Acegi 的配置(2)-Mysql Tutorial-php.cn

Table of Contents

在applicationContext-acegi-security.xml中

2.2.3 HTTP安全请求

2.2.4 方法调用安全控制

3 Jcaptcha验证码

Home

Database

Mysql Tutorial

Acegi 的配置(2)

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:30 PM

Configuration

在applicationContext-acegi-security.xml中 1.FILTER CHAIN FilterChainProxy会按顺序来调用这些filter,使这些 filter能享用Spring ioc的功能, CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON定义了url比较前先转为小写， PATTERN_TYPE_APACHE_ANT定义了使用A

在applicationContext-acegi-security.xml中

1.FILTER CHAIN

　　FilterChainProxy会按顺序来调用这些filter,使这些 filter能享用Spring ioc的功能, CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON定义了url比较前先转为小写， PATTERN_TYPE_APACHE_ANT定义了使用Apache ant的匹配模式

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter, basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter, exceptionTranslationFilter,filterInvocationInterceptor </value> </property> </bean>

Copy after login

2.基础认证

1) authenticationManager
　　起到认证管理的作用，它将验证的功能委托给多个Provider，并通过遍历Providers, 以保证获取不同来源的身份认证，若某个Provider能成功确认当前用户的身份，authenticate()方法会返回一个完整的包含用户授权信息的 Authentication对象，否则会抛出一个AuthenticationException。
Acegi提供了不同的AuthenticationProvider的实现,如：
        DaoAuthenticationProvider 从数据库中读取用户信息验证身份
        AnonymousAuthenticationProvider 匿名用户身份认证
        RememberMeAuthenticationProvider 已存cookie中的用户信息身份认证
        AuthByAdapterProvider 使用容器的适配器验证身份
        CasAuthenticationProvider 根据Yale中心认证服务验证身份, 用于实现单点登陆
        JaasAuthenticationProvider 从JASS登陆配置中获取用户信息验证身份
        RemoteAuthenticationProvider 根据远程服务验证用户身份
        RunAsImplAuthenticationProvider 对身份已被管理器替换的用户进行验证
        X509AuthenticationProvider 从X509认证中获取用户信息验证身份
        TestingAuthenticationProvider 单元测试时使用

每个认证者会对自己指定的证明信息进行认证，如DaoAuthenticationProvider仅对UsernamePasswordAuthenticationToken这个证明信息进行认证。

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider"></ref> <ref local="anonymousAuthenticationProvider"></ref> <ref local="rememberMeAuthenticationProvider"></ref> </list> </property> </bean>

Copy after login

2) daoAuthenticationProvider
　　进行简单的基于数据库的身份验证。DaoAuthenticationProvider获取数据库中的账号密码并进行匹配，若成功则在通过用户身份的同时返回一个包含授权信息的Authentication对象，否则身份验证失败，抛出一个AuthenticatiionException。

<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="jdbcDaoImpl"></property> <property name="userCache" ref="userCache"></property> <property name="passwordEncoder" ref="passwordEncoder"></property> </bean>

Copy after login

3) passwordEncoder
　　使用加密器对用户输入的明文进行加密。Acegi提供了三种加密器:
PlaintextPasswordEncoder—默认，不加密，返回明文.
ShaPasswordEncoder—哈希算法(SHA)加密
Md5PasswordEncoder—消息摘要(MD5)加密

1	`<bean id="passwordEncoder"` `class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"></bean>`

Copy after login

4) jdbcDaoImpl
　　用于在数据中获取用户信息。 acegi提供了用户及授权的表结构，但是您也可以自己来实现。通过usersByUsernameQuery这个SQL得到你的(用户ID,密码,状态信息);通过authoritiesByUsernameQuery这个SQL得到你的(用户ID,授权信息)

