j2ee学习

lunzi 2010-03-09 09:35:56 阅读:32 评论:0 引用:0

首先在客户端向服务器端请求登录页面时，服务器端生成一个随机字符串，连同登录页面一同发送给客户端浏览器，当用户输入完用户名密码后，将密码采用 MD5 或者 SHA1 来生成散列值作为密钥，服务器端发送来的随机字符串作为消息数据，进行 hmac 运算。然后将结果提交给服务器。之所以要对用户输入的密码进行散列后再作为密钥，而不是直接作为密钥，是为了保证密钥足够长，而又不会太长。服务器端接受到客户端提交的数据后，将保存在服务器端的随机字符串和用户密码进行相同的运算，然后进行比较，如果结果一致，则认为登录成功，否则登录失败。当然如果不用 hmac 算法，直接将密码和服务器端生成的随机数合并以后再做 MD5 或者 SHA1，应该也是可以的。

这里客户端每次请求时服务器端发送的随机字符串都是不同的，因此即使入侵者监听到了这个随机字符串和加密后的提交的数据，它也无法再次提交相同的数据通过验证。而且通过监听到的数据也无法计算出密钥，所以也就无法伪造登录信息了。

lunzi 2010-01-28 11:29:30 阅读:48 评论:0 引用:0

struts2和jquery_validator简单使用

项目中时常会用到一些验证手段...由于在开发前需要对一些技术的定位!所以一般选择固定的验证框架和技术.
我在前台验证中使用的是jquery_validator.这是个容易上手的框架.个人感觉它和struts2结合在一起非常不错.下面讲下使用的过程.
准备的jar包:struts2可以到http://struts.apache.org/download.cgi下载
juery_validator可以到http://plugins.jquery.com/project/validate下载
jquery_validator的介绍:
一.默认校验规则
(1)required:true 必输字段
(2)remote:"check.php" 使用ajax方法调用check.php验证输入值
(3)email:true 必须输入正确格式的电子邮件
(4)url:true 必须输入正确格式的网址
(5)date:true 必须输入正确格式的日期
(6)dateISO:true 必须输入正确格式的日期(ISO)，例如：2009-06-23，1998/01/22 只验证格式，不验证有效性
(7)number:true 必须输入合法的数字(负数，小数)
(8)digits:true 必须输入整数
(9)creditcard: 必须输入合法的信用卡号
(10)equalTo:"#field" 输入值必须和#field相同
(11)accept: 输入拥有合法后缀名的字符串（上传文件的后缀）
(12)maxlength:5 输入长度最多是5的字符串(汉字算一个字符)
(13)minlength:10 输入长度最小是10的字符串(汉字算一个字符)
(14)rangelength:[5,10] 输入长度必须介于 5 和 10 之间的字符串")(汉字算一个字符)
(15)range:[5,10] 输入值必须介于 5 和 10 之间
(16)max:5 输入值不能大于5
(17)min:10 输入值不能小于10

默认的提示在jquery_validate.js源码中可以看到是英文的提示:
messages: {.....}
可以自己进行修改.不过jquery_validate本来就提供了各个语言的包就在下载的jquery.validate.zip中localization包下.使用中文可以导入messages_cn.js;

下面是例子的开始:
整个项目的部署过程就不说了。下面会有例子上传
讲些重点.
reg.jsp:
Java代码
<link href="css/jquery_validate.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/jquery_validate.js"></script>
<script type="text/javascript" src="js/jquery.metadata.js"></script>
</head>
<script type="text/javascript">
$(function() {
    $("#jvForm").validate();
});
</script>
<body>
<form action="" method="post" id="jvForm">
<table>
<tr>
<td>name:</td>
<td><input type="text" name="bean.name"  class="{required:true,remote:'admin/core/ajax/checkUserName.action',messages:{remote:'用户名已存在！'}}"/></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="bean.password" class="required"/></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="提交"/></td>
</tr>
</table>
</form>

