞℃槸涓涓狫DBC鏁版嵁婧愮殑瀹氫箟銆?br />b) TransactionManager銆傝繖閲屼嬌鐢╯pring鐨凞ataSourceTransactionManager瀵硅薄銆?br />c) 浜嬪姟鎷︽埅鍣ㄣ傝繖閲屼嬌鐢╯pring鐨勪簨鍔℃嫤鎴櫒TransactionInterceptor銆傚畠鏈?涓睘鎬э細
transactionManager銆傝繖涓睘鎬ф寚鍚戝墠闈㈠畾涔夌殑TransactionManager銆?br />transactionAttributeSource銆傝繖涓睘鎬ч噷錛?鎸囧畾浜咰ontactManager鐨勫悇涓柟娉曠殑浜嬪姟鏂歸潰鐨勮姹傘?br />d) DataSourcePopulator銆?br />浣跨敤sample.contact.DataSourcePopulator瀵硅薄錛屽線HSQL閲屽垱寤虹浉鍏崇殑琛ㄧ粨鏋勫拰鏁版嵁銆?br />瀹炵幇鍘熺悊錛欴ataSourcePopulator 瀹炵幇浜嗘帴鍙?InitializingBean銆傚叾涓璦fterPropertiesSet鏂規硶灝嗗湪spring鍒濆鍖朌ataSourcePopulator鍚庤璋冪敤銆?br />e) ContactDao銆傝繖閲屾寚鍚戜竴涓狢ontactDaoSpring瀵硅薄銆傚畠緇ф壙spring鐨?JdbcDaoSupport錛実) 騫跺疄鐜癈ontactDao鎺ュ彛銆傚畠鏄湡姝e疄鐜癑DBC鎿嶄綔鐨勫璞°?br />h) ContactManager銆傝繖閲屼嬌鐢ㄧ殑鏄痵pring鐨凱roxyFactoryBean銆傚畠鏈?涓睘鎬э細
i. ProxyInterfaces銆備唬鐞嗘帴鍙o細sample.contact.ContactManager
ii. InterceptorNames銆傛嫤鎴櫒鍚嶇О銆傚彲浠ユ湁澶氫釜錛宨v. 榪欓噷鍖呮嫭錛歵ransactionInterceptor銆乧ontactManagerSecurity銆乧ontactManagerTarget銆傚叾涓紝v. transactionInterceptor鏄墠闈㈠畾涔夌殑浜嬪姟鎷︽埅鍣ㄣ侰ontactManagerSecurity鍒欐槸鍦?applicationContext-common-authorization.xml閲屽畾涔夌殑鏂規硶璋冪敤鎺堟潈銆?br />i) ContactManagerTarget銆傝繖閲屾寚鍚戠殑鏄痵ample.contact.ContactManagerBackend瀵硅薄銆?ContactManagerBackend瀹炵幇浜咰ontactManager鎺ュ彛鍜孖nitializingBean鎺ュ彛銆傚畠鏈?涓嚜瀹氫箟灞炴э細 contactDao鍜宐asicAclExtendedDao銆傝繖閲屼細璋冪敤ACL鐨凙PI鍘誨仛浜涘垱寤烘潈闄愬拰鍒犻櫎鏉冮檺鐨勫伐浣溿?/p>
鑱旂郴浜虹鐞嗚鏄庝簡涓嬪垪涓績鐨?span lang="EN-US">Acegi瀹夊叏鎺у埗鑳藉姏:
- Role-based security 錛堝熀浜庤鑹茬殑瀹夊叏錛?/span> 鈥曗曟瘡涓矗浠諱漢閮芥槸鏌愪釜瑙掕壊鐨勪竴鍛樸傝岃鑹茶鐢ㄦ潵闄愬埗瀵規煇浜涘畨鍏ㄥ璞$殑璁塊棶銆?/span>
- Domain object instance security 錛堝煙瀵硅薄瀹炰緥瀹夊叏錛?/span> 鈥曗曞悎鍚岋紝榪欎釜緋葷粺閲岀殑涓昏鍩熷璞★紝鎷ユ湁涓涓闂帶鍒跺垪琛紙 ACL 錛夛紝鐢ㄦ潵鎸囨槑璋佸厑璁歌銆佺鐞嗗拰鍒犻櫎瀵硅薄銆?/span>
-
Method invocation security
錛堟柟娉曡皟鐢ㄥ畨鍏級鈥曗?/span>
榪欎釜
ContactManager鏈嶅姟灞傚璞?/span> 鍖呭惈涓浜涘彈淇濇姢鐨勫拰鍏紑鐨勬柟娉曘?/span> -
Web request security
錛?/span>
Web
璇鋒眰瀹夊叏錛?/span>
鈥曗曡繖涓?/span>
/secure鈥?/span> URI 璺緞琚嬌鐢?/span> Acegi 瀹夊叏淇濇姢錛屼嬌寰楁病鏈?/span>ROLE_USER瑙掕壊鐨勭敤鎴鋒棤娉曡闂?/span> . - Security unaware application objects 錛堜繚鎶ゆ湭鐭ョ殑搴旂敤瀵硅薄錛?/span> 鈥曗曞彈淇濇姢鐨勫璞′笌 Acegi 涔嬮棿娌℃湁鏄庢樉鐨勮﹀悎鎴栧綰︼紝鎵浠ュ畠浠病鏈夊療瑙夊埌瀹夊叏鏄敱 Acegi 鎻愪緵鐨勩?/span> *
