一、環境設定: 相關jar: acegi-security-1.0.5.jar - Main classes of the Acegi Security system cglib-2.1.3.jar - Code-generation library used by Spring commons-codec-1.3.jar - Encoders and decoders such as Base64, Hex, Phonetic, and URLs commons-lang-2.1.jar - Helper utilities for java.lang APIs ehcache-1.2.3.jar - Used for basic caching purposes freemarker-2.3.8.jar - Used by the Struts implementation jstl.jar, standard.jar - JavaServer Pages Standard Tag Library (JSTL) tag library log4j-1.2.13.jar - For logging ognl-2.6.11.jar - OGNL library used by the Struts implementation sitemesh-2.3.jar - SiteMesh JAR spring.jar - Spring Framework JAR struts2-core-2.0.8.jar - Struts 2 core JAR xwork-2.0.3.jar - Used by Struts 修改web.xml: 作用是利用spring AOP將filter Proxy到web.xml里去,并攔截相關的request
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <display-name>AcegiTraining</display-name> <context-param>
<param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext*.xml</param-value> </context-param> <filter> <filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class> org.acegisecurity.util.FilterToBeanProxy </filter-class> <init-param> <param-name>targetClass</param-name> <param-value>
org.acegisecurity.util.FilterChainProxy </param-value> </init-param> </filter> ... ... <filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_security_check</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name> <url-pattern>/j_acegi_logout</url-pattern>
</filter-mapping> <filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name> <url-pattern>*.action</url-pattern> </filter-mapping>
<filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> ...
</web-app>
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /j_acegi_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter /**/*=httpSessionContextIntegrationFilter,logoutFilter, authenticationProcessingFilter,securityContextHolderAwareRequestFilter, anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor </value> </property>
</bean>
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <ref local="authenticationProcessingFilterEntryPoint" /> </property>
... </bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"> <value>/login.jsp</value> </property>
<property name="forceHttps"> <value>false</value> </bean>
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property>
<property name="authenticationFailureUrl"> <value>/login.jsp?login_error=1</value> </property> <property name="defaultTargetUrl"> <value>/</value>
</property> <property name="filterProcessesUrl"> <value>/j_acegi_security_check</value> </property> </bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers">
<list> <ref local="daoAuthenticationProvider" /> <ref local="anonymousAuthenticationProvider" /> </list> </property> </bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService"/><ref local="userDetailsService"/></property> <property name="userCache">
... </property> </bean> <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userProperties"> <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="location" value="/WEB-INF/users.properties" />
</bean> </property> </bean>
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" /> </property> <property name="objectDefinitionSource"> <value> PATTERN_TYPE_APACHE_ANT /index.jsp=ROLE_ADMIN,ROLE_TECHNICIAN /order/createOrder.jsp=ROLE_TECHNICIAN /order/authorizeOrder.jsp=ROLE_ADMIN /login.jsp=ROLE_ANONYMOUS,ROLE_TECHNICIAN,ROLE_ADMIN </value> </property>
<property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/accessDenied.jsp" /> </bean> </property> </bean>
<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"> <value>false</value>
</property> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> </list> </property>
</bean> <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> <constructor-arg value="/index.jsp" /> <!-- URL redirected to after logout --> <constructor-arg>
<list> <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" /> </list> </constructor-arg> </bean>