亚洲女女女同性video,亚洲色精品aⅴ一区区三区,色婷婷亚洲十月十月色天

Spring Security中指定session��时后蟩转的��面

Tue, 30 Aug 2011 23:25:00 GMT

Spring Security中指定session��时后蟩转的��面

在xml配置文�g中加入：

云自无心水自�?/a> 2011-08-31 07:25 发表评论

Spring MVC + Spring Security + Spring JDBC中注入dataSource��L��为Null的原因和解决

Fri, 26 Aug 2011 00:57:00 GMT

在applicationContext.xml中定义了一个DataSource�Q?lt;bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" />
但是在代码中�Q��用anotation�q�行注入的时候，却��L��找不到这个dataSource.

   @Autowired
   public void setDataSource(DataSource dataSource) {
       jdbcTemplate = new JdbcTemplate(dataSource);
       jdbcInsert = new SimpleJdbcInsert(dataSource);
   }

最后终于想明白了，原因大概是这��L��Q��用autowired的时候，默认是根据类型来匚w��的，在xml中定义的�c�d��是：BasicDataSource�Q�而不是接口DataSource�Q�所以默认情况下�q�样是无法自动装配的。解军_��法是指��o使用名字来进行bean的匹配，也就是用Qualifier指定bean的id.

   @Autowired
   public void setDataSource(@Qualifier("dataSource") DataSource dataSource) {
       jdbcTemplate = new JdbcTemplate(dataSource);
       jdbcInsert = new SimpleJdbcInsert(dataSource);
   }

另外一点，在网上搜索的�q�程中发现有不少人都有类似的问题�Q�但是他们的原因是没有正��用spring的注入，而是自己在代码中new了一个Dao的实例，�q�样的话�Q�spring是无法将dataSource注入到dao的实例中�?/div>

云自无心水自�?/a> 2011-08-26 08:57 发表评论

Spring Security - Using custom Authentication Processing Filter

Fri, 11 Jun 2010 00:12:00 GMT

Recently I got a chance working with Spring security, formerly known as Acegi Security for spring. While working with the framework, I heard comments from friends and colleagues saying that spring security lacks proper documentation. So thought of sharing a little knowledge. By the way, this is first ever blog posting and kindly excuse me and let me know any errors and improvements. Spring security offers a simple configuration based security for your web applications helping you secure your web application with out littering your business logic with any security code. It provides securing URL's based on the Role (Authorities), securing your business methods based on the ACL's. The first step in hooking up the spring security to your web application is by specifying the DelegatingFilterProxy in your web.xml.

springSecurityFilterChain

org.springframework.web.filter.DelegatingFilterProxy

springSecurityFilterChain

REQUEST INCLUDE FORWARD If you want to externalize all of your security related configuration into a separate file, you can do so and add that to your context location param.

contextConfigLocation

/WEB-INF/beans.xml , /WEB-INF/springSecurity.xml

Now comes the part of security configuration for your application, Adding the URL security patterns is pretty simple and straight forward. Add all the URL patterns which you want to secure and add the wild card pattern at the end. You need to have some default principal and role even for non logged in users as you need to give access to pages like log in, register and forgot password kind of functionality even to non logged in users. I tried to add comments to pretty much every element which I am using here. As an example I added just a wild card intercept url which make every page of my application secure. You need to exclude different urls based on the roles.

Following is my custom implementation of AuthenticationEntryPoint, which currently is not doing any thing except leveraging the commence to its super class which is the spring implementation of AuthenticationProcessingFilterEntryPoint. I hooked it to add any custom logic. public class CustomAuthenticationEntryPoint extends AuthenticationProcessingFilterEntryPoint { private static final Log logger = LogFactory.getLog(CustomAuthenticationEntryPoint.class); @Override public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) throws IOException, ServletException { super.commence(request, response, authException); } } This is my custom authentication manager which actually does the custom login of the user. It will throw an BadCredentialsException in case of invalid credentials or thorws a AuthenticationServiceException in case of a service error (Database error, SQL error or any other error). public class CustomAuthunticationManager implements AuthenticationManager { @Autowired UserManagerService userManagerService; public Authentication authenticate(Authentication authentication) throws AuthenticationException { if(StringUtils.isBlank((String) authentication.getPrincipal()) || StringUtils.isBlank((String) authentication.getCredentials())){ throw new BadCredentialsException("Invalid username/password"); } User user = null; GrantedAuthority[] grantedAuthorities = null; try{ user = userManagerService.getUser((String) authentication.getPrincipal(), (String) authentication.getCredentials()); } catch(InvalidCredentialsException ex){ throw new BadCredentialsException(ex.getMessage()); } catch(Exception e){ throw new AuthenticationServiceException("Currently we are unable to process your request. Kindly try again later."); } if (user != null) { List roles = user.getAssociatedRoles(); grantedAuthorities = new GrantedAuthority[roles.size()]; for (int i = 0; i < roles.size(); i++) { Role role = roles.get(i); GrantedAuthority authority = new GrantedAuthorityImpl(role.getRoleCode()); grantedAuthorities[i] = authority; } } else{ throw new BadCredentialsException("Invalid username/password"); } return new UsernamePasswordAuthenticationToken(user, authentication.getCredentials(), grantedAuthorities); } } At the client side (jsp), the simple configuration you need to do is post the request to"/j_spring_security_check" with parameters "j_username" and "j_password". That's pretty much all you need to do for enabling spring security to your existing web application. I will try to explain about doing the method security using ACL's and configuring the view using spring security tags in another post.

