acegi的MethodSecurityInterceptor

bulain

浏览: 294335 次
性别:
来自: 上海

最近访客更多访客>>

xu_ch

熊佳佳

easilife

hardneedl

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

acegi study

Acegi Bean DAO XML Cache

2006-06-06

acegi的MethodSecurityInterceptor实现

AfterInvocationProviderImp

package com.bulain.test;

import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.Authentication;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.afterinvocation.AfterInvocationProvider;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.log4j.Logger;

public class AfterInvocationProviderImp implements AfterInvocationProvider {
	private static Logger logger = Logger.getLogger(AfterInvocationProviderImp.class);

	public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
			throws AccessDeniedException {
		return returnedObject;
	}

	public boolean supports(ConfigAttribute attribute) {
		logger.info("ConfigAttribute: " + attribute);
		if (attribute.getAttribute().equals("BANKSECURITY_CUSTOMER")) {
			return true;
		}
		return false;
	}

	public boolean supports(Class clazz) {
		logger.info("Class: " + clazz);
		if (clazz == MethodInvocation.class) {
			return true;
		}
		return false;
	}

}

ApplicationEventPublisherImp

package com.bulain.test;

import org.apache.log4j.Logger;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;

public class ApplicationEventPublisherImp implements ApplicationEventPublisher {
	private static Logger logger = Logger.getLogger(ApplicationEventPublisherImp.class);

	public void publishEvent(ApplicationEvent event) {
		logger.info("publishEvent: " + event);
	}

}

BankManager

package com.bulain.test;

public interface BankManager {
	/**
	 * Delete something
	 */
	public void deleteSomething(int id);
	
	/**
	 * Delete another
	 */
	public void deleteAnother(int id);
	
	/**
	 * Get balance
	 */
	public float getBalance(int id);
}

BankManagerImp

package com.bulain.test;

import org.apache.log4j.Logger;

public class BankManagerImp implements BankManager {
	private static Logger logger = Logger.getLogger(BankManagerImp.class);

	public void deleteSomething(int id) {
		logger.info("deleteSomething()");
	}

	public void deleteAnother(int id) {
		logger.info("deleteAnother()");
	}

	public float getBalance(int id) {
		logger.info("getBalance()");
		return 0;
	}
}

BankManagerImpTest

package com.bulain.test;

import junit.framework.TestCase;

import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;

public class BankManagerImpTest extends TestCase {
	static Resource resource = new ClassPathResource("applicationContext.xml");
	static BeanFactory factory = new XmlBeanFactory(resource);

	private static void createSecureContext(final BeanFactory bf, final String username, final String password) {
		AuthenticationProvider provider = (AuthenticationProvider) bf.getBean("daoAuthenticationProvider");
		Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken(username, password));
		SecurityContextHolder.getContext().setAuthentication(auth);
	}

	// Clear the security context after each test.
	public void teardown() {
		SecurityContextHolder.setContext(new SecurityContextImpl());
	}

	public static void main(String[] args) {
		junit.textui.TestRunner.run(BankManagerImpTest.class);
	}

	/*
	 * Test method for 'com.bulain.test.BankManagerImp.deleteSomething(int)'
	 */
	public void testDeleteSomething() {
		BankManager bankManager = (BankManager) factory.getBean("bankManager");
		createSecureContext(factory, "marissa", "koala");

		bankManager.deleteSomething(10);
	}

	/*
	 * Test method for 'com.bulain.test.BankManagerImp.deleteAnother(int)'
	 */
	public void testDeleteAnother() {
		BankManager bankManager = (BankManager) factory.getBean("bankManager");
		createSecureContext(factory, "marissa", "koala");

		bankManager.deleteAnother(10);
	}

	/*
	 * Test method for 'com.bulain.test.BankManagerImp.getBalance(int)'
	 */
	public void testGetBalance() {
		BankManager bankManager = (BankManager) factory.getBean("bankManager");
		createSecureContext(factory, "manager", "manager");

