acegi 的配置(2)-applicationcontext-acegi-security_xml - 懒散狂徒的专栏 - csdnblog.htm

acegi+spring最新的分析

<P>4）<STRONG>exceptionTranslationFilter</STRONG><BR>　　异常转换过滤器，主要是处理AccessDeniedException和AuthenticationException，将给每个异常找到合适的"去向"&nbsp;</P><PRE>&nbsp;&nbsp; &lt;bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"/&gt;<BR>&nbsp;&nbsp;&nbsp; &lt;/bean&gt;</PRE>
<P>5) <STRONG>authenticationProcessingFilter</STRONG><BR>　　和servlet 
spec差不多,处理登陆请求.当身份验证成功时，AuthenticationProcessingFilter会在会话中放置一个Authentication对象，并且重定向到登录成功页面<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
authenticationFailureUrl定义登陆失败时转向的页面<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
defaultTargetUrl定义登陆成功时转向的页面<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
filterProcessesUrl定义登陆请求的页面<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
rememberMeServices用于在验证成功后添加cookie信息</P><PRE>&nbsp;&nbsp;&nbsp; &lt;bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authenticationManager" ref="authenticationManager"/&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authenticationFailureUrl"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;/security/login.jsp?login_error=1&lt;/value&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="defaultTargetUrl"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;/admin/index.jsp&lt;/value&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="filterProcessesUrl"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;/j_acegi_security_check&lt;/value&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="rememberMeServices" ref="rememberMeServices"/&gt;<BR>&nbsp;&nbsp;&nbsp; &lt;/bean&gt;</PRE>
<P>6) <STRONG>filterInvocationInterceptor</STRONG><BR>　 
　在执行转向url前检查objectDefinitionSource中设定的用户权限信息。首先，objectDefinitionSource中定 
义了访问URL需要的属性信息(这里的属性信息仅仅是标志，告诉accessDecisionManager要用哪些voter来投票)。然后， 
authenticationManager掉用自己的provider来对用户的认证信息进行校验。最后，有投票者根据用户持有认证和访问url需要的 
属性，调用自己的voter来投票，决定是否允许访问。</P><PRE>&nbsp;&nbsp;&nbsp; &lt;bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authenticationManager" ref="authenticationManager"/&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="objectDefinitionSource" ref="filterDefinitionSource"/&gt;<BR>&nbsp;&nbsp;&nbsp; &lt;/bean&gt;</PRE>
<P><BR>7) <STRONG>filterDefinitionSource </STRONG>(详见 <A 
href="http://www.springside.org.cn/docs/reference/Acegi4.htm">2.6.3 
资源权限定义扩展</A>)<BR>　　自定义DBFilterInvocationDefinitionSource从数据库和cache中读取保护资源及其需要的访问权限信息&nbsp;</P><PRE>&lt;bean id="filterDefinitionSource" class="org.springside.modules.security.service.acegi.DBFilterInvocationDefinitionSource"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="convertUrlToLowercaseBeforeComparison" value="true"/&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="useAntPath" value="true"/&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="acegiCacheManager" ref="acegiCacheManager"/&gt;<BR>&lt;/bean&gt;</PRE>
<H2>2.2.4 方法调用安全控制</H2>
<P>(详见 <A href="http://www.springside.org.cn/docs/reference/Acegi4.htm">2.6.3 
资源权限定义扩展</A>)</P>
<P>1) methodSecurityInterceptor<BR>　　在执行方法前进行拦截，检查用户权限信息<BR>2) 