<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource" ref="dataSource"></property> <property name="usersByUsernameQuery"> <value>select loginid,passwd,1 from users where loginid = ?</value> </property> <property name="authoritiesByUsernameQuery"> <value>select u.loginid,p.name from users u,roles r,permissions p,user_role ur,role_permis rp where u.id=ur.user_id and r.id=ur.role_id and p.id=rp.permis_id and r.id=rp.role_id and p.status='1' and u.loginid=?</value> </property> </bean>

Copy after login

5) userCache　& resourceCache
　　缓存用户和资源相对应的权限信息。每当请求一个受保护资源时，daoAuthenticationProvider就会被调用以获取用户授权信息。如果每次都从数据库获取的话，那代价很高，对于不常改变的用户和资源信息来说，最好是把相关授权信息缓存起来。(详见 2.6.3 资源权限定义扩展 )
userCache提供了两种实现: NullUserCache和EhCacheBasedUserCache, NullUserCache实际上就是不进行任何缓存，EhCacheBasedUserCache是使用Ehcache来实现缓功能。

<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager" ref="cacheManager"></property> <property name="cacheName" value="userCache"></property> </bean> <bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache" autowire="byName"> <property name="cache" ref="userCacheBackend"></property> </bean> <bean id="resourceCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager" ref="cacheManager"></property> <property name="cacheName" value="resourceCache"></property> </bean> <bean id="resourceCache" class="org.springside.modules.security.service.acegi.cache.ResourceCache" autowire="byName"> <property name="cache" ref="resourceCacheBackend"></property> </bean>

Copy after login

6) basicProcessingFilter
　　用于处理HTTP头的认证信息，如从Spring远程协议(如Hessian和Burlap)或普通的浏览器如IE,Navigator的HTTP头中获取用户信息，将他们转交给通过authenticationManager属性装配的认证管理器。如果认证成功，会将一个Authentication 对象放到会话中，否则，如果认证失败，会将控制转交给认证入口点(通过authenticationEntryPoint属性装配)

1	`<bean id="basicProcessingFilter"` `class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"><br> <property name="authenticationManager"` `ref="authenticationManager"></property><br> <property name="authenticationEntryPoint"` `ref="basicProcessingFilterEntryPoint"></property><br> </bean>`

Copy after login

7) basicProcessingFilterEntryPoint
　　通过向浏览器发送一个HTTP401(未授权)消息，提示用户登录。
处理基于HTTP的授权过程，在当验证过程出现异常后的"去向"，通常实现转向、在response里加入error信息等功能。

1	`<bean id="basicProcessingFilterEntryPoint"` `class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"><br> <property name="realmName"` `value="SpringSide Realm"></property><br></bean>`

Copy after login

8) authenticationProcessingFilterEntryPoint
　　当抛出AccessDeniedException时，将用户重定向到登录界面。属性loginFormUrl配置了一个登录表单的URL,当需要用户登录时，authenticationProcessingFilterEntryPoint会将用户重定向到该URL

1	`<bean id="authenticationProcessingFilterEntryPoint"` `class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"><br> <property name="loginFormUrl"><br> <value>/security/login.jsp</value><br> </property><br> <property name="forceHttps"` `value="false"></property><br></bean>`

Copy after login

2.2.3 HTTP安全请求

1) httpSessionContextIntegrationFilter
　　每次request前 HttpSessionContextIntegrationFilter从Session中获取Authentication对象，在request完后, 又把Authentication对象保存到Session中供下次request使用,此filter必须其他Acegi filter前使用，使之能跨越多个请求。

<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"></bean> <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"></ref> </list> </property> </bean>

Copy after login

2) httpRequestAccessDecisionManager
　　经过投票机制来决定是否可以访问某一资源(URL或方法)。allowIfAllAbstainDecisions为false时如果有一个或以上的 decisionVoters投票通过,则授权通过。可选的决策机制有ConsensusBased和UnanimousBased

1	`<bean id="httpRequestAccessDecisionManager"` `class="org.acegisecurity.vote.AffirmativeBased"><br> <property name="allowIfAllAbstainDecisions"` `value="false"></property><br> <property name="decisionVoters"><br> <list><br> <ref bean="roleVoter"></ref><br> </list><br> </property><br> </bean>`

