acegi简单的使用
1.导入jar包:
Acegi-security.jar commons-codec.jar spring.jar standard.jar
注意版本,我使用的是1.0.7
2.在web.xml中配置
<!-- 过滤器
限定了FilterToBeanProxy的URL匹配模式,只有*.do和*.jsp和/j_acegi_security_check、
/j_acegi_logout的请求才会受到权限控制,对javascript,css等不限制
-->
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_security_check</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_logout</url-pattern>
</filter-mapping>
<!-- 监听器 -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<description>
HttpSessionEventPublisher用于发布HttpSessionApplicationEvents和HttpSessionDestroyedEvent事件
给spring的applicationcontext
</description>
<listener-class>
org.acegisecurity.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>
3.applicationContext-acegi-security.xml 在此文件中设置它的初始内容等
<beans>
<!-- 过滤链, 按顺序来调用里面的各个过滤器 -->
<bean id="filterChainProxy"
ref="sessionRegistry"></property>
<property name="expiredUrl">
<value>/concurrentError.jsp</value>
</property>
</bean>
<!-- 增加 -->
<bean id="sessionRegistry"
value="1"></property>
<property name="sessionRegistry" ref="sessionRegistry"></property>
<!--
一般设置为false. 为true时, 如果已有一个该用户登录了, 那么在另一个地方登录该用户将抛出异常
如果设置为false, 那么, 如果已有一个该用户登录了系统, 那么在另一个地方也可以登录, 登录后前者会被逼退出系统
-->
<property name="exceptionIfMaximumExceeded" value="false"></property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
/>
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean />
</list>
</constructor-arg>
</bean>
<bean id="authenticationProcessingFilter"
/>
<property name="authenticationFailureUrl"
value="/index.jsp?login_error=1" /><!-- 认证失败页面 -->
<property name="defaultTargetUrl" value="/main.jsp" /><!-- 成功登录页面 -->
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
</bean>
<bean id="anonymousProcessingFilter"
value="changeThis" />
<property name="userAttribute"
value="anonymousUser,ROLE_ANONYMOUS" />
</bean>
<bean id="authenticationManager"
/>
<bean
value="changeThis" />
</bean>
</list>
</property>
<!-- 增加 -->
<property name="sessionController"
ref="concurrentSessionController">
</property>
</bean>
<bean id="daoAuthenticationProvider"
ref="inMemDaoImpl" />
</bean>
<bean id="inMemDaoImpl"
/>
</property>
<property name="usersByUsernameQuery">
<value>
SELECT user_name,password,enabled from userinfo where
user_name =?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
SELECT u.user_name, r.role_name FROM userinfo_role ur,
userinfo u, role r WHERE ur.user_id = u.user_id and
ur.role_id = r.role_id and user_name =?
</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
value="/login.jsp" />
<property name="forceHttps" value="false" />
</bean>
</property>
<!-- 登录后, 进入非授权区域 -->
<property name="accessDeniedHandler">
<bean
value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<bean id="filterInvocationInterceptor"
/>
<property name="accessDecisionManager"
ref="httpRequestAccessDecisionManager" />
<property name="objectDefinitionSource">
<ref local="rolePermissionService" />
</property>
</bean>
<bean id="rolePermissionService"
/>
</property>
<property name="permissionsQuery">
<value>
SELECT resource_name, role_name FROM resource_role rr,
resource re, role ro WHERE rr.role_id = ro.role_id and
rr.resource_id = re.resource_id
</value>
</property>
<property name="convertUrlToLowercaseBeforeComparison"
value="false">
</property>
<property name="resourceExpression"
value="PATTERN_TYPE_APACHE_ANT">
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
/>
</list>
</property>
</bean>
<!-- 认证和授权日志监听器 -->
<bean id="authenticationLoggerListener"
/>
<bean id="authorizationLoggerListener"
/>
</beans>
4. applicationContext-common-business.xml配置数据库
<beans>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>com.microsoft.jdbc.sqlserver.SQLServerDriver</value></property>
<property name="url"><value>jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=petitionapprove</value></property>
<property name="username"><value>sa</value></property>
<property name="password"><value>sasa</value></property>
</bean>
</beans>