Acegi的简单配置

<!!-- web.xml文件  -->
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- 指定Acegi资讯的设定档-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/acegi-config.xml</param-value>
</context-param>

<!-- Acegi 的 Filter Chain 代理 -->
<filter>
<filter-name>
Acegi Filter Chain Proxy
</filter-name>
<filter-class> org.acegisecurity.util.FilterToBeanProxy </filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


<!-- 取得Spring的Context -->

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
  <servlet>
    <description>This is the description of my J2EE component</description>
    <display-name>This is the display name of my J2EE component</display-name>
    <servlet-name>SomeServlet</servlet-name>
    <servlet-class>onlyfun.servlet.SomeServlet</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>SomeServlet</servlet-name>
    <url-pattern>/SomeServlet</url-pattern>
  </servlet-mapping>

  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
</web-app>


<!-- acegi-config.xml 文件  -->

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<!-- Acegi是专为 Spring 设计的安全框架，藉由Spring所提供的AOP功能，可以使用org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor来对方法呼叫进行拦截，对方法的呼叫设定权限保护。 -->
<!-- 也就是说Acegi能够对某个类的具体的方法的访问进行过滤,下面是对名为Some的Servelt的方法拦截 -->



<!-- 连接数据库 -->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/acegi</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value>123</value>
</property>
</bean>


<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<!-- 验证管理员，处理验证资讯提供者  -->
<property name="authenticationManager" ref="authenticationManager"/>
<!-- 验证失败URL -->
<property name="authenticationFailureUrl" value="/acegilogin.jsp"/>
<!-- 验证成功预设URL -->
<property name="defaultTargetUrl" value="/protected/loginsuccess.jsp"/>
<!-- 验证处理的提交位址 -->
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>

</bean>


<!-- 验证管理员，管理验证资讯提供者 -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers"><!-- 可有多个提供者,其中一个验证通过即可以了 -->
<list>             
<ref local="daoAuthenticationProvider"/>

<!-- 用Cookie验证 -->
<ref local="rememberMeAuthenticationProvider"/>          
</list>
</property>
</bean>

<!-- 验证提供者，指定使用记忆体来源中的验证资讯 -->
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<!-- 用户名与密码提供者 -->
<!-- 这是在inMemoryDaoImpl bean中定义的 -->
<!-- <property name="userDetailsService" ref="inMemoryDaoImpl"/> -->
<property name="userDetailsService" ref="jdbcDaoImpl" />
<!-- Acegi可以使用User Cache，当AuthenticationProvider需要使用者资料时，先行至User Cache中寻找是否有符合的项目，有的话就直接取回比对，没有的话，再从资料库或其它资料来源取得 -->
<property name="userCache" ref="userCache"/>

</bean>
<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="dataSource"/>
</bean>

<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</property>
</bean>
</property>

</bean>


<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<!-- 在配置文件中设定用户名与密码 -->
<!--
<property name="userMap">   
<value> 
caterpillar=123456,ROLE_SUPERVISOR
user1=user1pwd,ROLE_USER
user2=user2pwd,disabled,ROLE_USE
</value>
</property>
-->

<!-- 在资源文件中设定用户名与密码 -->
    <property name="userProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
        <property name="location" value="/WEB-INF/users.properties" />
        </bean>
</property>
</bean>

<!-- 发生验证错误或权限错误时的处理 -->
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>

<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/protected/accessDenied.jsp"/>
</bean>
</property>
</bean>


<!-- FilterSecurityInterceptor 对 URI 进行保护 --> 
<bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<!-- 验证管理员 -->
<property name="authenticationManager" ref="authenticationManager" />

<!-- 授权管理员 -->
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/protected/**=ROLE_SUPERVISOR,ROLE_USER
</value>
</property>
</bean>


<!-- 授权管理员 -->
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<!-- 是否全部弃权时视为通过 -->
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
</list>
</property> 
</bean>

<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

<!-- 登出处理 --> 
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/acegilogin.jsp" /> <!-- 登出后的显示页面 --> 
<constructor-arg>
<list>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>

<!-- 利用cookie自动登入 --> 
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager"  ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/> 
</bean>


<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">   
<!-- userDetailsService后的ref的值必须与 id为daoAuthenticationProvider(在本文上面已定义)在bean的在ref值一样 -->
<property name="userDetailsService" ref="inMemoryDaoImpl"/> 
<property name="key" value="javauser"/>
</bean>    

<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">        
<property name="key" value="javauser"/>
</bean>  




<bean id="some" class="onlyfun.caterpillar.Some"></bean>
<bean id="methodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/>
</property>
<property name="objectDefinitionSource">
<value>onlyfun.caterpillar.ISome.doSupervisor=ROLE_SUPERVISOR</value> 
</property>
</bean>

<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property name="beanNames">
<list>
<value>some</value>
</list>
</property>
<property name="interceptorNames">
<list>
<value>methodSecurityInterceptor</value>
</list>
</property>
</bean>






<!-- Filter Chain -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> 
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor,logoutFilter,rememberMeProcessingFilter   
</value>
</property>
</bean>
</beans>


<!-- user.properties--->
caterpillar=123456,ROLE_SUPERVISOR
user1=user1pwd,ROLE_USER
user2=user2pwd,disabled,ROLE_USER


<!--acegilogin.jsp -->
<%@page contentType="text/html"%><%@page pageEncoding="UTF-8"%>
<html>
<head>
<title>Acegi 范例网页 - 登入</title>
</head>
<body>
<h2>登入范例应用程式！</h2><br />
<form action="j_acegi_security_check" method="POST">
<table>
<tr><td>名称：</td> <td><input type='text' name='j_username' value=''></td> </tr>
<tr><td>密码：</td> <td><input type='password' name='j_password'></td> </tr>
<tr><td><input name="reset" type="reset"></td><td><input name="submit" type="submit"></td></tr>
    <tr><td><input type="checkbox" name="_acegi_security_remember_me"></td><td>2周内记得我</td> </tr>
</table></form></body></html>

<!--protected/index.jsp -->
<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>
<%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"%>

<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
   
    <title>My JSP 'index.jsp' starting page</title>
   
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">   
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

  </head>
 
  <body>
     <h1>欢迎<%=session.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY) %>光临</h1>
<br><a href="j_acegi_logout">登出</a>
  </body>
</html>


<!-- protected /accessDennied.jsp  -->
<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
   
    <title>My JSP 'accessDenied.jsp' starting page</title>
   
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">   
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

  </head>
 
  <body>
    <h1>授权失败</h1>
  </body>
</html>