⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 第一个acegi 程式 - 保护对方法的呼叫.htm

📁 acegi+spring最新的分析
💻 HTM
字号:
🔍 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0078)http://caterpillar.onlyfun.net/GossipCN/AcegiGossip/FirstAcegLogoutMethod.html -->
<HTML><HEAD><TITLE>第一个Acegi 程式 - 保护对方法的呼叫</TITLE><LINK 
href="第一个Acegi 程式 - 保护对方法的呼叫.files/stdlayout.css" type=text/css 
rel=stylesheet><LINK href="第一个Acegi 程式 - 保护对方法的呼叫.files/print.css" type=text/css 
rel=stylesheet>
<META http-equiv=content-type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.2900.3199" name=GENERATOR></HEAD>
<BODY>
<H3><A 
href="http://caterpillar.onlyfun.net/GossipCN/index.html">http://caterpillar.onlyfun.net/GossipCN/index.html</A></H3>
<H1><A 
href="http://caterpillar.onlyfun.net/GossipCN/AcegiGossip/AcegiGossip.html">Acegi 
Gossip:&nbsp;第一个Acegi 程式 - 保护对方法的呼叫</A></H1>Acegi是专为 <A 
href="http://caterpillar.onlyfun.net/GossipCN/SpringGossip/SpringGossip.html">Spring</A> 
设计的安全框架,藉由Spring所提供的AOP功能,可以使用org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor来对方法呼叫进行拦截,对方法的呼叫设定权限保护。<BR><BR>举个实际的例子来说,假设您设计了以下的介面与方法:<BR>
<UL>
  <LI>ISome.java </LI></UL><PRE>package onlyfun.caterpillar;<BR><BR>public interface ISome {    <BR>    public void doNormal();<BR>    public void doSupervisor();<BR>}</PRE><BR>
<UL>
  <LI>Some.java </LI></UL><PRE>package onlyfun.caterpillar;<BR><BR>public class Some implements ISome {<BR>    public void doNormal() {<BR>        System.out.println("do normal...");<BR>    }<BR><BR>    public void doSupervisor() {<BR>        System.out.println("do supervisor...");<BR>    }<BR>}</PRE><BR>假设某个请求下,会对Some的实例之方法进行呼叫,例如某个Servlet:<BR>
<UL>
  <LI>SomeServlet.java </LI></UL><PRE>package onlyfun.caterpillar;<BR><BR>import java.io.*;<BR>import java.net.*;<BR><BR>import javax.servlet.*;<BR>import javax.servlet.http.*;<BR>import org.springframework.context.ApplicationContext;<BR>import org.springframework.web.context.support.WebApplicationContextUtils;<BR><BR>public class SomeServlet extends HttpServlet {<BR>    <BR>    protected void processRequest(HttpServletRequest request, HttpServletResponse response)<BR>    throws ServletException, IOException {<BR>        response.setContentType("text/html;charset=UTF-8");<BR>        <BR><SPAN style="FONT-WEIGHT: bold">        ApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(</SPAN><BR style="FONT-WEIGHT: bold"><SPAN style="FONT-WEIGHT: bold">                request.getSession().getServletContext());  </SPAN><BR style="FONT-WEIGHT: bold"><SPAN style="FONT-WEIGHT: bold">        ISome some = (ISome) ctx.getBean("some");  </SPAN><BR style="FONT-WEIGHT: bold"><SPAN style="FONT-WEIGHT: bold">        some.doNormal();</SPAN><BR style="FONT-WEIGHT: bold"><SPAN style="FONT-WEIGHT: bold">        some.doSupervisor();</SPAN><BR>        <BR>        PrintWriter out = response.getWriter();<BR>        out.print("process successfully...");<BR>        out.close();<BR>    }<BR>    <BR>    protected void doGet(HttpServletRequest request, HttpServletResponse response)<BR>    throws ServletException, IOException {<BR>        processRequest(request, response);<BR>    }<BR>    <BR>    protected void doPost(HttpServletRequest request, HttpServletResponse response)<BR>    throws ServletException, IOException {<BR>        processRequest(request, response);<BR>    }<BR><BR>    public String getServletInfo() {<BR>        return "Short description";<BR>    }<BR>}</PRE><BR>在web.xml中增加SomeServlet的定义:<BR>
