- 浏览: 180144 次
- 性别:
- 来自: 厦门
文章分类
- 全部博客 (186)
- Ant (11)
- Axis2 (15)
- Car (9)
- Eclipse (1)
- Java (19)
- Java-EM (4)
- Javascript (11)
- Jsp (1)
- Hibernate (9)
- Mysql (1)
- Ms-Dos (5)
- Music (0)
- Oracle (3)
- Postgresql (0)
- Photoshop (1)
- Spring (17)
- Struts (8)
- Selenium (5)
- Ubuntu (13)
- News (17)
- Others (7)
- SSH (11)
- 算法 (5)
- FreeMarker (4)
- Tomcat (2)
- Linux (5)
最新评论
- OK, so now we have setup the database based resources and now the next step is to get Spring Security to read the user details from the database. The examples that come with Spring Security 2.0 shows you how to keep a list of users and authorities in the configuration file like this:
- <authentication-provider>
- <user-service>
- <user name="rod" password="password" authorities="ROLE_SUPERVISOR, ROLE_USER" />
- <user name="dianne" password="password" authorities="ROLE_USER,ROLE_TELLER" />
- <user name="scott" password="password" authorities="ROLE_USER" />
- <user name="peter" password="password" authorities="ROLE_USER" />
- </user-service>
- </authentication-provider>
<authentication-provider>
You could replace these examples with this configuration so that you can read the user details straight from the database like this:
<user-service>
<user name="rod" password="password" authorities="ROLE_SUPERVISOR, ROLE_USER" />
<user name="dianne" password="password" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="password" authorities="ROLE_USER" />
<user name="peter" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>- <authentication-provider>
- <jdbc-user-service data-source-ref="dataSource" />
- </authentication-provider>
<authentication-provider>
While this is a very fast and easy way to configure database based security it does mean that you have to conform to a default databases schema. By default, the <jdbc-user-service> requires the following tables: user, authorities, groups, group_members and group_authorities.
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
In my case this was not going to work as my security schema it not the same as what the <jdbc-user-service> requires, so I was forced to change the <authentication-provider>:- <authentication-provider>
- <jdbc-user-service data-source-ref="dataSource"
- users-by-username-query="SELECT U.username, U.password, U.accountEnabled AS 'enabled' FROM User U where U.username=?"
- authorities-by-username-query="SELECT U.username, R.name as 'authority' FROM User U JOIN Authority A ON u.id = A.userId JOIN Role R ON R.id = A.roleId WHERE U.username=?"/>
- </authentication-provider>
<authentication-provider>
By adding the users-by-username-query and authorities-by-username-query properties you are able to override the default SQL statements with your own. As in ACEGI security you must make sure that the columns that your SQL statement returns is the same as what Spring Security expects. There is a another property group-authorities-by-username-query which I am not using and have therefore left it out of this example, but it works in exactly the same manner as the other two SQL statements.
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT U.username, U.password, U.accountEnabled AS 'enabled' FROM User U where U.username=?"
authorities-by-username-query="SELECT U.username, R.name as 'authority' FROM User U JOIN Authority A ON u.id = A.userId JOIN Role R ON R.id = A.roleId WHERE U.username=?"/>
</authentication-provider>
This feature of the <jdbc-user-service> has only been included in the past month or so and was not available in the pre-release versions of Spring Security. Luckily it has been added as it does make life a lot easier. You can read about this here and here.
The dataSource bean instructs which database to connect to, it is not included in my configuration file as it's not specific to security. Here is an example of a dataSource bean for those who are not sure:- <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
- <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
- <property name="url" value="jdbc:mysql://localhost/db_name?useUnicode=true&characterEncoding=utf-8"/>
- <property name="username" value="root"/>
- <property name="password" value="pwd"/>
- </bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost/db_name?useUnicode=true&characterEncoding=utf-8"/>
<property name="username" value="root"/>
<property name="password" value="pwd"/>
</bean> - And that is all for the configuration of Spring Security. My last task was to change my current logon screen. In ACEGI you could create your own logon <form> by making sure that you POSTED the correctly named HTML input elements to the correct URL. While you can still do this in Spring Security 2.0, some of the names have changed.
