acegi的MethodSecurityInterceptor

编程技术  /  houtizong 发布于 3年前   172
2006-06-06

acegi的MethodSecurityInterceptor实现


AfterInvocationProviderImp

package com.bulain.test;import org.acegisecurity.AccessDeniedException;import org.acegisecurity.Authentication;import org.acegisecurity.ConfigAttribute;import org.acegisecurity.ConfigAttributeDefinition;import org.acegisecurity.afterinvocation.AfterInvocationProvider;import org.aopalliance.intercept.MethodInvocation;import org.apache.log4j.Logger;public class AfterInvocationProviderImp implements AfterInvocationProvider {private static Logger logger = Logger.getLogger(AfterInvocationProviderImp.class);public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)throws AccessDeniedException {return returnedObject;}public boolean supports(ConfigAttribute attribute) {logger.info("ConfigAttribute: " + attribute);if (attribute.getAttribute().equals("BANKSECURITY_CUSTOMER")) {return true;}return false;}public boolean supports(Class clazz) {logger.info("Class: " + clazz);if (clazz == MethodInvocation.class) {return true;}return false;}}




ApplicationEventPublisherImp

package com.bulain.test;import org.apache.log4j.Logger;import org.springframework.context.ApplicationEvent;import org.springframework.context.ApplicationEventPublisher;public class ApplicationEventPublisherImp implements ApplicationEventPublisher {private static Logger logger = Logger.getLogger(ApplicationEventPublisherImp.class);public void publishEvent(ApplicationEvent event) {logger.info("publishEvent: " + event);}}



BankManager

package com.bulain.test;public interface BankManager {/** * Delete something */public void deleteSomething(int id);/** * Delete another */public void deleteAnother(int id);/** * Get balance */public float getBalance(int id);}



BankManagerImp

package com.bulain.test;import org.apache.log4j.Logger;public class BankManagerImp implements BankManager {private static Logger logger = Logger.getLogger(BankManagerImp.class);public void deleteSomething(int id) {logger.info("deleteSomething()");}public void deleteAnother(int id) {logger.info("deleteAnother()");}public float getBalance(int id) {logger.info("getBalance()");return 0;}}



BankManagerImpTest

package com.bulain.test;import junit.framework.TestCase;import org.acegisecurity.Authentication;import org.acegisecurity.context.SecurityContextHolder;import org.acegisecurity.context.SecurityContextImpl;import org.acegisecurity.providers.AuthenticationProvider;import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;import org.springframework.beans.factory.BeanFactory;import org.springframework.beans.factory.xml.XmlBeanFactory;import org.springframework.core.io.ClassPathResource;import org.springframework.core.io.Resource;public class BankManagerImpTest extends TestCase {static Resource resource = new ClassPathResource("applicationContext.xml");static BeanFactory factory = new XmlBeanFactory(resource);private static void createSecureContext(final BeanFactory bf, final String username, final String password) {AuthenticationProvider provider = (AuthenticationProvider) bf.getBean("daoAuthenticationProvider");Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken(username, password));SecurityContextHolder.getContext().setAuthentication(auth);}// Clear the security context after each test.public void teardown() {SecurityContextHolder.setContext(new SecurityContextImpl());}public static void main(String[] args) {junit.textui.TestRunner.run(BankManagerImpTest.class);}/* * Test method for 'com.bulain.test.BankManagerImp.deleteSomething(int)' */public void testDeleteSomething() {BankManager bankManager = (BankManager) factory.getBean("bankManager");createSecureContext(factory, "marissa", "koala");bankManager.deleteSomething(10);}/* * Test method for 'com.bulain.test.BankManagerImp.deleteAnother(int)' */public void testDeleteAnother() {BankManager bankManager = (BankManager) factory.getBean("bankManager");createSecureContext(factory, "marissa", "koala");bankManager.deleteAnother(10);}/* * Test method for 'com.bulain.test.BankManagerImp.getBalance(int)' */public void testGetBalance() {BankManager bankManager = (BankManager) factory.getBean("bankManager");createSecureContext(factory, "manager", "manager");bankManager.getBalance(10);}}


applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"><beans><bean id="bankManagerSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"><property name="validateConfigAttributes"><value>true</value></property><property name="applicationEventPublisher"><bean class="com.bulain.test.ApplicationEventPublisherImp"/></property><property name="authenticationManager"><ref bean="authenticationManager"/></property><property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property><property name="runAsManager"><ref bean="runAsManager"/></property><property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property><property name="objectDefinitionSource"><value>com.bulain.test.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVERcom.bulain.test.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER</value></property></bean><bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"><property name="providers"><list><ref local="daoAuthenticationProvider"/><bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"><property name="key" value="changeThis"/></bean><bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"><property name="key" value="changeThis"/></bean></list></property></bean><bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"><property name="allowIfAllAbstainDecisions" value="false"/><property name="decisionVoters"><list><bean class="org.acegisecurity.vote.RoleVoter"/><bean class="org.acegisecurity.vote.AuthenticatedVoter"/></list></property></bean><bean id="runAsManager" class="org.acegisecurity.runas.RunAsManagerImpl"><property name="key" value="KEY"/></bean><bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"><property name="providers"><list><bean class="com.bulain.test.AfterInvocationProviderImp"/></list></property></bean><bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"><property name="userDetailsService" ref="userDetailsService"/><property name="userCache"><bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"><property name="cache"><bean class="org.springframework.cache.ehcache.EhCacheFactoryBean"><property name="cacheManager"><bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/></property><property name="cacheName" value="userCache"/></bean></property></bean></property></bean><bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"><property name="userProperties"><bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"><property name="location" value="users.properties"/></bean></property></bean><bean id="bankManagerImp" class="com.bulain.test.BankManagerImp"/><bean id="bankManager" class="org.springframework.aop.framework.ProxyFactoryBean"><property name="interceptorNames"><list><value>bankManagerSecurity</value></list></property><property name="target"><ref local="bankManagerImp"/></property></bean></beans>


users.properties

marissa=koala,ROLE_SUPERVISORdianne=emu,ROLE_USERscott=wombat,ROLE_USERpeter=opal,disabled,ROLE_USER
上一篇:Java 安全的演进
下一篇:不要重复 DAO!

请勿发布不友善或者负能量的内容。与人为善,比聪明更重要!

留言需要登陆哦

技术博客集 - 网站简介:
前后端技术:
后端基于Hyperf2.1框架开发,前端使用Bootstrap可视化布局系统生成

网站主要作用:
1.编程技术分享及讨论交流,内置聊天系统;
2.测试交流框架问题,比如:Hyperf、Laravel、TP、beego;
3.本站数据是基于大数据采集等爬虫技术为基础助力分享知识,如有侵权请发邮件到站长邮箱,站长会尽快处理;
4.站长邮箱:[email protected];

      订阅博客周刊 去订阅

文章归档

文章标签

友情链接

Auther ·HouTiZong
侯体宗的博客
© 2020 zongscan.com
版权所有ICP证 : 粤ICP备20027696号
PHP交流群 也可以扫右边的二维码
侯体宗的博客