Copy after login

3) roleVoter
　　必须是以rolePrefix设定的value开头的权限才能进行投票,如AUTH_ , ROLE_

1	`<bean id="roleVoter"` `class="org.acegisecurity.vote.RoleVoter"><br> <property name="rolePrefix"` `value="AUTH_"></property><br> </bean>`

Copy after login

4）exceptionTranslationFilter
　　异常转换过滤器，主要是处理AccessDeniedException和AuthenticationException，将给每个异常找到合适的"去向"

1	`<bean id="exceptionTranslationFilter"` `class="org.acegisecurity.ui.ExceptionTranslationFilter"><br> <property name="authenticationEntryPoint"` `ref="authenticationProcessingFilterEntryPoint"></property><br> </bean>`

Copy after login

5) authenticationProcessingFilter
　　和servlet spec差不多,处理登陆请求.当身份验证成功时，AuthenticationProcessingFilter会在会话中放置一个Authentication对象，并且重定向到登录成功页面
         authenticationFailureUrl定义登陆失败时转向的页面
         defaultTargetUrl定义登陆成功时转向的页面
         filterProcessesUrl定义登陆请求的页面
         rememberMeServices用于在验证成功后添加cookie信息

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"></property> <property name="authenticationFailureUrl"> <value>/security/login.jsp?login_error=1</value> </property> <property name="defaultTargetUrl"> <value>/admin/index.jsp</value> </property> <property name="filterProcessesUrl"> <value>/j_acegi_security_check</value> </property> <property name="rememberMeServices" ref="rememberMeServices"></property> </bean>

Copy after login

6) filterInvocationInterceptor
　　在执行转向url前检查objectDefinitionSource中设定的用户权限信息。首先，objectDefinitionSource中定义了访问URL需要的属性信息(这里的属性信息仅仅是标志，告诉accessDecisionManager要用哪些voter来投票)。然后， authenticationManager掉用自己的provider来对用户的认证信息进行校验。最后，有投票者根据用户持有认证和访问url需要的属性，调用自己的voter来投票，决定是否允许访问。

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"></property> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"></property> <property name="objectDefinitionSource" ref="filterDefinitionSource"></property> </bean>

Copy after login

7) filterDefinitionSource (详见 2.6.3 资源权限定义扩展)
　　自定义DBFilterInvocationDefinitionSource从数据库和cache中读取保护资源及其需要的访问权限信息

<bean id="filterDefinitionSource" class="org.springside.modules.security.service.acegi.DBFilterInvocationDefinitionSource"> <property name="convertUrlToLowercaseBeforeComparison" value="true"></property> <property name="useAntPath" value="true"></property> <property name="acegiCacheManager" ref="acegiCacheManager"></property> </bean>

Copy after login

2.2.4 方法调用安全控制

(详见 2.6.3 资源权限定义扩展)

1) methodSecurityInterceptor
　　在执行方法前进行拦截，检查用户权限信息
2) methodDefinitionSource
　　自定义MethodDefinitionSource从cache中读取权限

<bean id="methodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"></property> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"></property> <property name="objectDefinitionSource" ref="methodDefinitionSource"></property> </bean> <bean id="methodDefinitionSource" class="org.springside.modules.security.service.acegi.DBMethodDefinitionSource"> <property name="acegiCacheManager" ref="acegiCacheManager"></property> </bean> 

Copy after login

3 Jcaptcha验证码

采用 http://jcaptcha.sourceforge.net 作为通用的验证码方案，请参考SpringSide中的例子，或网上的：
http://www.coachthrasher.com/page/blog?entry=jcaptcha_with_appfuse。

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

4 weeks ago By DDD

Atomfall guide: item locations, quest guides, and tips

1 months ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7681

Java Tutorial

1639

CakePHP Tutorial

1393

Laravel Tutorial

1286

PHP Tutorial

1229

Related knowledge

How to set up Git configuration in PyCharm Feb 20, 2024 am 09:47 AM

Title: How to correctly configure Git in PyCharm In modern software development, the version control system is a very important tool, and Git, as one of the popular version control systems, provides developers with powerful functions and flexible operations. As a powerful Python integrated development environment, PyCharm comes with support for Git, allowing developers to manage code versions more conveniently. This article will introduce how to correctly configure Git in PyCharm to facilitate better development during the development process.