You can still call your username field j_username and your password field j_password as before.- <input type="text" name="j_username" id="j_username"/>
- <input type="password" name="j_password" id="j_password"/>
<input type="text" name="j_username" id="j_username"/>
However you must set the action property of your <form> to point to j_spring_security_check and not j_acegi_security_check.
<input type="password" name="j_password" id="j_password"/>- <form method="post" id="loginForm" action="<c:url value='j_spring_security_check'/>"
<form method="post" id="loginForm" action="<c:url value='j_spring_security_check'/>"
There are a few places in our application where the user can logout, this is a link that redirects the logout request to the security framework so that it can be handled accordingly. This needs to be changed from j_acegi_logout to j_spring_security_logout.- <a href='<c:url value="j_spring_security_logout"/>'>Logout</a>
<a href='<c:url value="j_spring_security_logout"/>'>Logout</a>
Conclusion
This short guide on how to configure Spring Security 2.0 with access to resources stored in a database does not come close to illustrating the host of new features that are available in Spring Security 2.0, however I think that it does show some of the most commonly used abilities of the framework and I hope that you will find it useful.
One of the benefits of Spring Security 2.0 over ACEGI is the ability to write more consice configuration files, this is clearly shown when I compare my old ACEGI configration (172 lines) file to my new one (42 lines).
Here is my complete securityContext.xml file:
- <?xml version="1.0" encoding=
发表评论
-
spring-hibernate
2008-10-24 21:04 684原则上尽量要使用spring下载包里lib目录里的jar文件 ... -
在项目中为 Spring Framework 配置 Log4j
2008-10-28 19:15 764创建一个基于 Spring Framework 的项目之后,在 ... -
spring2.0以后声明式事务管理
2008-10-29 17:35 811基于注解式的 <?xml version="1 ... -
SpringBeanFactory
2008-10-29 17:38 802SpringBeanFactory import org.sp ... -
用 Hibernate 和 Spring 开发事务持久层(转贴)
2008-10-30 20:20 657用 Hibernate 和 Spring 开发 ... -
Spring配置事务在DAO层和业务逻辑层
2008-10-31 10:39 826转自:http://www.blogjava.n ... -
基于 MVC 三层架构,Spring 配置文件(08.10.31号)
2008-10-31 11:28 893<?xml version="1.0" ... -
简化Spring(1)--配置文件
2008-10-31 13:53 618转自:http://www.blogjava.net/calv ... -
简化Spring(2)--Model层
2008-10-31 13:54 595简化Spring(2)--Model层 作者:江南白 ... -
简化Spring(3)--Controller层
2008-10-31 13:55 509简化Spring(3)--Controller层 ... -
简化Spring(4)--View层
2008-10-31 13:55 525简化Spring(4)--View层 作者:江南白衣 ... -
Spring--简单使用quartz实现定时作业
2008-10-31 14:14 685Spring--简单使用quartz实现定时作业 ... -
Pathway from ACEGI to Spring Security 2.0
2008-11-20 08:42 722Pathway from ACEGI to Spring Se ... -
Pathway from ACEGI to Spring Security 2.0(2)
2008-11-20 08:55 835The main part of this piece of ... -
spring常见错误之一
2008-12-13 09:32 737Error creating bean with name ' ... -
ApplicationContext.xml
2008-12-02 16:41 835<?xml version="1.0&qu ...
相关推荐
`z-pathway-acegi-spring-security.html`可能涉及Acegi安全系统的过渡信息,因为Spring Security最初是作为Acegi的后续项目发展起来的。这部分内容可能帮助那些从Acegi迁移到Spring Security的开发者理解两者之间的...
