`
jusescn
  • 浏览: 125856 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

基于acegi1.0.5 新的权限模型实现行级细粒度权限控制

阅读更多

实现效果图如下:
acegi1.05的新的权限模型针对 hsqldb 数据库,移植到到sqlserver/mysql 需要修改如下文件:
org.acegisecurity.acls.jdbc.BasicLookupStrategy ;
org.acegisecurity.acls.jdbc.JdbcMutableAclService;

JdbcMutableAclService 是最主要的类,对acl和ace的操作都集中在该类;
BasicLookupStrategy 只有一个方法readAclsById 获得实例对象的acl。

要点:
1、搭建基础代码可以参考ss2中的acegi实现(完全拷贝),在roleManager中需要特别注意是,如果采用getHibernateTemplate().saveOrUpdate(o);对对象进行保存或者更新的话,在修改角色对于用户或者角色对应资源的保存角色前,应该将缓存中的role对于的用户和资源的authorities清除rolename,然后更新角色实例,保存角色到cache中。
2、采用ss1中对对象保护的方法,新建com.at21.pm.core.security.acl.domain.AclDomainAware标示接口或者需要实现public long getId()方法。
3、编辑applicationContext-acegi-acl.xml(可以拷贝acegi中contact例子中的文件)。
4、解析acl中几个表对象
ACL_SID:用以保存sid的实例 PrincipalSid 用户实例,GrantedAuthoritySid 角色实例。
ACL_OBJECT_IDENTITY:用户需要保存的实例。字段ENTRIES_INHERITING表示是否继承父级权限。
ACL_ENTRY:用户实例对应sid的权限(read/create/delete/admin) 字段MASK标示权限(具体标示参考org.acegisecurity.acls.domain.BasePermission类)字段GRANTING表示是是否授予某用户/角色该实例的某权限

介绍开发树形实例:
1、保存树形到数据库对应表时,保存该对象到acl模型中调用updateAcl()方法。

java 代码

 

  1. /**  
  2.      * @param clazz 需要保护的对象类  
  3.      * @param id 实例对象id  
  4.      * @param sid 角色名/用户名  
  5.      * @param permission 权限  
  6.      * @param granting 授予/拒绝  
  7.      * @param entriesInheriting 是否从父类继承权限  
  8.      * @param parentid 父类实例  
  9.      */  
  10. public void updateAcl(Class clazz,Serializable id,Sid sid,Permission permission,boolean granting,boolean entriesInheriting,Serializable parentid){   
  11.         MutableAcl acl;   
  12.         ObjectIdentity oid = new ObjectIdentityImpl(clazz,id);   
  13.         try {   
  14.             acl = (MutableAcl) mutableAclService.readAclById(oid);   
  15.         } catch (NotFoundException nfe) {   
  16.             acl = mutableAclService.createAcl(oid);   
  17.         }   
  18.            
  19.         if ( parentid != null){   
  20.             MutableAcl parentacl;   
  21.             ObjectIdentity parentoi = new ObjectIdentityImpl(clazz,parentid);   
  22.             try {   
  23.                 parentacl = (MutableAcl) mutableAclService.readAclById(parentoi);   
  24.             } catch (NotFoundException nfe) {   
  25.                 parentacl = mutableAclService.createAcl(parentoi);   
  26.             }   
  27.             acl.setParent(parentacl);   
  28.         }   
  29.            
  30.         AccessControlEntry sameAce = null;   
  31.         AccessControlEntry[] aces = acl.getEntries();   
  32.         if ( aces != null && aces.length >0 ){   
  33.             for (int i = 0; i < aces.length; i++) {   
  34.                 AccessControlEntry ace = aces[i];   
  35.                 if ( ace.getPermission().getMask() == permission.getMask() && sid.equals(ace.getSid())){   
  36.                     sameAce = ace;   
  37.                     break;   
  38.                 }   
  39.             }   
  40.         }   
  41.            
  42.         if ( sameAce != null){   
  43.             acl.deleteAce(sameAce.getId());   
  44.         }   
  45.            
  46.         acl.insertAce(null, permission, sid, granting);   
  47.         acl.setEntriesInheriting(entriesInheriting);   
  48.            
  49.         mutableAclService.updateAcl(acl);   
  50.     }  

