[Introduction]
For a typical web application, perfect authentication and authorization mechanisms are essential, in SpringFramework, the sample jpetstore provided by Juergen Hoeller gives some introductions, but far is not enough, Acegi is a specialized for SpringFramework Projects of the security mechanism, all called Acegi Security System for Spring, the current version is 0.5.1, and the functionality that is currently available should meet the needs of most applications. The main purpose of this article is to explain how to use Acegi in a Spring architecture, rather than detail each interface, each class. Note that even if the Spring application already exists, you can immediately enjoy the authentication and authorization provided by ACEGI immediately.
[basic work]
Add acegi-security.jar in the Acegi Download Pack in the LIB of your web application.
[Web.xml]
The most common way to achieve authentication and authorization is through Filter, Acegi is also the case, usually Acegi needs to add the following five filters to Web.xml:
acegi channel processing filter net.sf.acegisecurity.util.FiltertobeAnProxy targetclass < / param-name> net.sf.acegisecurity.securechannel.ChannelProcessingFilter Acegi Authentication Processing filter net.sf.acegisecurity.util.FilTerTobeAnProxy targetclass net.sf.acegisecurity .ui.webapp.authenticationProcessingFilter acegi http Basic Authorization filter net.sf. acegisecurity.util.FilterToBeanProxy targetClass net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter acegi security system for Spring Auto Integration Filter net.sf.acegisecurity.ui.AutoIntegrationFilter Acegi HTTP Request Security Filter net.sf.acegisecurity.util.FilTertobeAnProxy targetclass net.sf.acegisecurity.intercept .web.securityenforcementfilter <
/ Filter> The first cause of confusion is net.sf.acegisecurity.util.FilterToBeanProxy, on Acegi own document explains that:. "What FilterToBeanProxy does is delegate the Filter's methods through to a bean which is obtained from the Spring application context This Enables the bean to benefit from the Spring Application Context Lifecy. ", if you want to study, go see the source code should not understand. Then add filter-mapping: acegi channel processing filter / * acegi authentication processing filter / * acegi http Basic Authorization filter / * acegi security system for Spring Auto Integration Filter / * acegi http request security filter / * Here you need to pay attention to the following two points: 1) These Filter's order cannot be changed, the order is not working properly; 2) If your application does not require secure transmission, such as HTTPS, then release the "Acegi Channel Processing Filter" can be released. can.
[ApplicationContext.xml] The next thing to add ApplicationContext.xml, from the explanation of FilTerTobeanFactory, you can see that true Filter is managed in Spring ApplicationContext: 1) First, you must have saved users in your database. Name and password Table, Acegi requires Table's schema must be as follows: Create Table Users (Username Varchar (50) Not Null Primary Key, Password VARCHAR (50) Not Null; Create Table Authorities (Username Varchar (50) NOT NULL, authority VARCHAR (50) NOT NULL); CREATE UNIQUE INDEX ix_auth_username ON authorities (username, authority); ALTER TABLE authorities ADD CONSTRAINT fk_authorities_users foreign key (username) REFERENCES users (username); 2) add access datasource your database and the Acegi jdbcDao, as follows: $ {jdbc.driverClassName} < / Property> $ {jdbc.url} $ {jdbc.username} < / Property> $ {jdbc.password} [
]/>
false where Acegilogin.jsp is the login page, a simplest login page as follows: <% @ Taglib prefix = 'c' uri = 'http://java.sun.com/jstl/core'%> <% @ page import = "Net.sf.acegisecurity.ui.abstractProcessingFilter"%> <% @ page import = "NET. sf.acegiseircurity.authenticationException "%> login </ title> </ head> <body> <h1> login </ h1> <form action =" <c: url value = 'j_acegi_security_check '/> "Method =" POST "> <Table> <Tr> <TD> User: </ TD> <TD> <input type =' text 'name =' j_username '> </ td> </ tr> < Tr> <TD> Password: </ td> <TD> <input type = 'password' name = 'j_password'> </ td> </ tr> <tr> <td colspan = '2'> <input name = "Submit" type = "submit"> </ td> </ tr> <tr> <td colspan = '2'> <input name = "reset" type = "reset"> </ td> </ tr> < / table> </ form> </ body> </ html> 7) Add filterInvocationInterceptor: <bean id = "filterInvocationInterceptor" class = "net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name = "authenticationManager" > <ref bean = "AuthenticationManager" /> </ property> <property name = "accessdecisionManager> <ref bean ="</p>