		bankManager.getBalance(10);
	}
}

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
	<bean id="bankManagerSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
		<property name="validateConfigAttributes">
			<value>true</value>
		</property>
		<property name="applicationEventPublisher">
			<bean class="com.bulain.test.ApplicationEventPublisherImp"/>
		</property>
		<property name="authenticationManager">
			<ref bean="authenticationManager"/>
		</property>
		<property name="accessDecisionManager">
			<ref bean="accessDecisionManager"/>
		</property>
		<property name="runAsManager">
			<ref bean="runAsManager"/>
		</property>
		<property name="afterInvocationManager">
			<ref bean="afterInvocationManager"/>
		</property>
		<property name="objectDefinitionSource">
			<value>com.bulain.test.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVER
				com.bulain.test.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER</value>
		</property>
	</bean>
	
	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="daoAuthenticationProvider"/>
				<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
					<property name="key" value="changeThis"/>
				</bean>
				<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
					<property name="key" value="changeThis"/>
				</bean>
			</list>
		</property>
	</bean>
	
	<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions" value="false"/>
		<property name="decisionVoters">
			<list>
				<bean class="org.acegisecurity.vote.RoleVoter"/>
				<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
			</list>
		</property>
	</bean>
	
	<bean id="runAsManager" class="org.acegisecurity.runas.RunAsManagerImpl">
		<property name="key" value="KEY"/>
	</bean>
	
	<bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager">
		<property name="providers">
			<list>
				<bean class="com.bulain.test.AfterInvocationProviderImp"/>
			</list>
		</property>
	</bean>
	
	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService" ref="userDetailsService"/>
		<property name="userCache">
			<bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
				<property name="cache">
					<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
						<property name="cacheManager">
							<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
						</property>
						<property name="cacheName" value="userCache"/>
					</bean>
				</property>
			</bean>
		</property>
	</bean>
	
	<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userProperties">
			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
				<property name="location" value="users.properties"/>
			</bean>
		</property>
	</bean>
	
	<bean id="bankManagerImp" class="com.bulain.test.BankManagerImp"/>
	
	<bean id="bankManager" class="org.springframework.aop.framework.ProxyFactoryBean">
		<property name="interceptorNames">	
			<list>
				<value>bankManagerSecurity</value>
			</list>		
		</property>
		<property name="target"><ref local="bankManagerImp"/></property>
	</bean>
</beans>

users.properties

marissa=koala,ROLE_SUPERVISOR
dianne=emu,ROLE_USER
scott=wombat,ROLE_USER
peter=opal,disabled,ROLE_USER

分享到：

acegi的MethodSecurityInterceptor实例 | 测试资源：63个国外优秀测试站点链接

2006-06-06 17:42
浏览 5615
评论(2)
查看更多

2 楼 bulain 2007-04-12

少了ehcache的jar包。

1 楼 yuen 2007-04-04

你好，我才开始看acegi，把你的这个例子运行了一下，出错了，可不可以帮我看一下，这是为什么？谢谢！

Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bankManager': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bankManagerSecurity' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bankManagerSecurity' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot resolve reference to bean 'daoAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'daoAuthenticationProvider' defined in class path resource [com/bulain/test/applicationContext.xml]: Cannot create inner bean 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' of type [org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache] while setting bean property 'userCache'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache#140c281' defined in class path resource [com/bulain/test/applicationContext.xml]: Instantiation of bean failed; nested exception is java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException
Caused by: java.lang.NoClassDefFoundError: net/sf/ehcache/CacheException

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

acegi的MethodSecurityInterceptor

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

acegi的MethodSecurityInterceptor

评论

发表评论

相关推荐

学习acegi-security

acegi的MethodSecurityInterceptor实例

acegi 参考的部分翻译

Feiing以前写的一篇介绍 Acegi 的文档

实战Acegi：使用Acegi作为基于Spring框架的WEB应用的安全框架

ajax的经典集萃

最近访客更多访客>>