<link href="css/jquery_validate.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/jquery_validate.js"></script>
<script type="text/javascript" src="js/jquery.metadata.js"></script>
</head>
<script type="text/javascript">
$(function() {
$("#jvForm").validate();
});
</script>
<body>
<form action="" method="post" id="jvForm">
<table>
<tr>
<td>name:</td>
<td><input type="text" name="bean.name"  class="{required:true,remote:'admin/core/ajax/checkUserName.action',messages:{remote:'用户名已存在！'}}"/></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="bean.password" class="required"/></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="提交"/></td>
</tr>
</table>
</form>

首先引入jquery_validate.css.对提示的内容进行css格式的修改.
jquery.metadata.js可以提供
使用class="{}"的方式，可以使用如下的方法，修改提示内容：
class="{required:true,minlength:5,messages:{required:'请输入内容'}}"在使用equalTo关键字时，后面的内容必须加上引号，如下代码：
class="{required:true,minlength:5,equalTo:'#password'}"
它的其他几种表现方式就不介绍了.因为各个感觉这种表现形式是最好用的.
用户名的检测中我们做了一个模拟检验用户名是否存在(这种操作在项目中也是比较常见.对于一些名字不可以重复的进行提示).我们访问了checkName.action.下面看看相应的Action实体:
AdminAjaxAct
Java代码
public class AdminAjaxAct implements Action{


    /**
     * 判断前台用户注册
     *
     * @return
     */
    public String checkUserName() {
        String username = bean.getName();
        boolean b = true;
        if (StringUtils.isBlank(username)) {
            b = false;
        }

        if (b) {
            b = "test".equals(username);
        }
        //如果用户名存在.就代表检验用户存在
        //所以用户不能提交
        return renderText(b ? "false" : "true");
    }

    /**
     * 绕过Template,直接输出内容的简便函数.对常用的数据进行抽取.提高
            *提高重用性
     */
    protected String render(String text, String contentType) {
        try {
            HttpServletResponse response = ServletActionContext.getResponse();
            response.setContentType(contentType);
            response.getWriter().write(text);
        } catch (IOException e) {
        }
        return null;
    }

    /**
     * 直接输出字符串.
     */
    protected String renderText(String text) {
        return render(text, "text/plain;charset=UTF-8");
    }

    private Admin bean;



    public Admin getBean() {
        return bean;
    }



    public void setBean(Admin bean) {
        this.bean = bean;
    }



    @Override
    public String execute() throws Exception {
        return SUCCESS;
    }


}

public class AdminAjaxAct implements Action{

/**
* 判断前台用户注册
*
* @return
*/
public String checkUserName() {
String username = bean.getName();
boolean b = true;
if (StringUtils.isBlank(username)) {
b = false;
}

if (b) {
b = "test".equals(username);
}
//如果用户名存在.就代表检验用户存在
//所以用户不能提交
return renderText(b ? "false" : "true");
}

/**
* 绕过Template,直接输出内容的简便函数.对常用的数据进行抽取.提高
            *提高重用性
*/
protected String render(String text, String contentType) {
try {
HttpServletResponse response = ServletActionContext.getResponse();
response.setContentType(contentType);
response.getWriter().write(text);
} catch (IOException e) {
}
return null;
}

/**
* 直接输出字符串.
*/
protected String renderText(String text) {
return render(text, "text/plain;charset=UTF-8");
}

private Admin bean;

public Admin getBean() {
return bean;
}

public void setBean(Admin bean) {
this.bean = bean;
}

@Override
public String execute() throws Exception {
return SUCCESS;
}

}

StringUtils:apache提供的工具包(挺好用).因为要符合jquery_validator的形式所以输出的要为true.false方便以信息的形式进行提示.

从中就可以感觉到.在使用jquery_validator的时候使用struts2的OGNL表达式的原型完成可以整在一起.他传递参数也同样是使用是将对象的引用值用点串联起来.如bean.name;
jquery_validator也可以给用户自己扩展可以参考
转自

lunzi 2010-01-15 09:54:52 阅读:329 评论:0 引用:0

webwork ActionMapper妙用

在默认的DefaultActionMapper中,利用提交的参数我们就可以做到四种比较特别的功能：

执行另外的方法

<ww:form name="baz">
    <ww:textfield label="Enter your name" name="person.name"/>
    <ww:submit value="Create person"/>
    <ww:submit name="method:anotherMethod" value="Cancel"/>
</ww:form>
 
