acegi step by step 1

一、环境设定：

相关jar：

acegi-security-1.0.5.jar - Main classes of the Acegi Security system
cglib-2.1.3.jar - Code-generation library used by Spring
commons-codec-1.3.jar - Encoders and decoders such as Base64, Hex, Phonetic, and URLs
commons-lang-2.1.jar - Helper utilities for java.lang APIs
ehcache-1.2.3.jar - Used for basic caching purposes
freemarker-2.3.8.jar - Used by the Struts implementation
jstl.jar, standard.jar - JavaServer Pages Standard Tag Library (JSTL) tag library
log4j-1.2.13.jar - For logging
ognl-2.6.11.jar - OGNL library used by the Struts implementation
sitemesh-2.3.jar - SiteMesh JAR
spring.jar - Spring Framework JAR
struts2-core-2.0.8.jar - Struts 2 core JAR
xwork-2.0.3.jar - Used by Struts

修改web.xml：

作用是利用spring AOP将filter Proxy到web.xml里去，并拦截相关的request

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
  version="2.4">
  <display-name>AcegiTraining</display-name>
  <context-param>

    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext*.xml</param-value>
  </context-param>
  <filter>
    <filter-name>Acegi Filter Chain Proxy</filter-name>

    <filter-class>
      org.acegisecurity.util.FilterToBeanProxy
    </filter-class>
    <init-param>
      <param-name>targetClass</param-name>
      <param-value>

        org.acegisecurity.util.FilterChainProxy
      </param-value>
    </init-param>
  </filter>
  ...
  ...
  <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>

    <url-pattern>/j_acegi_security_check</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <url-pattern>/j_acegi_logout</url-pattern>

  </filter-mapping>
  <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <url-pattern>*.action</url-pattern>
  </filter-mapping>

  <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  ...

</web-app>

二、身份验证

WEB-INF下增加applicationContext-acegi-security.xml文件，并增加验证服务所需要的filter：

web.xml中的FilterToBeanProxy将拦截的内容：

<bean id="filterChainProxy"
    class="org.acegisecurity.util.FilterChainProxy">

    <property name="filterInvocationDefinitionSource">
      <value>
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /j_acegi_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter
        /**/*=httpSessionContextIntegrationFilter,logoutFilter,
authenticationProcessingFilter,securityContextHolderAwareRequestFilter,
anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
      </value>
    </property>

  </bean>

如果未经过允许的请求，将会由exceptionTranslationFilter处理，将页面转到注册页面处去处理，authenticationProcessingFilterEntryPoint，是身份验证的入口：

                       
<bean id="exceptionTranslationFilter"
  class="org.acegisecurity.ui.ExceptionTranslationFilter">
  <property name="authenticationEntryPoint">
    <ref local="authenticationProcessingFilterEntryPoint" />
  </property>

  ...
</bean>

<bean id="authenticationProcessingFilterEntryPoint"
  class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
  <property name="loginFormUrl">
    <value>/login.jsp</value>
  </property>

  <property name="forceHttps">
    <value>false</value>
</bean>

authenticationProcessingFilter就是进行身份验证所用到的的filter，其主要是依靠authenticationManager来进行数据库或文本文件上存放的注册信息来进行核对：

<bean id="authenticationProcessingFilter"
  class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
  <property name="authenticationManager">
    <ref bean="authenticationManager" />
  </property>

  <property name="authenticationFailureUrl">
    <value>/login.jsp?login_error=1</value>
  </property>
  <property name="defaultTargetUrl">
    <value>/</value>

  </property>
  <property name="filterProcessesUrl">
     <value>/j_acegi_security_check</value>
  </property>
</bean>

<bean id="authenticationManager"
  class="org.acegisecurity.providers.ProviderManager">
  <property name="providers">

    <list>
      <ref local="daoAuthenticationProvider" />
      <ref local="anonymousAuthenticationProvider" />
    </list>
  </property>
</bean>

<bean id="daoAuthenticationProvider"
    class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="userDetailsService"/><ref local="userDetailsService"/></property>
    <property name="userCache">

    ...
    </property>
  </bean>
 
  <bean id="userDetailsService"
    class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    <property name="userProperties">
      <bean
        class="org.springframework.beans.factory.config.PropertiesFactoryBean">
        <property name="location"
          value="/WEB-INF/users.properties" />

      </bean>
    </property>
  </bean>

users.properties：
james=tom@1231,ROLE_TECHNICIAN
krishna=krish2341,ROLE_TECHNICIAN
smith=pravah@001,ROLE_ADMIN

三、权限验证

在身份验证后，通过权限验证来决定哪些资源由拥有哪些权限的用户使用，httpRequestAccessDecisionManager控制投票方式，exceptionTranslationFilter增加了如果权限验证失败后所转到的处理页面，logoutFilter定义登出后转到首页:

<bean id="filterInvocationInterceptor"
  class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
  <property name="authenticationManager">
    <ref bean="authenticationManager" />
  </property>
  <property name="accessDecisionManager">

    <ref local="httpRequestAccessDecisionManager" />
  </property>
  <property name="objectDefinitionSource">
    <value>
      PATTERN_TYPE_APACHE_ANT
    /index.jsp=ROLE_ADMIN,ROLE_TECHNICIAN
    /order/createOrder.jsp=ROLE_TECHNICIAN
    /order/authorizeOrder.jsp=ROLE_ADMIN
    /login.jsp=ROLE_ANONYMOUS,ROLE_TECHNICIAN,ROLE_ADMIN
    </value>
  </property>

</bean>

<bean id="exceptionTranslationFilter"
    class="org.acegisecurity.ui.ExceptionTranslationFilter">
    <property name="authenticationEntryPoint">
      <ref local="authenticationProcessingFilterEntryPoint" />
    </property>

    <property name="accessDeniedHandler">
      <bean
        class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/accessDenied.jsp" />
      </bean>
    </property>
  </bean>

<bean id="httpRequestAccessDecisionManager"
    class="org.acegisecurity.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions">
      <value>false</value>

    </property>
    <property name="decisionVoters">
      <list>
        <ref bean="roleVoter" />
      </list>
    </property>

  </bean>
  <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />

<bean id="logoutFilter"
  class="org.acegisecurity.ui.logout.LogoutFilter">
  <constructor-arg value="/index.jsp" />
  <!-- URL redirected to after logout -->
  <constructor-arg>

    <list>
      <bean
        class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
    </list>
  </constructor-arg>
</bean>

至此，acegi配置部分完成，剩下相关页面设计部分。