- 浏览: 294335 次
- 性别:
- 来自: 上海
-
文章分类
- 全部博客 (158)
- 默认类别 (22)
- tomcat study (5)
- spring study (2)
- hibernate study (2)
- jms study (8)
- acegi study (7)
- linux study (3)
- database study (19)
- appserver study (3)
- cvs study (10)
- mysql study (2)
- ajax study (5)
- uttest study (5)
- uml study (2)
- subversion study (3)
- xml study (6)
- japanese study (7)
- english study (2)
- loadrunner study (2)
- annotation study (0)
- security study (10)
- perl study (0)
- it lecture (14)
- view study (5)
- unicode study (1)
- net study (6)
- rule study (5)
- sdo study (1)
- jbpm study (1)
最新评论
-
xieruilin:
问题解决 。。。3Q
经常在安装ORACLE数据库时,出现一个ORA-12638 凭证检索失败 -
xiebiao110:
嗯不错,我也在看tomcat6,tomcat4,分模块来分析, ...
3、tomcat中的设计模式。 -
alloyer:
非常牛叉,再有个实例就完美了!
学习acegi-security -
bulain:
少了ehcache的jar包。
acegi的MethodSecurityInterceptor -
yuen:
你好,我才开始看acegi,把你的这个例子运行了一下,出错了, ...
acegi的MethodSecurityInterceptor
2006-06-06
acegi的MethodSecurityInterceptor实现
AfterInvocationProviderImp
ApplicationEventPublisherImp
BankManager
BankManagerImp
BankManagerImpTest
applicationContext.xml
users.properties
acegi的MethodSecurityInterceptor实现
AfterInvocationProviderImp
package com.bulain.test; import org.acegisecurity.AccessDeniedException; import org.acegisecurity.Authentication; import org.acegisecurity.ConfigAttribute; import org.acegisecurity.ConfigAttributeDefinition; import org.acegisecurity.afterinvocation.AfterInvocationProvider; import org.aopalliance.intercept.MethodInvocation; import org.apache.log4j.Logger; public class AfterInvocationProviderImp implements AfterInvocationProvider { private static Logger logger = Logger.getLogger(AfterInvocationProviderImp.class); public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject) throws AccessDeniedException { return returnedObject; } public boolean supports(ConfigAttribute attribute) { logger.info("ConfigAttribute: " + attribute); if (attribute.getAttribute().equals("BANKSECURITY_CUSTOMER")) { return true; } return false; } public boolean supports(Class clazz) { logger.info("Class: " + clazz); if (clazz == MethodInvocation.class) { return true; } return false; } }
ApplicationEventPublisherImp
package com.bulain.test; import org.apache.log4j.Logger; import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEventPublisher; public class ApplicationEventPublisherImp implements ApplicationEventPublisher { private static Logger logger = Logger.getLogger(ApplicationEventPublisherImp.class); public void publishEvent(ApplicationEvent event) { logger.info("publishEvent: " + event); } }
BankManager
package com.bulain.test; public interface BankManager { /** * Delete something */ public void deleteSomething(int id); /** * Delete another */ public void deleteAnother(int id); /** * Get balance */ public float getBalance(int id); }
BankManagerImp
package com.bulain.test; import org.apache.log4j.Logger; public class BankManagerImp implements BankManager { private static Logger logger = Logger.getLogger(BankManagerImp.class); public void deleteSomething(int id) { logger.info("deleteSomething()"); } public void deleteAnother(int id) { logger.info("deleteAnother()"); } public float getBalance(int id) { logger.info("getBalance()"); return 0; } }
BankManagerImpTest
package com.bulain.test; import junit.framework.TestCase; import org.acegisecurity.Authentication; import org.acegisecurity.context.SecurityContextHolder; import org.acegisecurity.context.SecurityContextImpl; import org.acegisecurity.providers.AuthenticationProvider; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.springframework.beans.factory.BeanFactory; import org.springframework.beans.factory.xml.XmlBeanFactory; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; public class BankManagerImpTest extends TestCase { static Resource resource = new ClassPathResource("applicationContext.xml"); static BeanFactory factory = new XmlBeanFactory(resource); private static void createSecureContext(final BeanFactory bf, final String username, final String password) { AuthenticationProvider provider = (AuthenticationProvider) bf.getBean("daoAuthenticationProvider"); Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken(username, password)); SecurityContextHolder.getContext().setAuthentication(auth); } // Clear the security context after each test. public void teardown() { SecurityContextHolder.setContext(new SecurityContextImpl()); } public static void main(String[] args) { junit.textui.TestRunner.run(BankManagerImpTest.class); } /* * Test method for 'com.bulain.test.BankManagerImp.deleteSomething(int)' */ public void testDeleteSomething() { BankManager bankManager = (BankManager) factory.getBean("bankManager"); createSecureContext(factory, "marissa", "koala"); bankManager.deleteSomething(10); } /* * Test method for 'com.bulain.test.BankManagerImp.deleteAnother(int)' */ public void testDeleteAnother() { BankManager bankManager = (BankManager) factory.getBean("bankManager"); createSecureContext(factory, "marissa", "koala"); bankManager.deleteAnother(10); } /* * Test method for 'com.bulain.test.BankManagerImp.getBalance(int)' */ public void testGetBalance() { BankManager bankManager = (BankManager) factory.getBean("bankManager"); createSecureContext(factory, "manager", "manager"); bankManager.getBalance(10); } }