methodDefinitionSource<BR>　　自定义MethodDefinitionSource从cache中读取权限</P><PRE>&nbsp;&nbsp; &lt;bean id="methodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authenticationManager" ref="authenticationManager"/&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="objectDefinitionSource" ref="methodDefinitionSource"/&gt;<BR>&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR>&nbsp;&nbsp;&nbsp; &lt;bean id="methodDefinitionSource" class="org.springside.modules.security.service.acegi.DBMethodDefinitionSource"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="acegiCacheManager" ref="acegiCacheManager"/&gt;<BR>&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR><BR><BR></PRE>
<H2 style="FONT-WEIGHT: normal">3 Jcaptcha验证码</H2>
<P>采用 <A 
href="http://jcaptcha.sourceforge.net/">http://jcaptcha.sourceforge.net/</A>&nbsp;作为通用的验证码方案，请参考SpringSide中的例子，或网上的：<BR><A 
href="http://www.coachthrasher.com/page/blog?entry=jcaptcha_with_appfuse">http://www.coachthrasher.com/page/blog?entry=jcaptcha_with_appfuse</A>。</P><BR><BR>
<P id=TBPingURL>Trackback: 
http://tb.blog.csdn.net/TrackBack.aspx?PostId=1748490</P><BR></DIV>
<DIV class=postFoot>
<SCRIPT src=""></SCRIPT>
[<A title=功能强大的网络收藏夹，一秒钟操作就可以轻松实现保存带来的价值、分享带来的快乐 
href="javascript:d=document;t=d.selection?(d.selection.type!='None'?d.selection.createRange().text:''):(d.getSelection?d.getSelection():'');void(saveit=window.open('http://wz.csdn.net/storeit.aspx?t='+escape(d.title)+'&amp;u='+escape(d.location.href)+'&amp;c='+escape(t),'keyit','scrollbars=no,width=590,height=300,left=75,top=20,status=no,resizable=yes'));saveit.focus();">收藏到我的网摘</A>]&nbsp;&nbsp; 
[<A 
href="http://tb.blog.csdn.net/TrackBack.aspx?PostId=1748490">发送Trackback]</A>&nbsp;&nbsp;懒散狂徒发表于 
2007年08月17日 16:45:00 </DIV></DIV><LINK 
href="http://blog.csdn.net/anyoneking/Services/Pingback.aspx" rel=pingback><!--<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"xmlns:dc="http://purl.org/dc/elements/1.1/"xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"><rdf:Descriptionrdf:about="http://blog.csdn.net/anyoneking/archive/2007/08/17/1748490.aspx"dc:identifier="http://blog.csdn.net/anyoneking/archive/2007/08/17/1748490.aspx"dc:title="Acegi 的配置(2)-applicationContext-acegi-security.xml"trackback:ping="http://tb.blog.csdn.net/TrackBack.aspx?PostId=1748490" /></rdf:RDF>-->
<SCRIPT>function hide(){showComment();}</SCRIPT>
<BR><BR><BR><BR>
<DIV class=post id=csdn_zhaig_ad_yahoo></DIV>
<SCRIPT type=text/javascript>document.write("<img src=http://counter.csdn.net/pv.aspx?id=24 border=0 width=0 height=0>");</SCRIPT>
<SPAN class=PreAndNext id=viewpost.ascx_PreviousAndNextEntriesDown>
<DIV align=center><A 
href="http://blog.csdn.net/anyoneking/archive/2007/08/17/1748509.aspx">上一篇:&nbsp;acegi安全系统标准配置指南草案</A>&nbsp;|&nbsp;<A 
href="http://blog.csdn.net/anyoneking/archive/2007/08/17/1748317.aspx">下一篇:&nbsp;Acegi 
的配置(1)-web.xml</A></DIV></SPAN><SPAN id=Anthem_Comments.ascx_ltlComments__><SPAN 
id=Comments.ascx_ltlComments><BR>
<DIV id=comments>
<H3>评论</H3>没有评论。 </DIV></SPAN></SPAN>
<SCRIPT language=javascript>
ad_width=468;
ad_height=60;
adcss=2;
unionuser=19;
ad_type='j';
count=5; 
</SCRIPT>