执行另外一个Action 

<ww:form name="baz">
    <ww:textfield label="Enter your name" name="person.name"/>
    <ww:submit value="Create person"/>
    <ww:submit name="action:anotherAction" value="Cancel"/>
</ww:form>
 
Redirect 直接转向一个网址
<ww:form name="baz">
    <ww:textfield label="Enter your name" name="person.name"/>
    <ww:submit value="Create person"/>
    <ww:submit name="redirect:www.google.com" value="Cancel"/>
</ww:form>
 


Redirect-action 直接转向另外一个action 

<ww:form name="baz">
    <ww:textfield label="Enter your name" name="person.name"/>
    <ww:submit value="Create person"/>
    <ww:submit name="redirect-action:dashboard" value="Cancel"/>
</ww:form>

来自

lunzi 2009-12-03 15:35:40 阅读:85 评论:0 引用:0

Apache优化

http://www.mesdn.net/blog/index.php?entry=entry090527-171518

lunzi 2009-10-23 15:06:08 阅读:94 评论:0 引用:0

跨库事务处理 spring+hibernate+struts2+jta


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
           http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
           http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">

	<bean id="dataSource"
		class="org.apache.commons.dbcp.BasicDataSource">
		<property name="driverClassName"
			value="net.sourceforge.jtds.jdbc.Driver">
		</property>
		<property name="url"
			value="jdbc:jtds:sqlserver://172.16.7.7:1433/NewsCenter">
		</property>
		<property name="username" value="vote"></property>
		<property name="password" value="123456"></property>
		<property name="maxActive">
			<value>200</value>
		</property>
		<property name="maxIdle">
			<value>70</value>
		</property>
		<property name="minIdle">
			<value>60</value>
		</property>
		<property name="maxWait">
			<value>2000</value>
		</property>
		<property name="initialSize">
			<value>60</value>
		</property>
		<property name="removeAbandoned">
			<value>true</value>
		</property>
		<property name="removeAbandonedTimeout">
			<value>60</value>
		</property>
		<property name="logAbandoned">
			<value>true</value>
		</property>
	</bean>

	<bean id="newsDataSource"
		class="org.apache.commons.dbcp.BasicDataSource">
		<property name="driverClassName"
			value="net.sourceforge.jtds.jdbc.Driver">
		</property>
		<property name="url"
			value="jdbc:jtds:sqlserver://172.16.7.3:1433/NewsCenter">
		</property>
		<property name="username" value="cahpa"></property>
		<property name="password" value="cahpa"></property>
		<property name="maxActive">
			<value>200</value>
		</property>
		<property name="maxIdle">
			<value>70</value>
		</property>
		<property name="minIdle">
			<value>60</value>
		</property>
		<property name="maxWait">
			<value>2000</value>
		</property>
		<property name="initialSize">
			<value>60</value>
		</property>
		<property name="removeAbandoned">
			<value>true</value>
		</property>
		<property name="removeAbandonedTimeout">
			<value>60</value>
		</property>
		<property name="logAbandoned">
			<value>true</value>
		</property>
	</bean>

	<bean id="sessionFactory"
		class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
		<property name="dataSource">
			<ref bean="dataSource" />
		</property>
		<property name="hibernateProperties">
			<props>
				<prop key="hibernate.dialect">
					org.hibernate.dialect.SQLServerDialect
				</prop>
				<prop key="hibernate.hbm2ddl.auto">update</prop>
				<prop key="hibernate.show_sql">true</prop>
			</props>
		</property>
		<property name="mappingResources">
			<list>
				<value>cn/com/comment/pojos/Catalog.hbm.xml</value>
				<value>cn/com/comment/pojos/Manager.hbm.xml</value>
				<value>cn/com/comment/pojos/Role.hbm.xml</value>
				<!-- 
					<value>cn/com/comment/pojos/Channels.hbm.xml</value>
					<value>cn/com/comment/pojos/Specials.hbm.xml</value>
					<value>cn/com/comment/pojos/News.hbm.xml</value> -->
				<value>cn/com/comment/pojos/Cmt.hbm.xml</value>
				<value>cn/com/comment/pojos/CmtExt.hbm.xml</value>
				<value>cn/com/comment/pojos/IpLock.hbm.xml</value>
			</list>
		</property>
	</bean>