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <bean id="bankManagerSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="validateConfigAttributes"> <value>true</value> </property> <property name="applicationEventPublisher"> <bean class="com.bulain.test.ApplicationEventPublisherImp"/> </property> <property name="authenticationManager"> <ref bean="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref bean="accessDecisionManager"/> </property> <property name="runAsManager"> <ref bean="runAsManager"/> </property> <property name="afterInvocationManager"> <ref bean="afterInvocationManager"/> </property> <property name="objectDefinitionSource"> <value>com.bulain.test.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVER com.bulain.test.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER</value> </property> </bean> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider"/> <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key" value="changeThis"/> </bean> <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> <property name="key" value="changeThis"/> </bean> </list> </property> </bean> <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"/> <property name="decisionVoters"> <list> <bean class="org.acegisecurity.vote.RoleVoter"/> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> <bean id="runAsManager" class="org.acegisecurity.runas.RunAsManagerImpl"> <property name="key" value="KEY"/> </bean> <bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"> <property name="providers"> <list> <bean class="com.bulain.test.AfterInvocationProviderImp"/> </list> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService"/> <property name="userCache"> <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"> <property name="cache"> <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager"> <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> </property> <property name="cacheName" value="userCache"/> </bean> </property> </bean> </property> </bean> <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userProperties"> <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="location" value="users.properties"/> </bean> </property> </bean> <bean id="bankManagerImp" class="com.bulain.test.BankManagerImp"/> <bean id="bankManager" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="interceptorNames"> <list> <value>bankManagerSecurity</value> </list> </property> <property name="target"><ref local="bankManagerImp"/></property> </bean> </beans>
users.properties
marissa=koala,ROLE_SUPERVISOR dianne=emu,ROLE_USER scott=wombat,ROLE_USER peter=opal,disabled,ROLE_USER
评论
2 楼
bulain
2007-04-12
少了ehcache的jar包。
1 楼
yuen
2007-04-04
你好,我才开始看acegi,把你的这个例子运行了一下,出错了,可不可以帮我看一下,这是为什么?谢谢!
Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bankManager': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bankManagerSecurity' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bankManagerSecurity' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException Caused by: java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException
发表评论
-
学习acegi-security
2006-06-12 09:37 141102006-06-10 学习acegi-security 这几 ... -
acegi的MethodSecurityInterceptor实例
2006-06-06 17:46 21282006-06-06 acegi的MethodSecurit ... -
acegi 参考的部分翻译
2006-06-01 17:29 11742006-06-01 acegi 参考的部分翻译 htt ... -
Feiing以前写的一篇介绍 Acegi 的文档
2006-01-12 21:47 1469http://forum.iteye.com/viewtopi ... -
实战Acegi:使用Acegi作为基于Spring框架的WEB应用的安全框架
2006-01-12 21:46 1387http://www.blogjava.net/youlq/a ... -
ajax的经典集萃
2005-11-07 21:24 1270ajax的经典集萃 一个ajax的经典测试用例(时时都在为新 ...
相关推荐
<bean id="preInvocationFilter" class="org.acegisecurity.access.intercept.aopalliance.MethodSecurityInterceptor"> <!-- 定义方法级别的访问规则 --> ``` 5. **Access Decision Manager** - ...
Acegi 利用AOP的概念,通过`MethodSecurityInterceptor`对Service层的方法进行拦截,实现方法级别的安全控制。这意味着,不仅可以保护URL,还可以细化到对服务接口的每一个方法进行访问控制。 3. **ACL(Access ...
此外,还可以利用`FilterSecurityInterceptor`进行URL级别的访问控制,以及`MethodSecurityInterceptor`进行方法级别的权限控制。 ### 5. 总结 "acegi-security-1.0.7"作为ACEGI Security的一个版本,为开发者提供...
例如,定义一个 `MethodSecurityInterceptor`,并通过 `pointcut-expression` 指定拦截哪些方法调用。 #### 五、结论 本教程详细介绍了如何利用 Spring 的 IoC 容器来管理 Acegi 的依赖关系,以及如何配置 Acegi ...
在Spring-Acegi中,`MethodSecurityInterceptor`是关键组件,它拦截并处理具有安全约束的方法调用。我们可以通过配置Acegi来定义哪些方法需要特定的角色或权限才能访问。以下是一个简单的例子,展示了如何使用Acegi...