- Security taglib usage 錛堝畨鍏ㄦ爣絳懼簱浣跨敤錛?/span> 鈥曗曟墍鏈夌殑 JSP 浣跨敤 Acegi 瀹夊叏鏍囩搴撴潵灝佽瀹夊叏淇℃伅銆?/span> *
- Fully declarative security( 瀹屽叏澹版槑寮忕殑瀹夊叏 ) 鈥曗曟瘡涓涓畨鍏ㄦ柟闈㈢壒鎬ч兘鏄湪 application context 閲岄潰浣跨敤鏍囧噯鐨?/span> Acegi 瀹夊叏瀵硅薄鏉ラ厤緗殑銆?/span> *
- Database-sourced security data 錛堟敮鎸佹暟鎹簱鏉ユ簮鐨勫畨鍏ㄦ暟鎹級 鈥曗曟墍鏈夌殑鐢ㄦ埛銆佽鑹插拰 ACL 淇℃伅閮藉彲浠ヤ粠涓涓吋瀹?/span> JDBC 鐨勫唴瀛樻暟鎹簱鑾峰緱銆?/span>
- Integrated form-based and BASIC authentication 錛堥泦鎴愬熀浜庤〃鍗曞拰 BASIC 楠岃瘉錛夆曗?/span> 浠諱綍 BASIC 楠岃瘉澶撮儴琚嫻嬩互鍙婁綔涓洪獙璇佷嬌鐢ㄣ傞粯璁や嬌鐢ㄥ熀浜庤〃鍗曠殑鏅氫氦浜掑紡楠岃瘉銆?/span>
- Remember-me services 錛堣浣忔垜鐨勬湇鍔★級鈥曗?/span> Acegi 瀹夊叏鐨勬彃浠跺紡鐨勨?/span> remember-me 鈥?/span> 絳栫暐琚紨紺恒傚湪鐧誨綍琛ㄥ崟閲屾湁涓涓浉鍏崇殑閫夋嫨妗嗕笌涔嬪搴斻?/span>
鑱旂郴浜虹鐞嗙殑涓氬姟鍔熻兘鎻忚堪錛?/span>
1.1. 姣忎釜鐢ㄦ埛鐧誨綍鍚庯紝鍙互鐪嬪埌涓涓仈緋諱漢鍒楄〃銆備緥濡傦紝
marissa's Contacts
|
id |
Name |
|
||
|
1 |
John Smith |
john@somewhere.com |
||
|
2 |
Michael Citizen |
michael@xyz.com |
|
|
|
3 |
Joe Bloggs |
joe@demo.com |
|
|
|
4 |
Karen Sutherland |
karen@sutherland.com |
璇存槑錛氱敤鎴鋒病鏈夋潈闄愯闂殑鑱旂郴浜轟俊鎭紝灝嗕笉浼氭樉紺恒?/span>
2.2. 鐢ㄦ埛鍙互澧炲姞鏂扮殑鑱旂郴浜轟俊鎭?/span>
3.3. 濡傛灉鏈夊垹闄ゆ潈闄愶紝鐢ㄦ埛鍙互鐪嬪埌鍦ㄨ仈緋諱漢鍚庨潰鏈変竴涓?/span> Del 鈥濋摼鎺ャ傜敤鎴峰彲浠ョ偣鍑昏繖涓摼鎺ユ潵鍒犻櫎鏌愪釜鑱旂郴浜轟俊鎭?/span>
4.4. 濡傛灉鏈夌鐞嗘潈闄愶紝鐢ㄦ埛鍙互鐪嬪埌鍦ㄨ仈緋諱漢鍚庨潰鏈変竴涓?/span> Admin Permission 鈥濋摼鎺ャ傜敤鎴峰彲浠ョ偣鍑昏繖涓摼鎺ユ潵綆$悊璁塊棶榪欎釜鑱旂郴浜虹殑鏉冮檺銆備緥濡傦紝
Administer Permissions
sample.contact.Contact@26807f: Id: 1; Name: John Smith; Email: john@somewhere.com
|
|
|
|
|
|
|
|
璇存槑錛氭瘡涓琛岃褰曞寘鍚湁 3 鍒椼?/span>
絎竴鍒楄〃紺烘潈闄愶紝渚嬪錛屸?/span>
-RW-D
鈥濊〃紺哄彲璇匯佸彲鍐欍佸彲鍒犻櫎銆?/span>
絎簩鍒椾篃琛ㄧず鏉冮檺錛屼絾瀹冩槸浠ョ被浼?/span> unix 鏉冮檺鐨勬暟瀛楄〃杈俱備緥濡傦紝鈥?/span> [22] 鈥?/span> , 琛ㄧず鍙銆佸彲鍐欍佸彲鍒犻櫎銆?/span>
絎笁鍒楁槸鐢ㄦ埛鍚嶇О銆?/span>
姣忎竴琛岃褰曞悗闈㈤兘鏈変竴涓?/span> Del 鈥濋摼鎺ャ傜偣鍑昏繖涓摼鎺ワ紝鍙互鍒犻櫎鎺夋寚瀹氱敤鎴峰榪欎釜鑱旂郴浜轟俊鎭殑鏉冮檺銆?/span>
5.5. 鐢ㄦ埛鍙互涓烘煇涓仈緋諱漢淇℃伅娣誨姞鏉冮檺銆備緥濡傦紝
Add Permission
璇存槑錛氭潈闄愭槸鍔ㄦ佹坊鍔犵殑銆備緥濡傦紝涓婂浘涓粰鐢ㄦ埛 scott 澧炲姞浜嗚鑱旂郴浜?/span> John 鐨勬潈闄愩傞偅涔?/span> scott 椹笂灝卞彲浠ョ湅鍒拌仈緋諱漢 John 鐨勪俊鎭簡銆?/span>]]>