<p>accessDecisionManager "/> </ property> <property name =" objectDefinitionSource "> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON /A/sec/administrator.*/Z=ROLE_SUPERVISOR /A/sec/user.*/Z=ROLE_TELLER </ value> </ Property> </ bean> Here, you should pay any permission access in ObjectDefinitionsource, you need to modify it according to your application needs, the definitions I have given are like this: a. Convert_url_to_lowercase_before_comparison meaning is in the comparison request path All conversion to lowercase b. /A/sec/administrator.*/z=Role_supervisor means that only rights to role_supervisor can access the / sec / administrator * page c. /A/sec/user.*/z=Role_teller means meaning only permissions for users to access ROLE_TELLER / sec / user * page 8) Add securityEnforcementFilter: <bean id = "securityEnforcementFilter" class = "net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"> <property name = "filterSecurityInterceptor" > <ref bean = "filterInvocationInterceptor" /> </ property> <property name = "authenticationEntryPoint"> <ref bean = "authenticationProcessingFilterEntryPoint" /> </ property> </ bean> 9) was added authenticationProcessingFilter: <bean id = "authenticationProcessingFilter "Class =" NE t.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter "> <property name =" authenticationManager "> <ref bean =" authenticationManager "/> </ property> <property name =" authenticationFailureUrl "> <value> /loginerror.jsp < / value> </ proty> <property name = "defaultTargetUR"> <value> / </ value> </ property> <property name = "filterprocessesurl> <value></p>
<p>/ j_acegi_security_check </ value> </ property> </ bean> where AuthenticationFailureURL is a failed page. 10) If some pages are required to pass the security channel, add the following configuration: <bean id = "channelProcessingfilter" class = "net.sf.acegisecurity.securechannel.channelprocessingfilter> <property name =" channelecisionManager> <ref bean = " channelDecisionManager "/> </ property> <property name =" filterInvocationDefinitionSource "> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON /A/sec/administrator.*/Z=REQUIRES_SECURE_CHANNEL /A/acegilogin.jsp.*/Z=REQUIRES_SECURE_CHANNEL /A/j_acegi_security_check.* / Z = REQUIRES_SECURE_CHANNEL /A.*/Z=REQUIRES_INSECURE_CHANNEL </ value> </ property> </ bean> <bean id = "channelDecisionManager" class = "net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name = " ChannelProcessors> <List> <ref bean = "securechannelprocessor" /> <ref bean = "ince" /> </ list> </ property> </ bean> <bean id = "securechannelprocessor" class = "net.sf. AcegiseCurity.SecureChannel.SecurechannelProcessor "/> <bean id =" incechannelprocessor "class =" net.sf.acegisecur Ity.securechannel.insecurechannelprocessor "/> [What is missing? ] Acegi currently provides two "secure object", which is securely authenticated by pages and methods. I only use FilterSecurityInterceptor to control the permission control of the access page, in addition to this, Acegi also provides another interceptor - MethodSecurityInterceptor, which combines the RunasManager to implement permission control of the method in the object, and use the method to see the documentation and contact examples of Acegi.</p></div><div class="text-center mt-3 text-grey">
转载请注明原文地址:https://www.9cbs.com/read-44778.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>)
</div><div></div></div></div><ul class="postlist list-unstyled">
</ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="44778" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved
</div><div class="col text-right">Processed:
<b>0.038</b>, SQL:
<b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script>
var debug = DEBUG = 0;
var url_rewrite_on = 1;
var url_path = './';
var forumarr = {"1":"Tech"};
var fid = 1;
var uid = 0;
var gid = 0;
xn.options.water_image_url = 'view/img/water-small.png';
</script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script>
var forum_url = 'list-1.html';
var safe_token = 'ZZxu0_2FQAe2YEtJIdX1Io1XK7e_2BYYpGfxe4WQpQ2Urcflmj2kvUSYe0YBqxn8gvVrnHf_2FIMO_2BmRri22_2BCDMlgSw_3D_3D';
var body = $('body');
body.on('submit', '#form', function() {
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
function resize_image() {
var jmessagelist = $('div.message');
var first_width = jmessagelist.width();
jmessagelist.each(function() {
var jdiv = $(this);
var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width();
var jmessage_width = Math.min(jdiv.width(), maxwidth);
jdiv.find('img, embed, iframe, video').each(function() {
var jimg = $(this);
var img_width = this.org_width;
var img_height = this.org_height;
if(!img_width) {
var img_width = jimg.attr('width');
var img_height = jimg.attr('height');
this.org_width = img_width;
this.org_height = img_height;
}
if(img_width > jmessage_width) {
if(this.tagName == 'IMG') {
jimg.width(jmessage_width);
jimg.css('height', 'auto');
jimg.css('cursor', 'pointer');
jimg.on('click', function() {
});
} else {
jimg.width(jmessage_width);
var height = (img_height / img_width) * jimg.width();
jimg.height(height);
}
}
});
});
}
function resize_table() {
$('div.message').each(function() {
var jdiv = $(this);
jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>');
});
}
$(function() {
resize_image();
resize_table();
$(window).on('resize', resize_image);
});
var jmessage = $('#message');
jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); });
jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); });
$('#nav li[data-active="fid-1"]').addClass('active');
</script>