云自无心水自�?/a> 2010-06-11 08:12 发表评论

如何使用spring的autowire为servlet注入Bean

Fri, 04 Sep 2009 06:19:00 GMT

在应用中一般普通的JavaPojo都是由Spring来管理的�Q�所以��用autowire注解来进行注入不会��生问题，但是有两个东西是例外的，一个是Filter�Q�一个是Servlet�Q�这两样东西都是由Servlet容器来维护管理的�Q�所以如果想和其他的Bean一样��用Autowire来注入的话，是需要做一些额外的功夫的�?br /> 对于Filter�Q�Spring提供了DelegatingFilterProxy�Q�所以本文主要讲�q�Servlet的解冟�?br /> 1、比较直观但是不大优雅的做法是重写init()�Ҏ��Q�在里面使用AutowireCapableBeanFactory来手工告诉Spring�Q�我�q�个Servlet是需要这��L��一个Bean的。具体写法：
public void init(ServletConfig servletConfig) throws ServletException {
    ServletContext servletContext = servletConfig.getServletContext();
    WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(servletContext);
    AutowireCapableBeanFactory autowireCapableBeanFactory = webApplicationContext.getAutowireCapableBeanFactory();
    autowireCapableBeanFactory.configureBean(this, BEAN_NAME);
}
其中�Q�BEAN_NAME��是需要注入的Bean在spring中注册的名字.
�q�样写的主要问题是就是那个BEAN_NAME,�q�样写有点主动查找，而不是依赖注入的感觉�?br />
2、创��Z��个类��g��DelegatingFilterProxy那样的代理，通过代理�Ҏ��配置来找到实际的Servlet�Q�完成业务逻辑功能�?br /> 假定我们有一个Servlet名字叫UserServlet�Q�需要注入一个UserManager�Q�伪代码如下�Q?br /> public class UserServlet extends HttpServlet {
    @Autowired(required = true)
    private UserManager userManager;
}
�W�一�?
public class DelegatingServletProxy extends GenericServlet {
    private String targetBean;
    private Servlet proxy;

    @Override
    public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {
        proxy.service(req, res);
    }

    @Override
    public void init() throws ServletException {
        this.targetBean = getServletName();
        getServletBean();
        proxy.init(getServletConfig());
    }

    private void getServletBean() {
        WebApplicationContext wac = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
        this.proxy = (Servlet) wac.getBean(targetBean);
    }
}
�W�二步：
配置web.xml文�g�Q�原来UserServlet的配�|�大致是�q�样的：

userServlet

com.sample.UserServlet

userServlet

/userServlet

现在修改�?br />

userServlet

com.sample.DelegatingServletProxy

userServlet

/userServlet

注意,spring是根据Servlet的名字来查找被代理的Servlet的，所以，首先我们要在UserServlet�c�d��面加上@Component,来告诉Srping�Q�我也是一个Bean。如果名�U�和Web.xml里面定义的不一��L��话，可以在这里指定Bean的名字，比如�Q?@Component("userServlet")

云自无心水自�?/a> 2009-09-04 14:19 发表评论

亚洲女女女同性video,亚洲色精品aⅴ一区区三区,色婷婷亚洲十月十月色天

Spring Security中指定session���时后蟩转的��面

Spring MVC + Spring Security + Spring JDBC中注入dataSource��L��为Null的原因和解决

Spring Security - Using custom Authentication Processing Filter

如何使用spring的autowire为servlet注入Bean

Spring Security中指定session��时后蟩转的��面