好长时间没有写文章了,因为最近用到Acegi做安全认证,就把以前写的一个文章,翻出来晒晒,呵呵
1、建立两个表
CREATE TABLE users (
username VARCHAR(50) NOT NULL PRIMARY KEY,
password VARCHAR(50) NOT NULL,
enabled BIT NOT NULL
);

CREATE TABLE authorities (
username VARCHAR(50) NOT NULL,
authority VARCHAR(50) NOT NULL
);
CREATE UNIQUE INDEX ix_auth_username ON authorities ( username, authority );

ALTER TABLE authorities ADD CONSTRAINT fk_authorities_users foreign key (username) REFERENCES users(username);

INSERT INTO users VALUES ('marissa', 'koala', true);
INSERT INTO users VALUES ('dianne', 'emu', true);
INSERT INTO users VALUES ('scott', 'wombat', true);
INSERT INTO users VALUES ('peter', 'opal', false);

INSERT INTO authorities VALUES ('marissa', 'ROLE_TELLER');
INSERT INTO authorities VALUES ('marissa', 'ROLE_SUPERVISOR');
INSERT INTO authorities VALUES ('dianne', 'ROLE_TELLER');
INSERT INTO authorities VALUES ('scott', 'ROLE_TELLER');
INSERT INTO authorities VALUES ('peter', 'ROLE_TELLER');


2、Spring 中建一个DataSource Bean
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/eReview?autoReconnect=true&amp;useUnicode=true&amp;characterEncoding=utf-8&amp;mysqlEncoding=utf8</value>
</property>
<property name="username">
<value>leo</value>
</property>
<property name="password">
<value>111111</value>
</property>
</bean>

注意:原来用dbcp的一个dataSource Class配置数据源,不成功,改为Spring2.0自带的驱动类后成功;
3、配置Spring的acegi配置文件
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="userCache">
<bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</property>
<property name="cacheName" value="userCache"/>
</bean>
</property>
</bean>
</property>
</bean>

<bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
<property name="usersByUsernameQuery">
<value>SELECT USERNAME, PASSWORD,ENABLED FROM USERS WHERE USERNAME=?</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
SELECT username,authority FROM authorities WHERE username = ?
</value>
</property>
</bean>


另外,在定义“filterInvocationInterceptor”时,属性设置为:
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/*.action=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
</property>
4、其他部分可参见Acegi的范例;
总结:
本方法只是实现了简单的用户身份认证的功能,其权限设置也相对简单,只要是合法用户,就可以访问*.action, 如果需要复杂业务相关的权限认证,还需要查看Acegi的详细教程