	<bean id="newsSessionFactory"
		class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
		<property name="dataSource">
			<ref bean="newsDataSource" />
		</property>
		<property name="hibernateProperties">
			<props>
				<prop key="hibernate.dialect">
					org.hibernate.dialect.SQLServerDialect
				</prop>
				<prop key="hibernate.hbm2ddl.auto">update</prop>
				<prop key="hibernate.show_sql">true</prop>
			</props>
		</property>
		<property name="mappingResources">
			<list>
				<!-- 
					<value>cn/com/comment/pojos/Catalog.hbm.xml</value>
					<value>cn/com/comment/pojos/Manager.hbm.xml</value>
					<value>cn/com/comment/pojos/Role.hbm.xml</value>
					<value>cn/com/comment/pojos/Cmt.hbm.xml</value>
					<value>cn/com/comment/pojos/CmtExt.hbm.xml</value>
					<value>cn/com/comment/pojos/IpLock.hbm.xml</value> -->
				<value>cn/com/comment/pojos/Channels.hbm.xml</value>
				<value>cn/com/comment/pojos/Specials.hbm.xml</value>
				<value>cn/com/comment/pojos/News.hbm.xml</value>
			</list>
		</property>
	</bean>

	<bean id="jotm"
		class="org.springframework.transaction.jta.JotmFactoryBean" />
		
	<bean id="myTxManager"
		class="org.springframework.transaction.jta.JtaTransactionManager">
		<property name="userTransaction" ref="jotm" />
	</bean>


	<!-- 配置事务特性--> 
	<tx:advice id="txAdvice" transaction-manager="myTxManager">
		<tx:attributes>
			<tx:method name="save*" propagation="REQUIRED" />
			<tx:method name="del*" propagation="REQUIRED" />
			<tx:method name="update*" propagation="REQUIRED" />
			<tx:method name="*" read-only="true" />
		</tx:attributes>
	</tx:advice>

	<!-- 配置那些类的方法进行事务管理--> 
	<aop:config>
		<aop:pointcut id="allManagerMethod"
			expression="execution (* cn.com.comment.service.*.*(..))" />
		<aop:advisor advice-ref="txAdvice"
			pointcut-ref="allManagerMethod" />

	</aop:config>

	<bean id="catalogDao"
		class="cn.com.comment.dao.catalog.impl.CatalogDAO">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>

	<bean id="catalogService"
		class="cn.com.comment.service.catalog.impl.CatalogService">
		<property name="catalogDao" ref="catalogDao" />
	</bean>

	<bean id="managerDao"
		class="cn.com.comment.dao.manager.impl.ManagerDAO">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>

	<bean id="managerService"
		class="cn.com.comment.service.manager.impl.ManagerService">
		<property name="managerDao" ref="managerDao" />
	</bean>


	<bean id="roleDao" class="cn.com.comment.dao.role.impl.RoleDAO">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>

	<bean id="roleService"
		class="cn.com.comment.service.role.impl.RoleService">
		<property name="roleDao" ref="roleDao" />
	</bean>

	<bean id="channelDao"
		class="cn.com.comment.dao.channel.impl.ChannelDAO">
		<property name="sessionFactory" ref="newsSessionFactory" />
	</bean>

	<bean id="channelService"
		class="cn.com.comment.service.channel.impl.ChannelService">
		<property name="channelDao" ref="channelDao" />
	</bean>

	<bean id="specialDao"
		class="cn.com.comment.dao.special.impl.SpecialDAO">
		<property name="sessionFactory" ref="newsSessionFactory" />
	</bean>

	<bean id="specialService"
		class="cn.com.comment.service.special.impl.SpecialService">
		<property name="specialDao" ref="specialDao" />
		<property name="cmtDao" ref="cmtDao" />
	</bean>

	<bean id="newsDao" class="cn.com.comment.dao.news.impl.NewsDAO">
		<property name="sessionFactory" ref="newsSessionFactory" />
	</bean>

	<bean id="newsService"
		class="cn.com.comment.service.news.impl.NewsService">
		<property name="newsDao" ref="newsDao" />
		<property name="cmtDao" ref="cmtDao" />
	</bean>

