Just after the year, it is still very lazy. Before this, you have been paying attention, and today I will summarize the learning results. ACEGI, a security system, interceptor, and interface-oriented interface, support ACL, JaAs based on Spring. My understanding is that the value is: Replace Container-Management Authentication, the security of this block is separated from the specific J2EE container, there will be fewer migration in the future Trouble, it is strong enough, you can provide a sufficient security mechanism to the Web system or even CS applications. This is a commonly used wheel, making it good.
However, Acegi's learning curve is steep, after web.xml is configured with a bunch of Filter, it is still necessary to configure Spring's bean, still a bunch, just ran down Demo (0.6.1 Quick-Start) A little confidence.
First, let's write a concept: Authentication Certification: Verify a user's identity, you said that you are a big person, you said yes, please see the documents, or introduce letters. The most commonly used user name password, as well as electronic certificates, etc. In the bean configuration, several critical beans that need attention need to be used in the rear extensions: 1 AuthenticationManager is used to authenticate the Authentication object in ContexThold. A variety of authentication methods left an interface.
2 AccessDecissionManager is used to authorize a specific operation. Here there is an authorization policy problem. The three implementations are: affirmativebased, only one vote can pass (most common); the allowifallabstainDecisions attribute value is defaults to false, meaning if all Authorized votes are abstainable, but they are not authorized. Consensbased requires most voting to pass; unanimousbased requires all voting to pass (pessimism).
3 ObjectDefinitionsource describes the matching method of role and resources.
The above three beans are assembled into a FilterInvocationInterceptor, which will be used to assemble the securityenforcementfilter, and the later Bean is not considered first, because the extension is not used, the photo can be.
The example is relatively simple. To make the application in the actual project, first need to solve the following two questions: 1 Based on the database-based user authentication, usually the username password, my method is: 1.1 Make your user (Pojo or Domain Object) Realize this interface in Acegi: UserDetails, of course, if you don't want to do this, you can add a middle layer, pack it. The interface has a method public GrantedAuthority [] getAuthorities (); that is, returns a list of roles that users of 1.2 themselves implement this interface PasswordAuthenticationDao, whether you use hibernate or ibatis public UserDetails loadUserByUsernameAndPassword (String username, String password);.. Clearly, Verify the username and password from the database. 1.3 Start assembly:
If this piece also needs to be taken from Database, you can implement: New Class Extending PathBaseDfilterInvocationDefinitionMap, use its AddSecureURL to increase match information. I wrote a super simple class, just to illustrate the problem: package com.head.acegisecurity; import net.sf.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap; import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity .Configattribute;
public class CjObjectDefinitionSource extends PathBasedFilterInvocationDefinitionMap {public CjObjectDefinitionSource () {super (); ConfigAttributeDefinition definition = new ConfigAttributeDefinition (); ConfigAttribute att = new MyConfigAttribute (); definition.addConfigAttribute (att); this.addSecureUrl ( "/ admin / **", definition);} class MyConfigAttribute implements ConfigAttribute {public String getAttribute () {return "ROLE_ADMIN";}}} then configure:
