学习Acegi-认证(authentication)

ChinaItLab

佚名

2007-2-11

保存本文

推荐给好友

收藏本页

欢迎进入Java社区论坛，与200万技术人员互动交流 >>进入

7.OK，发布项目，访问http://localhost:8080/acegiexample
这时index.jsp会自动转向userinfo.jsp,由于还没有用户登录,所以没有资料显示。按登陆链接进入登录页，登录成功后会看到显示用户名的页面（当然可以有更多的用户资料,但这仅仅是example）,不成功时会在登录页提示信息。我们可以用user1和user2登陆，可以分别测试登录成功和失败的流程。

8.可以看到登录页上有自动登陆功能，而userinfo.jsp页有注销功能。但还是不起作用，好，现在我们马上首手加入这两个功能。看acegi可以方便到什么程度。在applicationContext.xml中加入如下红色部分：

<? xml version = " 1.0 " encoding = " UTF-8 " ?>
< beans xmlns = " http://www.springframework.org/schema/beans "
       xmlns:xsi = " http://www.w3.org/2001/XMLSchema-instance "
       xmlns:aop = " http://www.springframework.org/schema/aop "
       xmlns:tx = " http://www.springframework.org/schema/tx "
       xsi:schemaLocation = " http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
           http: // www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
           http: // www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd "
        default - autowire = " byName " default - lazy - init = " true " >

     
     < bean id = " filterChainProxy " class = " org.acegisecurity.util.FilterChainProxy " >
       < property name = " filterInvocationDefinitionSource " >
          < value >
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            PATTERN_TYPE_APACHE_ANT
             /** =authenticationProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter
         </value>
      </property>
    </bean>
    

    
    <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
        <property name="defaultTargetUrl" value="/userinfo.jsp"/>
        <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    </bean>

    
    <bean id="rememberMeProcessingFilter"
          class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
        <property name="authenticationManager"
                  ref="authenticationManager"/>
        <property name="rememberMeServices" ref="rememberMeServices"/>
    </bean>
    <bean id="rememberMeServices"
          class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="inMemoryDaoImpl"/>
        <property name="key" value="javargb"/>
    </bean>
    <bean id="rememberMeAuthenticationProvider"
          class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
        <property name="key" value="javargb"/>
    </bean>

    
    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
      <constructor-arg value="/acegilogin.jsp"/> 
      <constructor-arg>
         <list>
              <ref bean="rememberMeServices"/>
              <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
         </list>
      </constructor-arg>
   </bean>

   
   <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
      <property name="providers">
         <list>
            <ref local="daoAuthenticationProvider"/>
            <ref local="rememberMeAuthenticationProvider"/>
         </list>
      </property>
   </bean>
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="inMemoryDaoImpl"/>
    </bean>
    
     <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userMap">
            <value>
                liuyxit=123,ROLE_SUPERVISOR
                user1=user1,ROLE_USER
                user2=user2,disabled,ROLE_USER
            </value>
        </property>
    </bean>
    
    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                <property name="loginFormUrl" value="/acegilogin.jsp"/>
                <property name="forceHttps" value="false"/>
            </bean>
        </property>
        <property name="accessDeniedHandler">
            <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                <property name="errorPage" value="/accessDenied.jsp"/>
            </bean>
        </property>
    </bean>
</beans>

另要注意：Acegi默认的自动登陆设定参数名为_acegi_security_remember_me，注销链接为/j_acegi_logout。

马上重启Tomcat测试看看^_^。

9.通常用户资料会放在数据库中，而不会放在配置文件，接着下面我们来再行修改一下。
首先创建要用到的用户表和权限表，并插入初始化数据：

CREATE TABLE USERS(
USERNAME VARCHAR( 50 ) NOT NULL PRIMARY KEY,
PASSWORD VARCHAR( 50 ) NOT NULL,
ENABLED BIT NOT NULL)

INSERT INTO USERS(username,password,enabled) values( ' liuyxit ' , ' 123 ' , ' 1 ' )
INSERT INTO USERS(username,password,enabled) values( ' user1 ' , ' user1 ' , ' 1 ' )
INSERT INTO USERS(username,password,enabled) values( ' user2 ' , ' user2 ' , ' 0 ' )

CREATE TABLE AUTHORITIES(
USERNAME VARCHAR( 50 ) NOT NULL,
AUTHORITY VARCHAR( 50 ) NOT NULL,
CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME)
);

INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( ' liuyxit ' , ' ROLE_SUPERVISOR ' )
INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( ' user1 ' , ' ROLE_USER ' )
INSERT INTO AUTHORITIES(USERNAME,AUTHORITY) values( ' user2 ' , ' ROLE_USER ' )

上一页 [1] [2] [3] [4] 下一页

【责编:Peng】