Acegi基本配置 -信息放在数据库中

在先前的设定中,inMemoryDaoImpl将使用者讯息设定在userMap之中:
   <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userMap">   
            <value>   
                caterpillar=123456,ROLE_SUPERVISOR
                user1=user1pwd,ROLE_USER
                user2=user2pwd,disabled,ROLE_USER    
            </value>   
        </property>   
    </bean>

您可以撰写一个属性档案/WEB-INF/users.properties:
  • users.properties
caterpillar=123456,ROLE_SUPERVISOR
user1=user1pwd,ROLE_USER
user2=user2pwd,disabled,ROLE_USER

然后改设定inMemoryDaoImpl的userProperties:
   <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
       <property name="userProperties">
           <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
               <property name="location" value="/WEB-INF/users.properties" />
           </bean>
       </property>
   </bean>

如此在需要使用者讯息时,就可以从users.properties中提取。

如果想要将使用者的相关讯息储存在资料库中,例如使用以下的SQL在MySQL中建立使用者讯息:
  • users.sql
CREATE DATABASE acegi;
USE acegi;

CREATE TABLE USERS(
USERNAME VARCHAR(50) NOT NULL PRIMARY KEY,
PASSWORD VARCHAR(50) NOT NULL,
ENABLED BIT NOT NULL
);

INSERT INTO USERS(username,password,enabled) values('caterpillar' ,'123456', 1);
INSERT INTO USERS(username,password,enabled) values('user1' ,'user1pwd', 1);
INSERT INTO USERS(username,password,enabled) values('user2' ,'user2pwd', 0);

CREATE TABLE AUTHORITIES(
USERNAME VARCHAR( 50 ) NOT NULL,
AUTHORITY VARCHAR( 50 ) NOT NULL,
CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME)
);

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'caterpillar' , 'ROLE_SUPERVISOR');
INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user1', 'ROLE_USER');
INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( 'user2', 'ROLE_USER');

您可以使用org.acegisecurity.userdetails.jdbc.JdbcDaoImpl作为userDetailsService,它需要一个DataSource,这可以使用Spring的DriverManagerDataSource,例如:
  • acegi-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/acegi</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value>123456</value>
</property>
</bean>

<!-- 验证处理,使用表单 -->
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<!-- 验证管理员,处理验证资讯提供者 -->
<property name="authenticationManager" ref="authenticationManager"/>
<!-- 验证失败URL -->
<property name="authenticationFailureUrl" value="/acegilogin.jsp"/>
<!-- 验证成功预设URL -->
<property name="defaultTargetUrl" value="/protected/loginsuccess.jsp"/>
<!-- 验证处理的提交位址 -->
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
</bean>

<!-- 验证管理员,管理验证资讯提供者 -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers"><!-- 可有多个提供者,其中一个验证通过即可以了 -->
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>

<!-- 验证提供者,指定使用资料库来源中的验证资讯 -->
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcDaoImpl"/>
</bean>

<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="dataSource"/>
</bean>

<!-- 发生验证错误或权限错误时的处理 -->
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>

<!-- FilterSecurityInterceptor 对 URI 进行保护 -->
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<!-- 验证管理员 -->
<property name="authenticationManager" ref="authenticationManager" />
<!-- 授权管理员 -->
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/protected/**=ROLE_SUPERVISOR,ROLE_USER
</value>
</property>
</bean>

<!-- 授权管理员 -->
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<!-- 是否全部弃权时视为通过 -->
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
</list>
</property>
</bean>

<!-- 利用cookie自动登入 -->
<bean id="rememberMeProcessingFilter"
class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="rememberMeServices"
class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="jdbcDaoImpl"/>
<property name="key" value="javauser"/>
</bean>
<bean id="rememberMeAuthenticationProvider"
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="javauser"/>
</bean>

<!-- 登出处理 -->
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/acegilogin.jsp"/> <!-- 登出后的显示页面 -->
<constructor-arg>
<list>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>

<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

<!-- Filter Chain -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,
filterSecurityInterceptor,logoutFilter,rememberMeProcessingFilter
</value>
</property>
</bean>
</beans>

当然,别忘了在您的Web应用程式的lib中,加入JDBC驱动程式程式库。

posted on 2008-09-26 17:00 刘铮 阅读(326) 评论(0)  编辑  收藏 所属分类: Acegi


只有注册用户登录后才能发表评论。


网站导航:
 
<2024年11月>
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567

导航

统计

留言簿(1)

文章分类(141)

文章档案(147)

搜索

最新评论