菜鸟-手把手教你把Acegi应用到实际项目中(2)
?????? 上一篇是基于BasicProcessingFilter的基本认证,这篇我们改用AuthenticationProcessingFilter基于表单的认证方式。
??????
1、authenticationProcessingFilter
处理认证请求(通常是一个登录页面的表单请求)。当身份验证成功时,AuthenticationProcessingFilter会在会话中放置一个Authentication对象,并且重定向到登录成功页面
l???????? authenticationFailureUrl定义登陆失败时转向的页面
l???????? defaultTargetUrl定义登陆成功时转向的页面
l???????? filterProcessesUrl定义登陆请求的页面,该过滤器拦截的url,通常/j_acegi_security_check,和登录页面(login.jsp)的登录表单的action相
同
l???????? rememberMeServices用于在验证成功后添加cookie信息
?
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
????????????? <property name="authenticationManager" ref="authenticationManager"/>
????????????? <property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/><!-- 登录失败页面 -->
????????????? <property name="defaultTargetUrl" value="/authenticate/index.jsp"/><!-- 成功登录页面 -->
????????????? <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
?????? </bean>
和BasicProcessingFilter基本认证一样,基于表单的认证也需要通过认证管理器authenticationManager来认证用户的登录信息。
?
2、exceptionTranslationFilter
上一篇中配置为:
<bean id="exceptionTranslationFilter"
????????????? class="org.acegisecurity.ui.ExceptionTranslationFilter">
????????????? <property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint" />
?????? </bean>
将其修改为:
<bean id="exceptionTranslationFilter"
????????????? class="org.acegisecurity.ui.ExceptionTranslationFilter">
????????????? <!-- 尚未登录, 进入非法(未认证不可访问)区域 -->
????????????? <property name="authenticationEntryPoint">
???????????????????? <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
??????????????????????????? <property name="loginFormUrl" value="/login.jsp"/>
??????????????????????????? <property name="forceHttps" value="false"/>
???????????????????? </bean>
????????????? </property>
????????????? <!-- 登录后, 进入非授权区域 -->
????????????? <property name="accessDeniedHandler">
???????????????????? <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
??????????????????????????? <property name="errorPage" value="/accessDenied.jsp"/>
???????????????????? </bean>
????????????? </property>
?????? </bean>
说明:
1)authenticationEntryPoint是对认证时发生异常的处理
l???????? loginFormUrl:如果用户尚未登录系统,进入未经授权的区域,那么会被重定向到该属性所指定的页面,此处为/login.jsp,即登录页面
l???????? forceHttps:是否启用https,此处设为否false
2)accessDeniedHandler是对授权时发生异常的处理
l???????? errorPage:通过认证的用户,如果进入未经授权的区域,将会被转向该属性扬指定的页面,此处为/accessDenied.jsp
?
3、两个日志监听器
1) org.acegisecurity.event.authentication.LoggerListener
用于监听各种用户认证事件,并将事件内容输出到Commons Logging中。
源码注释:Outputs authentication-related application events to Commons Logging.All authentication events are logged at the warning level
??????
2) org.acegisecurity.event.authorization.LoggerListener
?????? 用于监听各种用户授权事件,并将事件内容输出到Commons Logging中。
源码注释:Outputs interceptor-related application events to Commons Logging.
All failures are logged at the warning level, with success events logged at the information level,and public invocation events logged at the debug level.
?
4、其他修改
用户信息为:
<bean id="inMemDaoImpl"
????????????? class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
????????????? <property name="userMap">
???????????????????? <value>
??????????????????????????? javaee=password,ROLE_SUPERVISOR
??????????????????????????? sam=password,ROLE_USER
??????????????????????????? qiuzj=password,ROLE_SUPERVISOR,disabled
???????????????????? </value>
????????????? </property>
?????? </bean>
剩下的补在评论中
?
<bean id="filterInvocationInterceptor"name="code">org.apache.jasper.JasperException: The absolute uri: http://java.sun.com/jsp/jstl/core cannot be resolved in either web.xml or the jar files deployed with this applicationorg.apache.jasper.compiler.DefaultErrorHandler.jspErrororg.apache.jasper.JasperException: The absolute uri: http://java.sun.com/jsp/jstl/core cannot be resolved in either web.xml or the jar files deployed with this applicationorg.apache.jasper.compiler.DefaultErrorHandler.jspError