<DIV style="MARGIN-LEFT: 40px"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp; 
&lt;servlet&gt;</SPAN><BR 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&lt;servlet-name&gt;SomeServlet&lt;/servlet-name&gt;</SPAN><BR 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&lt;servlet-class&gt;onlyfun.caterpillar.SomeServlet&lt;/servlet-class&gt;</SPAN><BR 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp; 
&lt;/servlet&gt;</SPAN><BR 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp; 
&lt;servlet-mapping&gt;</SPAN><BR 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&lt;servlet-name&gt;SomeServlet&lt;/servlet-name&gt;</SPAN><BR 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&lt;url-pattern&gt;/SomeServlet&lt;/url-pattern&gt;</SPAN><BR 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace"><SPAN 
style="FONT-WEIGHT: bold; FONT-FAMILY: Courier New,Courier,monospace">&nbsp;&nbsp;&nbsp; 
&lt;/servlet-mapping&gt;</SPAN><BR></DIV><BR>在不设限的情况下,请求SomeServlet,会呼叫Some实例的doNormal()方法与doSecurity()方法,现在假设您想让 
doSecurity()只让ROLE_SUPERVISOR的使用者来呼叫,则您可以在acegi-config.xml中加入:<BR>
<UL>
  <LI>acegi-config.xml </LI></UL><PRE>&lt;?xml version="1.0" encoding="UTF-8"?&gt;<BR>&lt;!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"&gt;<BR>    ...<BR><BR>    &lt;bean id="some" class="onlyfun.caterpillar.Some"/&gt;<BR><BR>    &lt;bean id="methodSecurityInterceptor" <BR>          class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"&gt;  <BR>        &lt;property name="authenticationManager"&gt;  <BR>             &lt;ref bean="authenticationManager"/&gt;  <BR>        &lt;/property&gt;  <BR>        &lt;property name="accessDecisionManager"&gt;  <BR>            &lt;ref bean="accessDecisionManager"/&gt;  <BR>        &lt;/property&gt;  <BR><SPAN style="FONT-WEIGHT: bold">        &lt;property name="objectDefinitionSource"&gt;  </SPAN><BR style="FONT-WEIGHT: bold"><SPAN style="FONT-WEIGHT: bold">            &lt;value&gt;onlyfun.caterpillar.ISome.doSupervisor=ROLE_SUPERVISOR&lt;/value&gt;  </SPAN><BR style="FONT-WEIGHT: bold"><SPAN style="FONT-WEIGHT: bold">        &lt;/property&gt;  </SPAN><BR>    &lt;/bean&gt;<BR>    <BR>    &lt;bean id="autoProxyCreator" <BR>          class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator"&gt;  <BR>        &lt;property name="beanNames"&gt;  <BR>            &lt;list&gt;  <BR>                &lt;value&gt;some&lt;/value&gt;<BR>            &lt;/list&gt;  <BR>        &lt;/property&gt;  <BR>        &lt;property name="interceptorNames"&gt;  <BR>            &lt;list&gt;  <BR>                &lt;value&gt;methodSecurityInterceptor&lt;/value&gt;<BR>            &lt;/list&gt;  <BR>        &lt;/property&gt;  <BR>    &lt;/bean&gt;  <BR>&lt;/beans&gt;</PRE><BR>完成以下设定,如果再次请求SomeServlet,可以在控制台中看到doNormal()执行完成,但doSecurity()必须是 
ROLE_SUPERVISOR才可以存取,因此您会被送往acegilogin.jsp进行登入,如果登入正确,就会执行doSecurity(),如果登入为非ROLE_SUPERVISOR,则会发生授权失败的例外。<BR><BR></BODY></HTML>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -