Use Acegi to add a lock for your Spring application!

zhaozj2021-02-16  83

[Introduction] For a typical web application, perfect authentication and authorization mechanisms are essential, in SpringFramework, the example jpetstore provided by Juergen Hoeller gave some introductions, but it is still not enough. Acegi is a special Providing a security mechanism for SpringFramework, a list of Acegi Security System for Spring, the current version is 0.5.1, and its current functionality should meet the needs of most applications. The main purpose of this article is to explain how to use Acegi in a Spring architecture, rather than detail each interface, each class. Note that even if the Spring application already exists, you can immediately enjoy the authentication and authorization provided by ACEGI immediately by the following steps.

[Basic Work] The most common way to achieve authentication and authorization in the Acegi download package in your web application LIB is to achieve authentication and authorization. This is also the case, usually the Acegi needs Web.xml Add the following 5 filter: acegi channel processing filter net.sf.acegisecurity.util.FilTertobeAnProxy targetclass net.sf.acegisecurity.secham.ChannelProcessingFilter Acegi Authentication Processing filter net.sf.acegisecurity.util.FilTertobeAnProxy targetclass < Param-value> net.sf.acegisecurity.ui.Webapp.AuthenticationProcessingFilter acegi http Basic Authorization filter net.sf.acegagecurity.util.FilTrTobeAnProxy targetclass net. sf.acegisecurity.ui.basicauth.BasicProcessingFilter Acegi Security System for Spring Auto Integration Filter net.sf.acegisecurity.ui.autointegrationFilter acegi http request security filter net.sf.acegisecurity .util.FilTerTobeanProxy <

PARAM-NAME> TargetClass Net.sf.acegisecurity.intercept.Web.SecurityEnforcementFilter arrested Net .sf.acegisecurity.util.FilterToBeanProxy, Acegi explain on their documents are:. "What FilterToBeanProxy does is delegate the Filter's methods through to a bean which is obtained from the Spring application context This enables the bean to benefit from the Spring application context Lifecycle Support and Configuration Flexibility. ", if you want to go to see the source code should not understand.

Then add filter-mapping: acegi channel processing filter / * acegi authentication processing filter / * acegi http Basic Authorization filter / * acegi security system for Spring Auto Integration Filter / * acegi http request security filter / * Here you need to pay attention to the following two points: 1) These Filter's order cannot be changed, the order is not working properly; 2) If your application does not require secure transmission, such as HTTPS, then release the "Acegi Channel Processing Filter" can be released. can.

[ApplicationContext.xml] The next thing to add ApplicationContext.xml, from the explanation of FilTerTobeanFactory, you can see that true Filter is managed in Spring ApplicationContext: 1) First, you must have saved users in your database. Name and password Table, Acegi requires Table's schema must be as follows: Create Table Users (Username Varchar (50) Not Null Primary Key, Password VARCHAR (50) Not Null; Create Table Authorities (Username Varchar (50) NOT NULL, authority VARCHAR (50) NOT NULL); CREATE UNIQUE INDEX ix_auth_username ON authorities (username, authority); ALTER TABLE authorities ADD CONSTRAINT fk_authorities_users foreign key (username) REFERENCES users (username); 2) add access datasource your database and the Acegi jdbcDao, as follows: $ {jdbc.driverClassName} < / Property> $ {jdbc.url} $ {jdbc.username} < / proty> $ { JDBC.Password} < ref bean = "dataSource" /> 3) Add daoAuthenticationProvider: 5 If you need to encrypt your password, add: < Property Name = "PasswordEncoder"> , Acegi provides several encryption methods, detailed information can be won net.sf.acegisecurity.providers.Encoding 4) Add AuthenticationManager: 5) was added accessDecisionManager: false 6) Add authenticationProcessingFilterEntryPoint: <

Property name = "loginformurl"> /Acegilogin.jsp <% @ page import =" Net.sf.acegisecurity.authenticationException "%> login </ title> </ head> <body> <h1> Login </ h1> <form action = "<c: url value = 'j_acegi_security_check' />" method = "post"> <Table> <TD> <TD> User: </ td> <TD> <input type = 'Text' Name = 'J_USERNAME'> </ TD> </ TD> <TD> <TD> <input type = 'password' name = 'j_password'> </ td> < / TR> <TR> <TD colspan = '2'> <input name = "submit" type = "submit"> </ td> </ tr> <tr> <td colspan = '2'> <input name = "reset" type = "reset"> </ td> </ tr> </ table> </ form> </ body> </ html> 7) Add FilterInvocationInterceptor: <bean id = "filterinvocationInterceptor" class = "NET. sf.acegisecuri Ty.intercept.Web.FilterSecurityInterceptor "> <property name =" AuthenticationManager "> <ref bean =" authenticationmanager "/></p> <p></ Property> <property name = "accessDecisionManager"> <ref bean = "accessDecisionManager" /> </ property> <property name = "objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON /A/sec/administrator.*/Z=ROLE_SUPERVISOR / A / sec / user. * / Z = role_teller </ value> </ property> </ bean> Here, please note that what page to define in ObjectDefinitionsource is required to access access, you need to modify according to your application needs, I will give it up. The definition is like this: a. Convert_url_to_lowercase_before_comparison means all converted to lowercase b. /A/sec/administrator.*/z=Role_supervisor means that only permission is role_supervisor to access / sec / administrator * Page c. /A/sec/user.*/z=Role_teller means only access to Role_teller users can access / sec / user * page 8) Add securityenforcementFilter: <bean id = "securityenforcementfilter" class = "net.sf .acegisecurity.intercept.web.SecurityEnforcementFilter "> <property name =" filterSecurityInterceptor "> <ref bean =" filterInvocationInterceptor "/> </ property> <property name =" authenticationEntryPoint "> <ref bean =" authenticationProcessingFilterEntryPoint "/> </ Property> </ Bean> 9) was added authenticationProcessingFilter: <bean id = "authenticationProcessingFilter" class = "net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name = "authenticationManager"> <ref bean = "authenticationManager" /> < / Property> <property name = "AuthenticationFailure"> <value> / loginerror.jsp </ value> </ property> <property name =</p> <p>defaultTargetUrl "> <value> / </ value> </ property> <property name =" filterProcessesUrl "> <value> / j_acegi_security_check </ value> </ property> </ bean> where authenticationFailureUrl authentication is failed pages.</p> <p>10) If some pages are required to pass the security channel, add the following configuration: <bean id = "channelProcessingfilter" class = "net.sf.acegisecurity.securechannel.channelprocessingfilter> <property name =" channelecisionManager> <ref bean = " channelDecisionManager "/> </ property> <property name =" filterInvocationDefinitionSource "> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON /A/sec/administrator.*/Z=REQUIRES_SECURE_CHANNEL /A/acegilogin.jsp.*/Z=REQUIRES_SECURE_CHANNEL /A/j_acegi_security_check.* / Z = REQUIRES_SECURE_CHANNEL /A.*/Z=REQUIRES_INSECURE_CHANNEL </ value> </ property> </ bean> <bean id = "channelDecisionManager" class = "net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name = " ChannelProcessors> <List> <ref bean = "securechannelprocessor" /> <ref bean = "ince" /> </ list> </ property> </ bean> <bean id = "securechannelprocessor" class = "net.sf. Acegisecurity.securechannel.SecurechannelProcessor "/> <bean id =" InsecureChannelProcessor "Class =" net.sf.acegisecurity.securechannel.insecurechannelprocessor "/> [What is missing? ] Acegi currently provides two "secure object", which is securely authenticated by pages and methods. I only use FilterSecurityInterceptor to control the permission control of the access page, in addition to this, Acegi also provides another interceptor - MethodSecurityInterceptor, which combines the RunasManager to implement permission control of the method in the object, and use the method to see the documentation and contact examples of Acegi.</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-12438.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="12438" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.052</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'rCZRrIEEfYZXUDzTrot5rCc8tvQ7Rs4465bPgIKLVIg9LSJZ2h_2FRXaHP4vUq9pKSjvZxdPN_2FkTaVjrJ8Ln9EGg_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>