BlogJava-VIRGIN FOREST OF JAVA-文章分类-Acegi Securityhttp://www.blogjava.net/RR00/category/16366.html不要埋头苦干,要学习,学习,再学习。。。。。 <br> powered by <font color='orange'>R.Zeus</font>zh-cnThu, 08 Mar 2007 06:43:23 GMTThu, 08 Mar 2007 06:43:23 GMT60acegi in springhttp://www.blogjava.net/RR00/articles/102379.htmlR.ZeusR.ZeusWed, 07 Mar 2007 05:24:00 GMThttp://www.blogjava.net/RR00/articles/102379.htmlhttp://www.blogjava.net/RR00/comments/102379.htmlhttp://www.blogjava.net/RR00/articles/102379.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/102379.htmlhttp://www.blogjava.net/RR00/services/trackbacks/102379.htmlfor example,the "filterInvocationDefinitionSource" properties,Spring will choose the class "FilterInvocationDefinitionSourceEditor" to solve  the "filterInvocationDefinitionSource".u may notes that
the "FilterInvocationDefinitionSourceEditor" = "filterInvocationDefinitionSource" plus "editor" ignore the case.
That is exactly what Spring do.

in acegi , "filterInvocationDefinitionSource"  use to store urls for filering,so when u understand the its struture ,u can
get the url for database,not explicitly.

for the key word " CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON",it means u must
set the properties name lower case,otherwise will be error.

and "  PATTERN_TYPE_APACHE_ANT" means use class PathBasedFilterInvocationDefinitionMap,default use
class RegExpBasedFilterInvocationDefinitionMap.

R.Zeus 2007-03-07 13:24 发表评论
]]>i18n-fuck the ReloadableResourceBundleMessageSourcehttp://www.blogjava.net/RR00/articles/76821.htmlR.ZeusR.ZeusMon, 23 Oct 2006 12:11:00 GMThttp://www.blogjava.net/RR00/articles/76821.htmlhttp://www.blogjava.net/RR00/comments/76821.htmlhttp://www.blogjava.net/RR00/articles/76821.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/76821.htmlhttp://www.blogjava.net/RR00/services/trackbacks/76821.html <bean id="messageSource"
          class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <property name="basename">
            <value>com/suzsoft/jportal/usermanagement/acegi/ApplicationMessages_zh_CN</value>
        </property>
        <property name="alwaysUseMessageFormat" value="true"/>
    </bean>


this from the reference,but the ReloadableResourceBundleMessageSource seems never init and i don't konw how to make it work.

at the last ,I use

  <bean id="messageSource"
          class="org.springframework.context.support.ResourceBundleMessageSource">
        <property name="basename">
            <value>com.suzsoft.jportal.usermanagement.acegi.ApplicationMessages</value>
        </property>
        <property name="alwaysUseMessageFormat" value="true"/>
 </bean>

ResourceBundleMessageSource:

setBasename

public void setBasename(String basename)

Set a single basename, following ResourceBundle conventions: It is a fully-qualified classname. If it doesn't contain a package qualifier (such as org.mypackage), it will be resolved from the classpath root.

Messages will normally be held in the /lib or /classes directory of a WAR. They can also be held in Jars on the class path. For example, a Jar in an application's manifest classpath could contain messages for the application.

ReloadableResourceBundleMessageSource:

setBasename

public void setBasename(String basename)
Set a single basename, following the basic ResourceBundle convention of not specifying file extension or language codes, but in contrast to ResourceBundleMessageSource referring to a Spring resource location: e.g. "WEB-INF/messages" for "WEB-INF/messages.properties", "WEB-INF/messages_en.properties", etc.

As of Spring 1.2.2, XML properties files are also supported: e.g. "WEB-INF/messages" will find and load "WEB-INF/messages.xml", "WEB-INF/messages_en.xml", etc as well. Note that this will only work on JDK 1.5+.




