2006-10-19

动态配置Acegi权限

AbstractRefreshableTargetSource在spring2.0里面才有 

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.aop.target.dynamic.AbstractRefreshableTargetSource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceEditor;

public class RefreshableFileFilterInvocationDefinition extends
		AbstractRefreshableTargetSource {
	protected Log logger = LogFactory.getLog(getClass());
	public static final String DEFAULT_LOCATION = "classpath:acegi-filterInvocation.conf";
	private String location = DEFAULT_LOCATION;
	public String getLocation() {
		return location;
	}
	public void setLocation(String location) {
		this.location = location;
	}
	protected Object freshTarget() {
		ResourceEditor editor = new ResourceEditor();
		editor.setAsText(getLocation());
		Resource resource = (Resource) editor.getValue();
		if (resource == null) {
			logger
					.warn("Can't find a Acegi FilterInvocationDefinition config file");
			return null;
		}
		StringBuffer sb = new StringBuffer();
		char[] cbuf = new char[100];
		int read;
		InputStream is = null;
		InputStreamReader isr = null;
		try {
			is = resource.getInputStream();
			isr = new InputStreamReader(is);
			while ((read = (isr.read(cbuf, 0, cbuf.length))) != -1)
				sb.append(cbuf, 0, read);
			logger.info("loaded Acegi FilterInvocationDefinition config file");
		} catch (IOException e) {
			logger.warn(e.getMessage(), e);
		} finally {
			try {
				if (isr != null)
					isr.close();
				if (is != null)
					is.close();
			} catch (IOException e) {
				logger.warn(e.getMessage(), e);
			}
		}
		FilterInvocationDefinitionSourceEditor configEditor = new FilterInvocationDefinitionSourceEditor();
		configEditor.setAsText(sb.toString());
		return configEditor.getValue();
	}

}


acegi的spring配置文件

<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager"
ref="httpRequestAccessDecisionManager" />
<property name="objectDefinitionSource"
ref="objectDefinitionSource" />
</bean>

<bean id="refreshableFileFilterInvocationDefinition"
class="RefreshableFileFilterInvocationDefinition">
<property name="location" value="file:///${webapp.root}/WEB-INF/acegi-filterInvocation.conf"/>
<!-- 自动刷新
<property name="refreshCheckDelay" value="60000"/>
-->
</bean>

<bean id="objectDefinitionSource"
class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="targetSource"
ref="refreshableFileFilterInvocationDefinition" />
</bean>


也可以用dwr来手动刷新,并且配置权限,role是在acegi里面配置的

<create creator="spring" javascript="FilterInvocationDefinition"
scope="application">
<param name="beanName" value="refreshableFileFilterInvocationDefinition" />
<auth method="refresh" role="ROLE_SUPERVISOR"/>
<include method="refresh" />
</create>
评论
quaff 2006-10-19
acegi-filterInvocation.conf 

CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/styles*=ROLE_ANONYMOUS
/scripts*=ROLE_ANONYMOUS 
/images*=ROLE_ANONYMOUS
/test*=ROLE_ANONYMOUS
/login.action*=ROLE_ANONYMOUS
/switchuser.action=ROLE_SUPERVISOR
/j_acegi_switch_user=ROLE_SUPERVISOR
/exituser.action=ROLE_PREVIOUS_ADMINISTRATOR
/j_acegi_exit_user=ROLE_PREVIOUS_ADMINISTRATOR
/**=ROLE_USER
quaff
搜索本博客
博客分类
最近加入圈子
存档
最新评论
评论排行榜