如果是从后台直接保存树形(比如采用线程定时更新树形的话),没有web层的请求的话,需要用户后台登陆
保存前添加如下代码

java 代码
  1. Authentication authRequest = new UsernamePasswordAuthenticationToken(admin,admin,new GrantedAuthority[]{new GrantedAuthorityImpl(role_admin)});   
  2.         SecurityContextHolder.getContext().setAuthentication(authRequest);  
2、对某用户授予read的权限。
java 代码
  1. String nodeid = request.getParameter("nodeid");   
  2. String rolename = request.getParameter("rolename");   
  3. String mark = request.getParameter("mark");   
  4. String granted = request.getParameter("granted");   
  5.                
  6. Permission p = mutableAclService.buildFromMask(Integer.parseInt(mark));   
  7. updateAcl(Vssdoc.class, Long.parseLong(nodeid), new GrantedAuthoritySid(rolename), p, Boolean.parseBoolean(granted), truenull);  
3、完成了。

 

分享到:
评论
1 楼 jusescn 2007-09-28  
<div class='code_title'>xml 代码</div>
<div class='dp-highlighter'>
<div class='bar'/>
<ol class='dp-xml'>
    <li class='alt'><span><span class='tag'>&lt;?</span><span class='tag-name'>xml</span><span> </span><span class='attribute'>version</span><span>=</span><span class='attribute-value'>"1.0"</span><span> </span><span class='attribute'>encoding</span><span>=</span><span class='attribute-value'>"UTF-8"</span><span class='tag'>?&gt;</span><span>  </span></span></li>
    <li class=''><span>&lt;!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span/><span class='tag'>&lt;</span><span class='tag-name'>beans</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.springframework.beans.factory.config.FieldRetrievingFactoryBean"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"staticField"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.READ"</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.springframework.beans.factory.config.FieldRetrievingFactoryBean"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"staticField"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.READ"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.DELETE"</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.springframework.beans.factory.config.FieldRetrievingFactoryBean"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"staticField"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.DELETE"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span><span class='comments'>&lt;!-- An access decision voter that reads ACL_CONTACT_READ configuration settings --&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"aclReadVoter"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.vote.AclEntryVoter"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"aclService"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"ACL_READ"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.READ"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"processDomainObjectClass"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"com.at21.pm.core.security.acl.domain.AclDomainAware"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span><span class='comments'>&lt;!-- An access decision voter that reads ACL_CONTACT_DELETE configuration settings --&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"aclDeleteVoter"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.vote.AclEntryVoter"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"aclService"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"ACL_DELETE"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.DELETE"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"processDomainObjectClass"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"com.at21.pm.core.security.acl.domain.AclDomainAware"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span><span class='comments'>&lt;!-- An access decision voter that reads ACL_CONTACT_ADMIN configuration settings --&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"aclAdminVoter"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.vote.AclEntryVoter"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"aclService"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"ACL_ADMIN"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"processDomainObjectClass"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"com.at21.pm.core.security.acl.domain.AclDomainAware"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span><span class='comments'>&lt;!-- An access decision manager used by the business objects --&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"ACLaccessDecisionManager"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.vote.AffirmativeBased"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"allowIfAllAbstainDecisions"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"false"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"decisionVoters"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>bean</span><span>=</span><span class='attribute-value'>"roleVoter"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"aclReadVoter"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"aclDeleteVoter"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"aclAdminVoter"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>property</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"aclCache"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.jdbc.EhCacheBasedAclCache"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.springframework.cache.ehcache.EhCacheFactoryBean"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"cacheManager"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>          </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.springframework.cache.ehcache.EhCacheManagerFactoryBean"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;/</span><span