下面讲述Acegi完成的表单功能验证包括RememberMe服务:
1.首先在FilterChainProxy过滤器链中配置用于表单认证的如下过滤器:authenticationProcessingFilter,rememberMeProcessingFilter
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
2.配置AuthenticationProcessingFilter:
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property>
//用户名或者密码错误时候转向的页面 <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
//成功后进入的页面 <property name="defaultTargetUrl"><value>/</value></property>
//form表单中action <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> <property name="rememberMeServices"><ref local="rememberMeServices"/></property> </bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/acegilogin.jsp</value></property> <property name="forceHttps"><value>false</value></property> <property name="serverSideRedirect" value="false"></property> </bean>
|
RememberMe服务:
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService"><ref local="jdbcDaoImpl"/></property> <property name="key"><value>springRocks</value></property> //对应登陆页面的复选框名称
<property name="parameter" value="rememberMeContactsForm"></property> </bean>
|
在ExceprionTranslationFilter中注册:
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> //登陆成功但是没有权限时,转向的页面
<property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/accessDenied.jsp"/> </bean> </property> </bean>
|
下面给出了登陆页面的内容:
< pageEncoding="GBK" contentType="text/html; charset=GBK" %> <%@ taglib prefix='c' uri='' %> <%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %> <%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %> <%@ page import="org.acegisecurity.AuthenticationException" %>
登录
登录
Valid users:
username marissa, password koala username dianne, password emu username scott, password wombat username peter, password opal (user disabled) username bill, password wombat username bob, password wombat username jane, password wombat <%-- this form-login-page form is also used as the form-error-page to ask for a login again. --%>
|
控制并发的HttpSession和RememberMe服务冲突,他们不能够同时使用!
在FilterChainProxy中加入:
/**=concurrentSessionFilter
配置:
<bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilter"> <property name="sessionRegistry" ref="sessionRegistry"></property> <property name="expiredUrl"><value>/hello.htm</value></property> </bean> <bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl"></bean> <bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl"> <property name="maximumSessions" value="1"></property> <property name="sessionRegistry" ref="sessionRegistry"></property> <property name="exceptionIfMaximumExceeded" value="false"></property> </bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider"/> <ref local="anonymousAuthenticationProvider"/> <ref local="rememberMeAuthenticationProvider"/> </list> </property> <property name="sessionController" ref="concurrentSessionController"></property> </bean>
|
在web.xml中加入:
<listener> <listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class> </listener>
|
切换用户:
比如marissa用户具有ROLE_USER,ROLE_SUPERVISOR角色,那么marissa不需要m密码就可以切换到任意用户。
在FilterChainProxy中加入:
switchUserProcessingFilter
<bean id="switchUserProcessingFilter" class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter"> <property name="userDetailsService" ref="jdbcDaoImpl" /> <property name="switchUserUrl"><value>/j_acegi_switch_user</value></property> <property name="exitUserUrl"><value>/j_acegi_exit_user</value></property> //当用户切换成功时候,就会转换到下面指定的页面
<property name="targetUrl"><value>/secure/index.htm</value></property> </bean>
|
转换页面:
%@page pageEncoding="GBK" contentType="text/html; charset=GBK" %> <%@ taglib prefix='c' uri='' %> <%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %> <%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %> <%@ page import="org.acegisecurity.AuthenticationException" %>
<html> <head> <title>Switch User</title> </head>
<body> <h1>Switch to User</h1>
<P>Valid users: <P> <P>username <b>marissa</b>, password <b>koala</b> <P>username <b>dianne</b>, password <b>emu</b> <p>username <b>scott</b>, password <b>wombat</b> <p>username <b>bill</b>, password <b>wombat</b> <p>username <b>bob</b>, password <b>wombat</b> <p>username <b>jane</b>, password <b>wombat</b> <p> <%-- this form-login-page form is also used as the form-error-page to ask for a login again. --%> <c:if test="${not empty param.login_error}"> <font color="red"> Your 'su' attempt was not successful, try again.<BR><BR> Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %> </font> </c:if>
<form action="" method="POST"> <table> <tr><td>User:</td><td><input type='text' name='j_username'></td></tr> <tr><td colspan='2'><input name="switch" type="submit" value="Switch to User"></td></tr> </table>
</form>
</body> </html>
|
退出页面:
%@page pageEncoding="GBK" contentType="text/html; charset=GBK" %> <%@ taglib prefix='c' uri='' %>
<%@ page import="org.acegisecurity.context.SecurityContextHolder" %> <%@ page import="org.acegisecurity.Authentication" %> <%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %> <%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %> <%@ page import="org.acegisecurity.AuthenticationException" %>
<html> <head> <title>Exit User</title> </head>
<body> <h1>Exit User</h1>
<c:if test="${not empty param.login_error}"> <font color="red"> Your 'Exit User' attempt was not successful, try again.<BR><BR> Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %> </font> </c:if>
<form action="" method="POST"> <table> <tr><td>Current User:</td><td>
<% Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null) { %> <%= auth.getPrincipal().toString() %> <% } %> </td></tr> <tr><td colspan='2'><input name="exit" type="submit" value="Exit"></td></tr> </table>
</form>
</body> </html>
|
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /index.jsp=ROLE_ANONYMOUS,ROLE_USER /hello.htm=ROLE_ANONYMOUS,ROLE_USER /logoff.jsp=ROLE_ANONYMOUS,ROLE_USER /switchuser.jsp=ROLE_SUPERVISOR /j_acegi_switch_user=ROLE_SUPERVISOR /acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER /**=ROLE_USER </value> </property> </bean>
|
在FilterChainProxy加入:
securityContextHolderAwareRequestFilter
配置如下:
阅读(2719) | 评论(0) | 转发(0) |