R.Zeus 2006-10-23 20:11 发表评论
]]>acegi security is so perfect for login filterhttp://www.blogjava.net/RR00/articles/76254.htmlR.ZeusR.ZeusThu, 19 Oct 2006 13:14:00 GMThttp://www.blogjava.net/RR00/articles/76254.htmlhttp://www.blogjava.net/RR00/comments/76254.htmlhttp://www.blogjava.net/RR00/articles/76254.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/76254.htmlhttp://www.blogjava.net/RR00/services/trackbacks/76254.htmlAfter use it first time in an project ,I found it so goodt!My project use struts+tiles+spring+acegi security+hibernate.
The below feature  make much effect in my project:

1.when logout and then click 'back' button in the IE Toolbars  to the last page which will be expired and auto redirect to appointed URL.
2.if client login the system but do nothing too long ,the session will be detected and expired!but as far I don't know how did the Acegi Security implements this.(this feature is seems in spring or tomcat,after set the sessionRegistor in Acegi Security ,it is not validate)
3.Acegi Security can control How the same username can logined in different ip!e.g. the same username can login many from ip or just can only login once.for single login,there are two case:the next login will be forbided ; the next login is permited and the first login auto out fo session.it is depend on the
security level!

one thing not resolved is that if there are two different user sign in on the same mache,the prev-user will auto session expired.How to achieve this?

after set property "sessionController",below is the variety:
1.auto login; if there is one user sign ,and then open a new IE to address a url need auth ,the url will redirect to the loginfromurl.but befor set this property, the url will open a page with the signed user.
2.if there is a url needed auth on the IE address(this may be left by last login and not logout),after server restar,the
url will redirect to the loginfromurl.before this url will continuate with last authed user.
3.session will not auto expire after long time idlesse.



R.Zeus 2006-10-19 21:14 发表评论
]]>Acegi Security and Strutshttp://www.blogjava.net/RR00/articles/75582.htmlR.ZeusR.ZeusTue, 17 Oct 2006 05:07:00 GMThttp://www.blogjava.net/RR00/articles/75582.htmlhttp://www.blogjava.net/RR00/comments/75582.htmlhttp://www.blogjava.net/RR00/articles/75582.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/75582.htmlhttp://www.blogjava.net/RR00/services/trackbacks/75582.htmlAcegi Secutiry is for URL-ROLE,and in Struts every method is mapping to a URL,so they are integrating is so perfect!

applicationContext-acegi-security.xml
---------------------------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<!--
 - A simple "base bones" Acegi Security configuration.
 -
 - The sample includes the "popular" features that people tend to use.
 - Specifically, form authentication, remember-me, and anonymous processing.
 - Other features aren't setup, as these can be added later by inserting
 - the relevant XML fragments as specified in the Reference Guide.
 -
 - To assist new users, the filters specified in the FilterChainProxy are
 - declared in the application context in the same order. Collaborators
 - required by those filters are placed at the end of the file.
 -
 - $Id: applicationContext-acegi-security.xml,v 1.1 2006/10/17 02:58:44 ronald.feng Exp $
-->

<beans>

    <bean id="filterChainProxy"
          class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
            </value>
        </property>
    </bean>

    <bean id="httpSessionContextIntegrationFilter"
          class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

    <bean id="logoutFilter"
          class="org.acegisecurity.ui.logout.LogoutFilter">
        <constructor-arg value="/login.jsp"/>
        <!-- URL redirected to after logout -->
        <constructor-arg>
            <list>
                <ref bean="rememberMeServices"/>
                <bean
                        class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
            </list>
        </constructor-arg>
    </bean>

    <bean id="authenticationProcessingFilter"
          class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager"
                  ref="authenticationManager"/>

        <property name="authenticationFailureUrl"
                  value="/login.jsp?login_error=1"/>
        <property name="defaultTargetUrl" value="/"/>
        <property name="filterProcessesUrl"
                  value="/j_acegi_security_check"/>
        <property name="rememberMeServices" ref="rememberMeServices"/>

    </bean>

    <bean id="securityContextHolderAwareRequestFilter"
          class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>

