只有在服務器上配置哪個目錄在訪問的時候用HTTP基本認證它才會起作用(一開始還以為是Acegi的BUG呢)
下面說一下真正對URL資源的保護了filterSecurityInterceptor它的本質是個過濾器有了前面*管理器的基礎了這就很容易了
<bean id=
filterSecurityInterceptor
class=
org
acegisecurity
intercept
web
FilterSecurityInterceptor
>
<property name=
authenticationManager
>
<ref local=
authenticationManager
/>
</property>
<property name=
accessDecisionManager
>
<ref local=
accessDecisionManager
/>
</property>
<property name=
objectDefinitionSource
><!
把URL和可訪問的用戶組對應起來
>
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON<!
把URL全部轉化為小寫
>
PATTERN_TYPE_APACHE_ANT<!
以ANT的形式來配置路徑
>
/ok
html=ROLE_USER
</value>
</property>
</bean>
光這樣配置還是不夠的因為當授權失敗的時候會拋出異常的我們應該配置一個異常過濾器來捕獲它exceptionTranslationFilter它是用來捕獲異常的看一下配置吧
<bean id=
exceptionTranslationFilter
class=
org
acegisecurity
ui
ExceptionTranslationFilter
>
<property name=
authenticationEntryPoint
><ref local=
authenticationProcessingFilterEntryPoint
/></property>
<property name=
accessDeniedHandler
>
<bean class=
org
acegisecurity
ui
AccessDeniedHandlerImpl
>
<property name=
errorPage
value=
/failure
html
/><!
發生異常轉向的網頁
>
</bean>
</property>
</bean>
<bean id=
authenticationProcessingFilterEntryPoint
class=
org
acegisecurity
ui
webapp
AuthenticationProcessingFilterEntryPoint
>
<property name=
loginFormUrl
><value>/Login
html</value></property><!
得到表單的信息
>
<property name=
forceHttps
><value>false</value></property><!
不用https
>
</bean>
這樣就OK了
最後說一下對類中方法的保護首先寫一個類並在spring中配置好
package orgliacegi;
public class TestAcegi
{
public void Role()
{
Systemoutprintln(javafish);
}
}
<bean id=testAcegi class=orgliacegiTestAcegi/>
然看寫個servlet訪問一下它
package orgliservlet;
import javaioIOException;
import javaioPrintWriter;
import javaxservletServletException;
import javaxservlethttpHttpServlet;
import javaxservlethttpHttpServletRequest;
import javaxservlethttpHttpServletResponse;
[] [] [] [] [] []
From:http://tw.wingwit.com/Article/program/Java/ky/201311/28995.html