class='tag-name'>property</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"cacheName"</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"aclCache"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"lookupStrategy"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.jdbc.BasicLookupStrategy"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"dataSource"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"aclCache"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"aclAuthorizationStrategy"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.ConsoleAuditLogger"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"aclAuthorizationStrategy"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.AclAuthorizationStrategyImpl"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.GrantedAuthorityImpl"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>          </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"ROLE_ADMINISTRATOR"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.GrantedAuthorityImpl"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>          </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"ROLE_ADMINISTRATOR"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.GrantedAuthorityImpl"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>          </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>value</span><span>=</span><span class='attribute-value'>"ROLE_ADMINISTRATOR"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"aclService"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.jdbc.JdbcMutableAclService"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"dataSource"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"lookupStrategy"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"aclCache"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"afterInvocationManager"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.afterinvocation.AfterInvocationProviderManager"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"providers"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"afterAclRead"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"afterAclCollectionRead"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>property</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span><span class='comments'>&lt;!-- Processes AFTER_ACL_COLLECTION_READ configuration settings --&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"afterAclCollectionRead"</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>bean</span><span>=</span><span class='attribute-value'>"aclService"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.READ"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span><span class='comments'>&lt;!-- Processes AFTER_ACL_READ configuration settings --&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"afterAclRead"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.afterinvocation.AclEntryAfterInvocationProvider"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>bean</span><span>=</span><span class='attribute-value'>"aclService"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.ADMINISTRATION"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"org.acegisecurity.acls.domain.BasePermission.READ"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;/</span><span class='tag-name'>list</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>constructor-arg</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>  </span><span class='tag'>&lt;</span><span class='tag-name'>bean</span><span> </span><span class='attribute'>id</span><span>=</span><span class='attribute-value'>"securityInterceptor"</span><span> </span><span class='attribute'>class</span><span>=</span><span class='attribute-value'>"org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"validateConfigAttributes"</span><span class='tag'>&gt;</span><span class='tag'>&lt;</span><span class='tag-name'>value</span><span class='tag'>&gt;</span><span>false</span><span class='tag'>&lt;/</span><span class='tag-name'>value</span><span class='tag'>&gt;</span><span class='tag'>&lt;/</span><span class='tag-name'>property</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"authenticationManager"</span><span> </span><span class='attribute'>ref</span><span>=</span><span class='attribute-value'>"authenticationManager"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"accessDecisionManager"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"ACLaccessDecisionManager"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>property</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"afterInvocationManager"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>      </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>local</span><span>=</span><span class='attribute-value'>"afterInvocationManager"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>property</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;</span><span class='tag-name'>property</span><span> </span><span class='attribute'>name</span><span>=</span><span class='attribute-value'>"objectDefinitionSource"</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>        </span><span class='tag'>&lt;</span><span class='tag-name'>ref</span><span> </span><span class='attribute'>bean</span><span>=</span><span class='attribute-value'>"objectDefinitionSource"</span><span class='tag'>/&gt;</span><span>  </span></li>
    <li class=''><span>  </span></li>
    <li class='alt'><span>    </span><span class='tag'>&lt;/</span><span class='tag-name'>property</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class=''><span>  </span><span class='tag'>&lt;/</span><span class='tag-name'>bean</span><span class='tag'>&gt;</span><span>  </span></li>
    <li class='alt'><span>  </span></li>
    <li class=''><span/><span class='tag'>&lt;/</span><span class='tag-name'>beans</span><span class='tag'>&gt;</span><span>  </span></li>
</ol>
</div>
<font>applicationContext-acegi-acl.xml</font>

相关推荐

    acegi-src1.0.5

    acegi,spring的安全验证框架

    基于Acegi安全框架的权限管理研究与实现.

    - **细粒度的权限控制**:支持URL级别的权限管理,使得开发者能够精确地控制不同用户或角色对于特定资源的访问权限。 - **业务逻辑与安全检查的解耦**:通过AOP技术将业务逻辑与安全检查逻辑分离,确保两者相互独立...

    acegi实现用户权限

    权限是更细粒度的访问控制,可以精确到操作级别的控制。AceGI可以通过配置实现基于角色的访问控制(RBAC)或基于权限的访问控制(PBAC)。 在实际应用中,AceGI的配置通常在Spring的配置文件中完成,通过定义...

