我的acegi struts spring hibernate理解
配置文件网上一大堆,随下一个都问题不大,但结合自己的配置有几个点要注意:
1.这里控制文件访问权限:
<bean id="filterInvocationInterceptor"
ref="userDetailsService"/>
<property name="userCache" ref="userCache"/>
<!-- <property name="passwordEncoder" ref="passwordEncoder"/> -->
</bean>
<bean id="userDetailsService"
ref="dbManager" />
</bean>
如我的:
public class AcegiUserDeitailsService implements UserDetailsService {
private final Log LOG = LogFactory.getLog(AcegiUserDeitailsService.class);
/* 依赖注入 */
private DBManager dbManager;
/* 用户所有的权限 */
//private final List<GrantedAuthority> grantedAuthList = new ArrayList<GrantedAuthority>(6);
private GrantedAuthority[] grantedAuthArray;
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if(LOG.isDebugEnabled()) {
LOG.debug("Loading UserDetails of userName: " + username);
}
/* 取得用户信息 */
List<LotteryUsers> userList = findAllByUsername(username);
LotteryUsers user = null;
if(userList!=null&&!userList.isEmpty()){
user = (LotteryUsers)userList.get(0);
}
if(user == null) {
LOG.warn("UserDetails load failed: No such UserRole with userName: " + username);
throw new UsernameNotFoundException("User name is not found.");
}
/* 取得所有用户权限 */
List<String> userRoleList = findGroupNameByUsername(username);
if(userRoleList == null || userRoleList.size() == 0) {
LOG.warn("UserRole load failed: No such UserRole with userName: " + username);
throw new UsernameNotFoundException("UserRole is not found.");
}
/* 取得用户的所有角色 */
int size = userRoleList.size();
grantedAuthArray = new GrantedAuthority[size];
int j = 0;
for(int i = 0; i < size; i++) {
String userRole = userRoleList.get(i);
if(userRole != null) {
this.grantedAuthArray[j++] = new GrantedAuthorityImpl(userRole.toUpperCase());
}
}
LOG.info("UserName: " + username + " loaded successfully.");
return new org.acegisecurity.userdetails.User(username, user.getPassword(),
true, true, true, true, this.grantedAuthArray);
}
//按用户名查找user
public List<LotteryUsers> findAllByUsername(String username) {
List<LotteryUsers> list = new ArrayList<LotteryUsers>();
LotteryUsers user = new LotteryUsers();
String sql = "SELECT * FROM "+Constants.DATABASEPRE_KEY+"users u WHERE u.username='"+username+"' and u.enable=1";
ResultSet rs = dbManager.execute(sql);
try {
while(rs.next()){
user.setUsername(rs.getString("username"));
user.setPassword(rs.getString("password"));
user.setEnable(rs.getShort("enabled"));
list.add(user);
}
} catch (SQLException e) {
// TODO Auto-generated catch block
System.out.println("class LotteryUsersDAOImpl's method findAllByUsername() error");
e.printStackTrace();
}finally{
try {
rs.close();
dbManager.close();
} catch (SQLException e) {
System.out.println(" class lotteryUsersDAOImpl's method findAllByUsername() close dbManager accoure error");
e.printStackTrace();
}
}
return list;
}
public List<String> findGroupNameByUsername(String username) {
List<String> list = new ArrayList<String>();
String sql = "SELECT g.name name FROM "+Constants.DATABASEPRE_KEY+"users u,"+Constants.DATABASEPRE_KEY+"groups g"+
" WHERE g.id=u.group_id and u.username='"+username+"' and u.enable=1";
ResultSet rs = dbManager.execute(sql);
try {
while(rs.next()){
list.add(rs.getString("name"));
}
} catch (SQLException e) {
System.out.println(this.getClass().getName()+"dbManager execute error");
e.printStackTrace();
}finally{
try {
rs.close();
dbManager.close();
} catch (SQLException e) {
System.out.println(" class lotteryUsersDAOImpl's method findGroupNameByUsername() close dbManager accoure error");
e.printStackTrace();
}
}
return list;
}
public DBManager getDbManager() {
return dbManager;
}
public void setDbManager(DBManager dbManager) {
this.dbManager = dbManager;
}
}
也可以:
<bean id="jdbcDaoImpl" ref="dataSource"/>
<property name="usersByUsernameQuery">
<value>select username, password, enabled from user where username = ? and enabled = 1</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
select u.username, a.authority
from user u, authorities a, user_auth ua
where u.id=ua.user_id and a.id=ua.auth_id and u.username=?
</value>
</property>
</bean>
3.类,方法的权限控制(两种):
<bean id="methodSecurityInterceptor" value="false" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource">
<bean />
</property>
</bean>
</property>
</bean>
<!-- 利用Spring的自动代理功能实现AOP代理 -->
<bean id="autoProxyCreator" value="true"/-->
</bean>
然后在相应的接口方法中用注释:
@Secured({"ROLE_ADMIN"})
public void update(Users Users);
也可以:
<!-- 过滤拦截器 -->
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
<!-- 所有用户的权限 -->
/searchUser.do=AUTH_USER,AUTH_ROOT,AUTH_RELEASER,AUTH_AUDITOR
/updateInformation.do=AUTH_USER,AUTH_ROOT,AUTH_RELEASER,AUTH_AUDITOR
<!-- 普通用户的权限 -->
/preOrderAd.do=AUTH_USER
/orderAd.do=AUTH_USER
/myAdList.do=AUTH_USER
/findReOrderAd.do=AUTH_USER
/ReOrder.do=AUTH_USER
<!--==== 超级管理员的权限 ====-->
<!-- 审核员的权限 -->
/noaudit.do=AUTH_AUDITOR,AUTH_ROOT
/allAuditAdNoPass.do=AUTH_AUDITOR,AUTH_ROOT
/auditedAd.do=AUTH_AUDITOR
/audited.do=AUTH_AUDITOR,AUTH_ROOT
/notify.do=AUTH_AUDITOR,AUTH_ROOT
/editAuditedEmail.do=AUTH_AUDITOR,AUTH_ROOT
<!-- 发布员的权限 -->
/unpaymentOrderList.do=AUTH_RELEASER,AUTH_ROOT
/paymentOrderList.do=AUTH_RELEASER,AUTH_ROOT
<!-- 超级管理员的权限 -->
/manageAdpos.do=AUTH_ROOT
/manageUser.do=AUTH_ROOT
/addNewAdpos.do=AUTH_ROOT
</value>
</property>
</bean>