	<bean id="cmtDao" class="cn.com.comment.dao.cmt.impl.CmtDAO">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>

	<bean id="cmtService"
		class="cn.com.comment.service.cmt.impl.CmtService">
		<property name="cmtDao" ref="cmtDao" />
		<property name="cmtExtService" ref="cmtExtService" />
		<property name="newsDao" ref="newsDao" />
		<property name="specialDao" ref="specialDao" />
	</bean>

	<bean id="cmtExtDao"
		class="cn.com.comment.dao.cmtext.impl.CmtExtDAO">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>

	<bean id="cmtExtService"
		class="cn.com.comment.service.cmtext.impl.CmtExtService">
		<property name="cmtExtDao" ref="cmtExtDao" />
	</bean>

	<bean id="ipDao" class="cn.com.comment.dao.ip.impl.IpDAO">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>

	<bean id="ipService"
		class="cn.com.comment.service.ip.impl.IpService">
		<property name="ipDao" ref="ipDao" />
	</bean>

	<!--  <import resource="modelContext.xml"/>-->

</beans>

参考资料

lunzi 2009-07-16 15:36:45 阅读:446 评论:0 引用:0

Acegi和cas整合

查看wiki版本的Acegi和cas整合


一、首先配置cas Server
我下载的最新的cas-server-3.3.2，去http://www.acegisecurity.org/downloads.html可下载，这个比较容易配置，建好对应的表，然后配置deployerConfigContext.xml中的

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />改为<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
       <property name="sql" value="select password from t_user where username=?" />
       <property name="dataSource" ref="dataSource" />
</bean>当然如果QueryDatabaseAuthenticationHandler满足不了需求可修改一下或继承AbstractJdbcUsernamePasswordAuthenticationHandler自己重写一个。
二、配置acegi
security.xml包含了acegi和cas所有的配置，代码如下：
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"
>

    <!--========================================================================
         认证管理器
    =========================================================================-->

    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <!-- 替换<ref bean="daoAuthenticationProvider" />为(1)  -->
                <ref local="casAuthenticationProvider"/><!-- (1) -->
                <ref bean="rememberMeAuthenticationProvider" />
            </list>
        </property>
    </bean>
    
    <!-- 新增的cas验证器 -->
    <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
              <property name="ticketValidator">
                     <ref bean="ticketValidator"/>
              </property>
              <property name="casProxyDecider">
                     <ref bean="casProxyDecider"/>
              </property>
              <property name="statelessTicketCache">
                     <ref bean="statelessTicketCache"/>
              </property>
              <property name="casAuthoritiesPopulator">
                     <ref bean="casAuthritiesPopulator"/>
              </property>
              <property name="key">
                     <value>some_unique_key</value>
              </property>
       </bean>
       
        <!-- 新增的票据验证器 -->
       <bean id="ticketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
              <property name="casValidate">
                     <value>https://ssoserver.com:8443/proxyValidate</value>
              </property>
              <!-- <property name="proxyCallbackUrl"><value>https://localhost:8443/Spring_Acegi/casProxy/receptor</value></property> -->
              <property name="serviceProperties">
                     <ref bean="serviceProperties"/>
              </property>
       </bean>
     
         <!-- 新增的cas服务对象属性 -->
       <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
              <property name="service">
                     <value>https://localhost:8443/Spring_Acegi/j_acegi_cas_security_check</value>
              </property>   
              <property name="sendRenew"><value>false</value></property>
       </bean>
     	
     	 <!-- 新增 -->
       <bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>
 
       <bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
              <property name="cache">
                     <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
                            <property name="cacheManager">
                                   <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                            </property>
                            <property name="cacheName" value="userCache"/>
                     </bean>
              </property>
       </bean>
     
     	<!-- 新增 -->
       <bean id="casAuthritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
              <property name="userDetailsService">
                     <ref bean="userDetailsService"/>
              </property>
	  </bean>


    <!-- 基于DAO验证的AuthenticationProvider -->
    <bean id="daoAuthenticationProvider"
        class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService" />
    </bean>

    <bean id="rememberMeAuthenticationProvider"
        class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
        <property name="key" value="remember_Me" />
    </bean>

