Chinaunix首页 | 论坛 | 博客
  • 博客访问: 715156
  • 博文数量: 147
  • 博客积分: 6010
  • 博客等级: 准将
  • 技术积分: 1725
  • 用 户 组: 普通用户
  • 注册时间: 2008-08-22 10:36
文章分类

全部博文(147)

文章存档

2011年(1)

2010年(1)

2009年(35)

2008年(110)

我的朋友

分类: Java

2008-12-22 21:46:10

下面讲述Acegi完成的表单功能验证包括RememberMe服务:
1.首先在FilterChainProxy过滤器链中配置用于表单认证的如下过滤器:authenticationProcessingFilter,rememberMeProcessingFilter

/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
        

2.配置AuthenticationProcessingFilter:

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>

//用户名或者密码错误时候转向的页面
      <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>

//成功后进入的页面
      <property name="defaultTargetUrl"><value>/</value></property>

//form表单中action
      <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
      <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
   </bean>

   <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
      <property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
      <property name="forceHttps"><value>false</value></property>
      <property name="serverSideRedirect" value="false"></property>
   </bean>

RememberMe服务:

<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
      <property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
      <property name="key"><value>springRocks</value></property>
//对应登陆页面的复选框名称     

 <property name="parameter" value="rememberMeContactsForm"></property>
   </bean>

在ExceprionTranslationFilter中注册:

<bean id="exceptionTranslationFilter"
        class="org.acegisecurity.ui.ExceptionTranslationFilter">
         <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
//登陆成功但是没有权限时,转向的页面       

  <property name="accessDeniedHandler">
          <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
              <property name="errorPage" value="/accessDenied.jsp"/>
          </bean>
      </property>
    </bean>

下面给出了登陆页面的内容:

< pageEncoding="GBK" contentType="text/html; charset=GBK" %>
<%@ taglib prefix='c' uri='' %>
<%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %>
<%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.acegisecurity.AuthenticationException" %>


 
    登录
 

 
   

登录

 

Valid users:
 


 

username marissa, password koala
 

username dianne, password emu
 

username scott, password wombat
 

username peter, password opal (user disabled)
 

username bill, password wombat
 

username bob, password wombat
 

username jane, password wombat
 


 
    <%-- this form-login-page form is also used as the
         form-error-page to ask for a login again.
         --%>
   

   


     
       
         
         
       
       
       

       


       

     
User:
Password:
Don't ask for my password for two weeks

   

 

控制并发的HttpSession和RememberMe服务冲突,他们不能够同时使用!

在FilterChainProxy中加入:

/**=concurrentSessionFilter

配置:

<bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilter">
        <property name="sessionRegistry" ref="sessionRegistry"></property>
        <property name="expiredUrl"><value>/hello.htm</value></property>
    </bean>
    
    <bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl"></bean>
    
    <bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
        <property name="maximumSessions" value="1"></property>
        <property name="sessionRegistry" ref="sessionRegistry"></property>
        <property name="exceptionIfMaximumExceeded" value="false"></property>
    </bean>

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
      <property name="providers">
         <list>
            <ref local="daoAuthenticationProvider"/>
            <ref local="anonymousAuthenticationProvider"/>
             <ref local="rememberMeAuthenticationProvider"/>
         </list>
      </property>
      <property name="sessionController" ref="concurrentSessionController"></property>
   </bean>

在web.xml中加入:

<listener>
        <listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
    </listener>

切换用户:

比如marissa用户具有ROLE_USER,ROLE_SUPERVISOR角色,那么marissa不需要m密码就可以切换到任意用户。

在FilterChainProxy中加入:

switchUserProcessingFilter

<bean id="switchUserProcessingFilter" class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter">
      <property name="userDetailsService" ref="jdbcDaoImpl" />
     <property name="switchUserUrl"><value>/j_acegi_switch_user</value></property>
     <property name="exitUserUrl"><value>/j_acegi_exit_user</value></property>
//当用户切换成功时候,就会转换到下面指定的页面   

  <property name="targetUrl"><value>/secure/index.htm</value></property>
   </bean>

 

转换页面:

%@page pageEncoding="GBK" contentType="text/html; charset=GBK" %>
<%@ taglib prefix='c' uri='' %>
<%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %>
<%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.acegisecurity.AuthenticationException" %>

<html>
  <head>
    <title>Switch User</title>
  </head>

  <body>
    <h1>Switch to User</h1>

    <P>Valid users:
    <P>
    <P>username <b>marissa</b>, password <b>koala</b>
    <P>username <b>dianne</b>, password <b>emu</b>
    <p>username <b>scott</b>, password <b>wombat</b>
    <p>username <b>bill</b>, password <b>wombat</b>
    <p>username <b>bob</b>, password <b>wombat</b>
    <p>username <b>jane</b>, password <b>wombat</b>
    <p>
    
    <%-- this form-login-page form is also used as the
         form-error-page to ask for a login again.
         --%>
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your 'su' attempt was not successful, try again.<BR><BR>
        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>

    <form action="" method="POST">
      <table>
        <tr><td>User:</td><td><input type='text' name='j_username'></td></tr>
        <tr><td colspan='2'><input name="switch" type="submit" value="Switch to User"></td></tr>
      </table>

    </form>

  </body>
</html>

退出页面:

%@page pageEncoding="GBK" contentType="text/html; charset=GBK" %>
<%@ taglib prefix='c' uri='' %>

<%@ page import="org.acegisecurity.context.SecurityContextHolder" %>
<%@ page import="org.acegisecurity.Authentication" %>
<%@ page import="org.acegisecurity.ui.AbstractProcessingFilter" %>
<%@ page import="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" %>
<%@ page import="org.acegisecurity.AuthenticationException" %>

<html>
  <head>
    <title>Exit User</title>
  </head>

  <body>
    <h1>Exit User</h1>

    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your 'Exit User' attempt was not successful, try again.<BR><BR>
        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>

    <form action="" method="POST">
      <table>
        <tr><td>Current User:</td><td>

         <%
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            if (auth != null) { %>
            
            <%= auth.getPrincipal().toString() %>
            
        <% } %>        
         </td></tr>
        <tr><td colspan='2'><input name="exit" type="submit" value="Exit"></td></tr>
      </table>

    </form>

  </body>
</html>

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
      <property name="objectDefinitionSource">
         <value>
             CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
             PATTERN_TYPE_APACHE_ANT
             /index.jsp=ROLE_ANONYMOUS,ROLE_USER
             /hello.htm=ROLE_ANONYMOUS,ROLE_USER
             /logoff.jsp=ROLE_ANONYMOUS,ROLE_USER
             /switchuser.jsp=ROLE_SUPERVISOR
             /j_acegi_switch_user=ROLE_SUPERVISOR
             /acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER
                /**=ROLE_USER
         </value>
      </property>
   </bean>

在FilterChainProxy加入:

securityContextHolderAwareRequestFilter

配置如下: 

 

阅读(2719) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~