    <bean id="rememberMeProcessingFilter"
          class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
        <property name="authenticationManager"
                  ref="authenticationManager"/>
        <property name="rememberMeServices" ref="rememberMeServices"/>
    </bean>

    <bean id="anonymousProcessingFilter"
          class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
        <property name="key" value="changeThis"/>
        <property name="userAttribute"
                  value="anonymousUser,ROLE_ANONYMOUS"/>
    </bean>

    <bean id="exceptionTranslationFilter"
          class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <bean
                    class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                <property name="loginFormUrl" value="/login.jsp"/>
                <property name="forceHttps" value="false"/>
            </bean>
        </property>
        <property name="accessDeniedHandler">
            <bean
                    class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                <property name="errorPage" value="/accessDenied.jsp"/>
            </bean>
        </property>
    </bean>

    <bean id="filterInvocationInterceptor"
          class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">

        <property name="authenticationManager"
                  ref="authenticationManager"/>

        <property name="accessDecisionManager">
            <bean class="org.acegisecurity.vote.AffirmativeBased">
                <property name="allowIfAllAbstainDecisions"
                          value="false"/>
                <property name="decisionVoters">
                    <list>
                        <bean class="org.acegisecurity.vote.RoleVoter"/>
                        <bean
                                class="org.acegisecurity.vote.AuthenticatedVoter"/>
                    </list>
                </property>

            </bean>
        </property>

        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /images/**=IS_AUTHENTICATED_ANONYMOUSLY
                /css/**=IS_AUTHENTICATED_ANONYMOUSLY
                /scripts/**=IS_AUTHENTICATED_ANONYMOUSLY
                /login.jsp=IS_AUTHENTICATED_ANONYMOUSLY
                /error.jsp=IS_AUTHENTICATED_ANONYMOUSLY

                <!-- this for .do url!remember acegi is only for url and can filter for any url! -->
 <!-- or  staff/searchstaff.do=ROLE_ADMIN_TEST -->
                /staff/**=ROLE_ADMIN_TEST

            </value>
        </property>
       

    </bean>

    <bean id="rememberMeServices"
          class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="key" value="changeThis"/>
    </bean>

    <bean id="authenticationManager"
          class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
                <bean
                        class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
                    <property name="key" value="changeThis"/>
                </bean>
                <bean
                        class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
                    <property name="key" value="changeThis"/>
                </bean>
            </list>
        </property>
    </bean>

    <bean id="daoAuthenticationProvider"
          class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="userCache">
            <bean
                    class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
                <property name="cache">
                    <bean
                            class="org.springframework.cache.ehcache.EhCacheFactoryBean">
                        <property name="cacheManager">
                            <bean
                                    class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                        </property>
                        <property name="cacheName" value="userCache"/>
                    </bean>
                </property>
            </bean>
        </property>
        <property name="passwordEncoder" ref="passwordEncoder"/>
    </bean>

    <bean id="passwordEncoder"

          class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>

    <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
    <!--<bean id="c"-->
    <!--class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">-->
    <!--<property name="userProperties">-->
    <!--<bean-->
    <!--class="org.springframework.beans.factory.config.PropertiesFactoryBean">-->
    <!--<property name="location"-->
    <!--value="/WEB-INF/users.properties" />-->
    <!--</bean>-->
    <!--</property>-->
    <!--</bean>-->
    <bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource">
            <ref bean="dataSource"/>
        </property>
        <property name="authoritiesByUsernameQuery">
            <value>
                SELECT account,'ROLE_ADMIN' as authority FROM TB_STAFF WHERE account = ?
            </value>
        </property>
        <property name="usersByUsernameQuery">
            <value>
                SELECT account,password, 1 as enabled FROM TB_STAFF WHERE account = ?

            </value>
        </property>
    </bean>

    <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
    <bean id="loggerListener"
          class="org.acegisecurity.event.authentication.LoggerListener"/>

</beans>
---------------------------------------------------------------------------------------------------------------



R.Zeus 2006-10-17 13:07 发表评论
]]>