    <!-- 使用内存DAO,实际应用时可用JdbcDao代替 
    <bean id="userDetailsService"
        class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userMap">
            <value>
                admin=password,enabled,ROLE_ADMIN,ROLE_USER,ROLE_TEST
                test=test,enabled,ROLE_USER
                guest=guest,enabled,ROLE_TEST
            </value>
        </property> 
        <property name="userProperties">
        	<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
        		<property name="location" value="/WEB-INF/users.properties"/>
        	</bean>
        </property>
    </bean>
    -->
    <bean id="userDetailsService"
		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
		<property name="dataSource" ref="dataSource" />
		<property name="usersByUsernameQuery">
			<value>
				SELECT username,password,1 FROM t_user WHERE status='1'
				AND username = ?
			</value>
		</property>
		<property name="authoritiesByUsernameQuery">
			<value>
				SELECT u.username,p.priv_name FROM t_user u,t_user_priv
				p WHERE u.user_id =p.user_id AND u.username = ?
			</value>
		</property>
	</bean>

    <!--========================================================================
         决策管理器
    =========================================================================-->

    <bean id="accessDecisionManager"
        class="org.acegisecurity.vote.AffirmativeBased">
        <property name="decisionVoters">
            <list>
                <bean class="org.acegisecurity.vote.RoleVoter" />
            </list>
        </property>
        <property name="allowIfAllAbstainDecisions" value="false" />
    </bean>

    <!--========================================================================
         过滤器链
    =========================================================================-->

    <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,rememberMeFilter,exceptionFilter,securityInterceptor
            </value>
        </property>
    </bean>

    <!-- 从Session中获得用户信息并放入SecurityContextHolder -->
    <bean id="httpSessionContextIntegrationFilter"
        class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
        <!-- URL redirected to after logout -->
        <constructor-arg value="/helloWorld.jsp" />
        <constructor-arg>
            <list>
                <ref bean="rememberMeServices" />
                <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
            </list>
        </constructor-arg>
        <property name="filterProcessesUrl" value="/j_logout.do" />
    </bean>

    <!-- 验证用户身份 替换为(2)
    <bean id="authenticationProcessingFilter"
        class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationFailureUrl" value="/login.jsp?login_error=Login%20failed." />
        <property name="defaultTargetUrl" value="/helloWorld.jsp" />
        <property name="filterProcessesUrl" value="/j_login.do" />
        <property name="rememberMeServices" ref="rememberMeServices" />
    </bean> -->

	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter"><!-- (2) -->
              <property name="authenticationManager" ref="authenticationManager"/>
              <property name="authenticationFailureUrl" value="https://ssoserver.com:8443/login?login_error=Login%20failed."/>
              <property name="defaultTargetUrl" value="/helloWorld.jsp"/>
              <property name="filterProcessesUrl" value="/j_acegi_cas_security_check"/>
              <property name="rememberMeServices" ref="rememberMeServices"/>
	</bean>

	
    <!-- 记住用户登录信息 -->
    <bean id="rememberMeFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="rememberMeServices" ref="rememberMeServices" />
    </bean>

    <!-- 处理登录异常或权限异常的Filter -->
    <bean id="exceptionFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <!-- 出现AuthenticationException时的登录入口 -->
        <property name="authenticationEntryPoint">
            <!--<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">替换为（3）
                <property name="loginFormUrl" value="/login.jsp" />
                <property name="forceHttps" value="false" />
            </bean>-->
            <bean class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
                     <property name="loginUrl">
                            <value>https://ssoserver.com:8443/login</value><!-- (3) -->
                     </property>
                     <property name="serviceProperties">
                            <ref bean="serviceProperties"/>
                     </property>
           </bean>
        </property>
        <!-- 出现AccessDeniedException时的Handler -->
        <property name="accessDeniedHandler">
            <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl" />
            <!-- 可?∈粜?: property name="errorPage" value="/denied.html" -->
        </property>
    </bean>

    <!-- 基于URL的安全拦截器 -->
    <bean id="securityInterceptor"
        class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="accessDecisionManager" ref="accessDecisionManager" />
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /admin/**=ROLE_ADMIN
                /user/**=ROLE_USER
                /jsp/**=ROLE_TEST
            </value>
        </property>
    </bean>