    使用acegi控制用户权限实例

    在本实例中,我们将深入探讨如何使用Acegi来控制用户的权限。Acegi Security已经被Spring Security替代,但其核心思想和机制仍然适用于现代的Spring Security。 首先,我们需要理解Acegi的基础概念。Acegi的核心是`...

    acegi+ssh动态实现基于角色的权限管理

    ### acegi+SSH动态实现基于角色的权限管理 在企业级应用开发中,权限管理和用户认证是必不可少的安全机制。本文将详细介绍如何利用Acegi安全框架(现称为Spring Security)结合SSH(Struts + Spring + Hibernate)...

    acegi 权限控制按钮

    总结一下,Acegi是一个强大的安全框架,它提供了细粒度的权限控制,能够做到按钮或HTML元素级别的权限管理。通过自定义策略和配置,可以轻松地集成到Spring应用程序中,并部署在Tomcat服务器上。"acegi-demo"项目是...

    基于rbac模式的acegi权限管理

    RBAC是一种广泛采用的权限模型,通过角色来分配权限,有效地实现了用户与权限之间的间接关联,降低了权限管理的复杂性。 Acegi Security是Spring框架的一个扩展,它为Java应用程序提供了全面的安全性解决方案。在...

    Spring Acegi权限控制

    Spring Acegi权限控制是Spring框架中用于实现Web应用安全的一种解决方案。Acegi Security(现已被Spring Security替代)是一个功能强大的安全框架,它主要解决了认证(Authentication)和授权(Authorization)这两...

    动态实现基于角色的权限管理(Acegi+hibernate )

    Acegi支持多种访问控制策略,如`AccessDecisionVoter`的投票机制、表达式语言(如SpEL)进行细粒度控制等。这使得我们可以根据具体需求定制复杂的访问规则。 9. **异常处理** 当用户试图访问未授权的资源时,...

    acegi-security-1.0.5.zip

    7. acegi-security-tiger-1.0.5.jar:这个组件是针对Java SE 5(也称为Tiger)的优化,确保框架在新版本的Java平台上能够高效运行。 8. license.txt、readme.txt和notice.txt:这些文件分别包含了框架的许可协议、...

    acegi-security-1.0.5.jar

    acegi-security-1.0.5.jar java权限控制应用包下载

    权限Acegi的使用

    Acegi允许通过定义安全表达式、访问决策管理器和访问决策投票器来进行细粒度的授权控制。 3. **安全拦截**:Acegi利用Spring的AOP框架来实现对方法调用和URL访问的拦截。你可以定义安全拦截规则,例如,只有特定...

    batis+acegi实现的动态权限控制

    标题 "batis+acegi实现的动态权限控制" 暗示了这个项目是关于整合Spring框架中的Acegi安全模块和MyBatis ORM框架,来创建一个动态的权限管理系统。Acegi是Spring早期的安全组件,现在已被Spring Security所取代,但...

    Acegi解决权限问题

    首先,Acegi的核心功能是提供细粒度的访问控制,允许开发者对应用中的资源(如URL、方法、对象等)设置特定的访问权限。它通过Spring AOP(面向切面编程)实现,使得权限检查可以在不修改业务代码的情况下进行。 1....

    Acegi安全权限管理手册

    Acegi的安全模型允许精细的权限控制,可以基于角色、URL、方法甚至业务对象进行授权。它使用AOP(面向切面编程)来实现权限检查,可以在任何代码执行点进行安全拦截。 4. **会话管理(Session Management)**: ...

    mypro.rar_Acegi Appfuse2 _acegi_java 数据库_java 权限_数据权限控制

    《基于Acegi、Appfuse2与Java的数据权限控制系统构建》 在信息技术领域,尤其是在企业级应用开发中,安全性和权限管理是至关重要的组成部分。本文将深入探讨如何利用Spring、Acegi框架以及Ext2.0库,结合MySQL...

Global site tag (gtag.js) - Google Analytics