The perfect combination of PyCharm and PyTorch: detailed installation and configuration steps Feb 21, 2024 pm 12:00 PM

PyCharm is a powerful integrated development environment (IDE), and PyTorch is a popular open source framework in the field of deep learning. In the field of machine learning and deep learning, using PyCharm and PyTorch for development can greatly improve development efficiency and code quality. This article will introduce in detail how to install and configure PyTorch in PyCharm, and attach specific code examples to help readers better utilize the powerful functions of these two. Step 1: Install PyCharm and Python

The working principle and configuration method of GDM in Linux system Mar 01, 2024 pm 06:36 PM

Title: The working principle and configuration method of GDM in Linux systems In Linux operating systems, GDM (GNOMEDisplayManager) is a common display manager used to control graphical user interface (GUI) login and user session management. This article will introduce the working principle and configuration method of GDM, as well as provide specific code examples. 1. Working principle of GDM GDM is the display manager in the GNOME desktop environment. It is responsible for starting the X server and providing the login interface. The user enters

Understand Linux Bashrc: functions, configuration and usage Mar 20, 2024 pm 03:30 PM

Understanding Linux Bashrc: Function, Configuration and Usage In Linux systems, Bashrc (BourneAgainShellruncommands) is a very important configuration file, which contains various commands and settings that are automatically run when the system starts. The Bashrc file is usually located in the user's home directory and is a hidden file. Its function is to customize the Bashshell environment for the user. 1. Bashrc function setting environment

How to configure workgroup in win11 system Feb 22, 2024 pm 09:50 PM

How to configure a workgroup in Win11 A workgroup is a way to connect multiple computers in a local area network, which allows files, printers, and other resources to be shared between computers. In Win11 system, configuring a workgroup is very simple, just follow the steps below. Step 1: Open the "Settings" application. First, click the "Start" button of the Win11 system, and then select the "Settings" application in the pop-up menu. You can also use the shortcut "Win+I" to open "Settings". Step 2: Select "System" In the Settings app, you will see multiple options. Please click the "System" option to enter the system settings page. Step 3: Select "About" In the "System" settings page, you will see multiple sub-options. Please click

Simple and easy-to-understand PyCharm configuration Git tutorial Feb 20, 2024 am 08:28 AM

PyCharm is a commonly used integrated development environment (IDE). In daily development, using Git to manage code is essential. This article will introduce how to configure Git in PyCharm and use Git for code management, with specific code examples. Step 1: Install Git First, make sure Git is installed on your computer. If it is not installed, you can go to [Git official website](https://git-scm.com/) to download and install the latest version of Git

Avoid common mistakes in Maven environment configuration: Solve configuration problems Feb 19, 2024 pm 04:56 PM

Maven is a Java project management and build tool that is widely used in the development of Java projects. In the process of using Maven to build projects, you often encounter some common environment configuration problems. This article will answer these common questions and provide specific code examples to help readers avoid common configuration errors. 1. Maven environment variables are incorrectly configured. Problem description: When using Maven, if the environment variables are incorrectly configured, Maven may not work properly. Solution: Make sure

How to configure and install FTPS in Linux system Mar 20, 2024 pm 02:03 PM

Title: How to configure and install FTPS in Linux system, specific code examples are required. In Linux system, FTPS is a secure file transfer protocol. Compared with FTP, FTPS encrypts the transmitted data through TLS/SSL protocol, which improves Security of data transmission. In this article, we will introduce how to configure and install FTPS in a Linux system and provide specific code examples. Step 1: Install vsftpd Open the terminal and enter the following command to install vsftpd: sudo

See all articles