    <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="userDetailsService" />
        <property name="parameter" value="j_remember_me" />
        <property name="key" value="remember_Me" />
        <property name="tokenValiditySeconds" value="31536000" />
    </bean>

</beans>

参考资料一
 参考资料二www.acegisecurity.org/guide/springsecurity.html]参考资料二[/url]2;

</beans>

<a href ="http://blog.csdn.net/hitman9099/archive/2008/07/11/2637658.aspx" target="_blank">参考资料一</a>
<a href ="http://www.acegisecurity.org/guide/springsecurity.html" target="_blank">参考

lunzi 2009-06-12 14:51:08 阅读:449 评论:0 引用:0

FreeMarker解析字符串模板

重写Freemarker的模板加载器即可:
package cn.com.aweb.vote.test.other;

import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.util.HashMap;
import java.util.Map;

import freemarker.cache.TemplateLoader;

public class StringTemplateLoader implements TemplateLoader {

private static final String DEFAULT_TEMPLATE_KEY = "_default_template_key";
private Map templates = new HashMap();

public StringTemplateLoader(String defaultTemplate) {
if (defaultTemplate != null && !defaultTemplate.equals("")) {
templates.put(DEFAULT_TEMPLATE_KEY, defaultTemplate);
}
}

public void AddTemplate(String name, String template) {
if (name == null || template == null || name.equals("")
|| template.equals("")) {
return;
}
if (!templates.containsKey(name)) {
templates.put(name, template);
}
}

public void closeTemplateSource(Object templateSource)
throws IOException {

}

public Object findTemplateSource(String name) throws IOException {
if (name == null || name.equals("")) {
name = DEFAULT_TEMPLATE_KEY;
}
return templates.get(name);
}

public long getLastModified(Object templateSource) {
return 0;
}

public Reader getReader(Object templateSource, String encoding)
throws IOException {
return new StringReader((String) templateSource);
}

}

测试类：
package cn.com.aweb.vote.test.other;

import java.io.StringWriter;
import java.util.HashMap;
import java.util.Map;

import freemarker.template.Configuration;
import freemarker.template.Template;

public class Test{

public static void main(String[] args) throws Exception {
Configuration cfg = new Configuration();
        cfg.setTemplateLoader(new StringTemplateLoader("hello：${user}"));
        cfg.setDefaultEncoding("UTF-8");

        Template template = cfg.getTemplate("");

        Map root = new HashMap();
        root.put("user", "lunzi");

        StringWriter writer = new StringWriter();
        template.process(root, writer);
        System.out.println(writer.toString());
}
}

lunzi 2009-03-17 18:10:38 阅读:1131 评论:1 引用:0

json-rpc-java

JSON-RPC-Java是一个用Java来实现动态JSON-RPC的框架. 利用它内置的一个轻级量JSON-RPC JavaScripIt客户端,可以让你透明地在JavaScript中调用Java代码。JSON-RPC-Java可运行在Servlet容器中如Tomcat也可以运行在JBoss与其它J2EE应用服务器中因此可以在一个基于JavaScript与DHTML的Web应用程序中利用它来直接调用普通Java方法与EJB方法。JSON：JavaScript Object Notation

json-rpc-java站点

lunzi 2009-03-16 14:10:49 阅读:251 评论:0 引用:0

struts2整合json及extjs

测试过程出现的错误信息：
java.lang.NoSuchMethodError: com.opensymphony.xwork2.ActionContext.get(Ljava/lang/String;)Ljava/lang/Object;
at com.googlecode.jsonplugin.JSONResult.execute(JSONResult.java:157)。。。

解决方式：
版本不对应的关系。
0.33的json-plugin对应struts2.1.x,而0.32对应2.0.x

参考来源

 整合extjs资料

lunzi 2009-03-16 10:56:47 阅读:3096 评论:0 引用:0

lunzi

勇者无所畏惧强者自强不息

导航

j2ee学习

最新评论

j2ee学习

lunzi

勇者无所畏惧 强者自强不息

导航

j2ee学习

最新评论

j2ee学习

勇者无所畏惧强者自强不息