Acegi基本配置 -信息放在数据库中

在先前的设定中,inMemoryDaoImpl将使用者讯息设定在userMap之中:
   <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userMap">   
            <value>   
                caterpillar=123456,ROLE_SUPERVISOR
                user1=user1pwd,ROLE_USER
                user2=user2pwd,disabled,ROLE_USER    
            </value>   
        </property>   
    </bean>

您可以撰写一个属性档案/WEB-INF/users.properties:
  • users.properties
caterpillar=123456,ROLE_SUPERVISOR

user1=user1pwd,ROLE_USER

user2=user2pwd,disabled,ROLE_USER

然后改设定inMemoryDaoImpl的userProperties:
   <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
       <property name="userProperties">
           <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
               <property name="location" value="/WEB-INF/users.properties" />
           </bean>
       </property>
   </bean>

如此在需要使用者讯息时,就可以从users.properties中提取。

如果想要将使用者的相关讯息储存在资料库中,例如使用以下的SQL在MySQL中建立使用者讯息:
  • users.sql
CREATE DATABASE acegi;

USE acegi;



CREATE TABLE USERS(  

USERNAME VARCHAR(50) NOT NULL PRIMARY KEY,  

PASSWORD VARCHAR(50) NOT NULL,  

ENABLED BIT NOT NULL

);



INSERT INTO USERS(username,password,enabled) values('caterpillar' ,'123456', 1);

INSERT INTO USERS(username,password,enabled) values('user1' ,'user1pwd', 1);

INSERT INTO USERS(username,password,enabled) values('user2' ,'user2pwd', 0);



CREATE TABLE AUTHORITIES(  

USERNAME VARCHAR( 50 ) NOT NULL,  

AUTHORITY VARCHAR( 50 ) NOT NULL,  

CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME)  

);  



INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'caterpillar' , 'ROLE_SUPERVISOR');

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user1', 'ROLE_USER');  

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user2', 'ROLE_USER');

您可以使用org.acegisecurity.userdetails.jdbc.JdbcDaoImpl作为userDetailsService,它需要一个DataSource,这可以使用Spring的DriverManagerDataSource,例如:
  • acegi-config.xml
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">  

         <property name="driverClassName">  

             <value>com.mysql.jdbc.Driver</value>              

         </property>  

         <property name="url">  

             <value>jdbc:mysql://localhost:3306/acegi</value>  

         </property>  

         <property name="username">  

             <value>root</value>  

         </property>  

         <property name="password">  

             <value>123456</value>  

         </property>  

     </bean>  



<!-- 验证处理,使用表单 -->

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">  

<!-- 验证管理员,处理验证资讯提供者  -->

<property name="authenticationManager" ref="authenticationManager"/>  

<!-- 验证失败URL -->

<property name="authenticationFailureUrl" value="/acegilogin.jsp"/>  

<!-- 验证成功预设URL -->

<property name="defaultTargetUrl" value="/protected/loginsuccess.jsp"/>  

<!-- 验证处理的提交位址 -->

<property name="filterProcessesUrl" value="/j_acegi_security_check"/>  

</bean>



<!-- 验证管理员,管理验证资讯提供者 -->

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">  

<property name="providers"><!-- 可有多个提供者,其中一个验证通过即可以了 -->  

<list>  

<ref local="daoAuthenticationProvider"/> 

<ref local="rememberMeAuthenticationProvider"/>

</list>  

</property>  

</bean>



<!-- 验证提供者,指定使用资料库来源中的验证资讯 -->

<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">  

<property name="userDetailsService" ref="jdbcDaoImpl"/>

</bean> 



   <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">  

       <property name="dataSource" ref="dataSource"/>

   </bean>  



<!-- 发生验证错误或权限错误时的处理 -->

<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">  

<property name="authenticationEntryPoint">  

<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">  

<property name="loginFormUrl" value="/acegilogin.jsp"/>  

<property name="forceHttps" value="false"/>  

</bean>  

</property>  

<property name="accessDeniedHandler">  

<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">  

<property name="errorPage" value="/accessDenied.jsp"/>  

</bean>  

</property>  

</bean>    



<!-- FilterSecurityInterceptor 对 URI 进行保护 -->

<bean id="filterSecurityInterceptor"

class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">

<!-- 验证管理员 -->

<property name="authenticationManager" ref="authenticationManager" />

<!-- 授权管理员 -->

<property name="accessDecisionManager" ref="accessDecisionManager" />

<property name="objectDefinitionSource">

<value>

CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON

PATTERN_TYPE_APACHE_ANT

/protected/**=ROLE_SUPERVISOR,ROLE_USER

</value>

</property>

</bean>



<!-- 授权管理员 -->

<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">

<!-- 是否全部弃权时视为通过 -->

<property name="allowIfAllAbstainDecisions" value="false" />

<property name="decisionVoters">

<list>

<bean class="org.acegisecurity.vote.RoleVoter" />

</list>

</property>

</bean>        



<!-- 利用cookie自动登入 -->  

<bean id="rememberMeProcessingFilter"  

class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">  

<property name="authenticationManager"  ref="authenticationManager"/>  

<property name="rememberMeServices" ref="rememberMeServices"/>  

</bean>      

<bean id="rememberMeServices"  

class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">  

<property name="userDetailsService" ref="jdbcDaoImpl"/>  

<property name="key" value="javauser"/>  

</bean>

<bean id="rememberMeAuthenticationProvider"  

class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">  

<property name="key" value="javauser"/>  

</bean>   



<!-- 登出处理 -->  

<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">  

<constructor-arg value="/acegilogin.jsp"/> <!-- 登出后的显示页面 -->  

<constructor-arg>  

<list>  

<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>  

</list>  

</constructor-arg>  

</bean> 



<bean id="httpSessionContextIntegrationFilter"

class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />



<!-- Filter Chain -->

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">  

<property name="filterInvocationDefinitionSource">  

<value>  

CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 

PATTERN_TYPE_APACHE_ANT 

/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,

filterSecurityInterceptor,logoutFilter,rememberMeProcessingFilter

</value> 

</property> 

</bean>    

</beans>

当然,别忘了在您的Web应用程式的lib中,加入JDBC驱动程式程式库。

posted on 2008-09-26 17:00 刘铮 阅读(346) 评论(0)  编辑  收藏 所属分类: Acegi


只有注册用户登录后才能发表评论。
网站导航:
 
<2025年11月>
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456

导航

统计

留言簿(1)

文章分类(141)

文章档案(147)

搜索

最新评论