"Portable Pathway Builder Tool 2.0"版本在前一版本的基础上进行了优化升级,可能包括更丰富的图形库、增强的编辑功能、以及更好的兼容性。用户可以预设或自定义各种通路元素的形状、颜色和大小,以适应不同的展示...
IPA(Ingenuity Pathway Analysis)是一款在生物信息学领域广泛应用的通路分析工具,它专为研究人员提供了一整套分析方案,以理解基因表达数据、蛋白质组学数据或其他分子交互数据背后的生物学意义。这款软件的强大...
from pathway2cyjs import Pathway2CyJS # 加载生物通路数据 pathway_data = ... # 创建转换器对象 converter = Pathway2CyJS() # 转换数据并获取JSON cyjs_json = converter.convert(pathway_data) # 将JSON...
利用基因芯片分析TuMV侵染对白菜分泌途径基因的影响,李彦肖,张昌伟,前人研究发现病毒的复制复合体(viral RNP complex)和病毒RNA通过分泌途径移动到胞间连丝。本研究通过拟南芥基因芯片鉴定病原物侵染引�
软件名字叫做 pathway builder tool 官网是http: www proteinlounge com PathwayBuilder aspx(官网可以7天试用) 软件自带几乎所有分子生物学会用到的元素 如不同的细胞 细胞器 分子 老鼠模型 另外 这个软件自带...
通过对三种胰腺癌细胞系(BxPC-3、HPAC和PANC-1)进行实验,研究人员采用多种细胞生物学技术和分子生物学方法,如MTT细胞活力检测、流式细胞术、基因转染、实时RT-PCR和Western Blot等,探讨了Notch1下调后对胰腺癌...
这款软件基于Pathway/Genome Database (PGDB) 数据库,提供了丰富的生物信息分析功能,包括基因功能注释、通路分析、基因集富集分析以及差异表达基因的可视化。 PathwayTool的核心功能: 1. **通路分析**:...
《蛋白质网络与途径分析》(Protein Networks and Pathway Analysis)是分子生物学方法系列书籍中的一部,由尤里·尼科尔斯基(Yuri Nikolsky)和朱莉·布莱恩特(Julie Bryant)编辑,专注于蛋白质网络和生物途径的...
3. Teacher-Student 模型 为了实现无监督学习检测单图像前景对象,我们提出了一个基于 Teacher-Student 模型的方法。该模型由两个部分组成:Teacher pathway 和 Student pathway。Teacher pathway 负责在视频数据中...
The AOX pathway is thought to act as a safety valve, preventing overreduction of the ETC and protecting cells from oxidative damage. 3. Mesophyll Protoplasts and Their Isolation Mesophyll ...
A histone methylation-dependent DNA methylation pathway is uniquely impaired by deficiency in S-adenosylhomocysteine hydrolase
3. **调试器**:为了帮助开发者定位和修复错误,Pathway提供了调试工具。这可能是一个基于命令行的调试器,允许设置断点、查看内存、单步执行代码等功能。 4. **其他工具**:除了核心组件外,Pathway开发包可能还...
3. **可视化工具**:设计直观的用户界面和交互式图表,帮助研究者快速理解和解释Pathway信息。这些工具应能够动态显示Pathway网络,突出关键节点和边,以及提供对特定通路的详细视图。 4. **算法优化**:开发高效的...
在Portable_Pathway_Builder_Tool_2.0这个压缩包文件中,很可能包含的是这款工艺流程绘图软件的便携版本。便携版软件的一大优点是无需安装,可以直接运行,不会在用户的电脑上留下任何痕迹,方便在不同设备间切换...
R. P. Burn的数论入门,非常好的一本数论指导书,影印版
convolution, spectral analysis and feature detection) and corresponds to the low level retinal image processing that happens in the eye in the human visual system pathway. The next part of the book ...