<DIV>
<SCRIPT language=javascript 
src="Acegi 的配置(2)-applicationContext-acegi-security_xml - 懒散狂徒的专栏 - CSDNBlog.files/showads.js" 
type=text/javascript></SCRIPT>

<SCRIPT language=javascript 
src="Acegi 的配置(2)-applicationContext-acegi-security_xml - 懒散狂徒的专栏 - CSDNBlog.files/showgm.js" 
type=text/javascript></SCRIPT>
</DIV>
<DIV class=CommentForm id=commentform>
<H3>发表评论 </H3>
<DIV id=Anthem_PostComment.ascx_CommentUpdatePanel__>
<DIV id=PostComment.ascx_CommentUpdatePanel>
<TABLE class=CommentForm>
  <TBODY>
  <TR>
    <TD width=69 height=0></TD>
    <TD></TD></TR>
  <TR>
    <TD width=70>大名：</TD>
    <TD align=left><INPUT id=PostComment.ascx_tbName style="WIDTH: 300px" 
      disabled maxLength=32 size=40 value=shiwenliang 
      name=PostComment.ascx:tbName> <SPAN 
      id=PostComment.ascx_RequiredFieldValidator2 
      style="DISPLAY: none; COLOR: red" initialvalue="" 
      evaluationfunction="RequiredFieldValidatorEvaluateIsValid" 
      display="Dynamic" errormessage="<br>请输入尊姓大名" 
      controltovalidate="PostComment.ascx_tbName"><BR>请输入尊姓大名</SPAN> </TD></TR>
  <TR>
    <TD width=70>网址：</TD>
    <TD align=left><INPUT id=PostComment.ascx_tbUrl style="WIDTH: 300px" 
      maxLength=256 size=40 name=PostComment.ascx:tbUrl> </TD></TR>
  <DIV id=PostComment.ascx_AntiBotImageRegion></DIV>
  <TR>
    <TD width=70>校验码：</TD>
    <TD align=left><INPUT id=PostComment.ascx_tbAntiBotImage 
      style="WIDTH: 75px" name=PostComment.ascx:tbAntiBotImage> <SPAN 
      id=PostComment.ascx_valAntiBotImage style="DISPLAY: none; COLOR: red" 
      evaluationfunction="CustomValidatorEvaluateIsValid" 
      display="Dynamic">检验码无效!</SPAN> <SPAN 
      id=Anthem_PostComment.ascx_imgAntiBotImage__><IMG 
      id=PostComment.ascx_imgAntiBotImage alt="" 
      src="Acegi 的配置(2)-applicationContext-acegi-security_xml - 懒散狂徒的专栏 - CSDNBlog.files/AntiBotImage.jpg" 
      align=absMiddle border=0></SPAN> <SPAN 
      id=Anthem_PostComment.ascx_lbCreateAntiBotImage__><A 
      id=PostComment.ascx_lbCreateAntiBotImage 
      onclick="javascript:Anthem_FireCallBackEvent(this,event,'PostComment.ascx:lbCreateAntiBotImage','',false,'','','',true,null,null,null,true,true);return false;" 
      href="javascript:__doPostBack('PostComment.ascx$lbCreateAntiBotImage','')">看不清,换一张</A></SPAN> 
    </TD></TR>
  <DIV></DIV>
  <TR>
    <TD colSpan=3>评论&nbsp; <SPAN id=PostComment.ascx_RequiredFieldValidator3 
      style="DISPLAY: none; COLOR: red" initialvalue="" 
      evaluationfunction="RequiredFieldValidatorEvaluateIsValid" 
      display="Dynamic" errormessage="<br>请输入评论" 
      controltovalidate="PostComment.ascx_tbComment"><BR>请输入评论</SPAN> <BR><TEXTAREA id=PostComment.ascx_tbComment style="WIDTH: 381px; HEIGHT: 193px" name=PostComment.ascx:tbComment rows=10 cols=50></TEXTAREA> 
    </TD></TR>
  <TR>
    <TD colSpan=3><SPAN id=Anthem_PostComment.ascx_btnSubmit__><INPUT language=javascript class=Button id=PostComment.ascx_btnSubmit onclick="javascript:Anthem_FireCallBackEvent(this,event,'PostComment.ascx:btnSubmit','',true,'','','正在处理...',false,null,null,null,true,true);return false;WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions(&quot;PostComment.ascx:btnSubmit&quot;, &quot;&quot;, true, &quot;&quot;, &quot;&quot;, false, false))" type=submit value=提交 name=PostComment.ascx:btnSubmit></SPAN>&nbsp;&nbsp;&nbsp; 
    </TD></TR>
  <TR>
    <TD colSpan=3><SPAN id=PostComment.ascx_Message 
    style="COLOR: red"></SPAN></TD></TR></TBODY></TABLE></DIV></DIV></DIV></DIV>
<P id=footer>Powered by: <BR><A id=Footer1_Hyperlink2 
href="http://scottwater.com/blog" name=Hyperlink1><IMG 
src="Acegi 的配置(2)-applicationContext-acegi-security_xml - 懒散狂徒的专栏 - CSDNBlog.files/100x30_Logo.gif" 
border=0></A> <A id=Footer1_Hyperlink3 href="http://asp.net/" 
name=Hyperlink1><IMG 
src="Acegi 的配置(2)-applicationContext-acegi-security_xml - 懒散狂徒的专栏 - CSDNBlog.files/PoweredByAsp.Net.gif" 
border=0></A> <BR>Copyright © 懒散狂徒 </P>
<SCRIPT 
src="Acegi 的配置(2)-applicationContext-acegi-security_xml - 懒散狂徒的专栏 - CSDNBlog.files/counter.js"></SCRIPT>

<SCRIPT type=text/javascript>
<!--
var Page_Validators =  new Array(document.getElementById("PostComment.ascx_RequiredFieldValidator2"), document.getElementById("PostComment.ascx_valAntiBotImage"), document.getElementById("PostComment.ascx_RequiredFieldValidator3"));
// -->
</SCRIPT>

<SCRIPT type=text/javascript>
<!--
var Page_ValidationActive = false;
if (typeof(ValidatorOnLoad) == "function") {
    ValidatorOnLoad();
}

function ValidatorOnSubmit() {
    if (Page_ValidationActive) {
        return ValidatorCommonOnSubmit();
    }
    else {
        return true;
    }
}
// -->
</SCRIPT>
</FORM>
<SCRIPT language=javascript type=text/javascript>
	<!--
	    try
        {
	        hide();
        }
        catch(e){}
	//-->
    </SCRIPT>

<SCRIPT 
src="Acegi 的配置(2)-applicationContext-acegi-security_xml - 懒散狂徒的专栏 - CSDNBlog.files/urchin.js" 
type=text/javascript>
</SCRIPT>

<SCRIPT type=text/javascript>
_uacct = "UA-1148926-2";
urchinTracker();
</SCRIPT>
</BODY></HTML>