Spring Security
methodsecurityinterceptor example
The spring-security.xml
=============================================================
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id='TestBean' class='com.springSecurity.TestBeanImpl'/>
<!-- 1. use Spring’s BeanNameAutoProxyCreator and simply list the beans that you’ll want secured -->
<bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>
<property name='interceptorNames'>
<list><value>securityInterceptor</value></list>
</property>
<property name='beanNames'>
<list><value>bookBean</value></list>
</property>
</bean>
<!-- Here the autoproxy creator has been instructed to proxy its beans with a single interceptor, a bean named securityInterceptor.
The securityInterceptor bean is configured as follows --
MethodSecurityInterceptor does for method invocations what FilterSecurityInterceptor
does for servlet requests. That is, it intercepts the invocation and coordinates the efforts of
the authentication manager and the access decision manager to ensure that method requirements are met.
>
<bean id='securityInterceptor' class='org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
<property name='authenticationManager' ref='authenticationManager'/>
<property name='accessDecisionManager' ref='accessDecisionManager'/>
<property name='objectDefinitionSource'>
<value>
com.springSecurity.TestBean.setValue=ROLE_MANAGER
com.springSecurity.TestBean.changeValue=ROLE_WORKER,ROLE_MANAGER
</value>
</property>
</bean>
<!-- Spring Security comes with InMemoryDaoImpl,The userMap property is configured with an org.acegisecurity.userdetails.memory.UserMap
object that defines a set of usernames, passwords, and privileges. -->
<bean id='userDetailsService' class='org.acegisecurity.userdetails.memory.InMemoryDaoImpl'>
<property name='userMap'>
<value>
manager=manager,ROLE_MANAGER
worker=worker,ROLE_WORKER
anonymous=anonymous,
disabled=disabled,disabled,ROLE_WORKER
anish=anish,ROLE_ADMIN
</value>
</property>
</bean>
<!--
org.acegisecurity.vote.AffirmativeBased Allows access if at least one voter votes to grant access
org.acegisecurity.vote.ConsensusBased Allows access if a consensus of voters vote to grant access
org.acegisecurity.vote.UnanimousBased Allows access if all voters vote to grant access
-->
<bean id='accessDecisionManager' class='org.acegisecurity.vote.AffirmativeBased'>
<property name='decisionVoters'>
<list><ref bean='roleVoter'/></list>
</property>
</bean>
<!--
The purpose of ProviderManager is to enable you to
authenticate users against multiple identity management sources.
-->
<bean id='authenticationManager' class='org.acegisecurity.providers.ProviderManager'>
<property name='providers'>
<list><ref bean='authenticationProvider'/></list>
</property>
</bean>
<bean id='authenticationProvider' class='org.acegisecurity.providers.dao.DaoAuthenticationProvider'>
<property name='userDetailsService' ref='userDetailsService'/>
</bean>
<!--
The way that RoleVoter decides on its vote is by simply comparing all
of the configuration attributes of the secured resource
(that are prefixed with ROLE_) with all of the authorities
granted to the authenticated user. If RoleVoter
finds a match, it will
cast an ACCESS_GRANTED vote.
Otherwise, it will cast an ACCESS_DENIED vote.
-->
<bean id='roleVoter' class='org.acegisecurity.vote.RoleVoter'/>
</beans>
=============================================================
package com.springSecurity;
public interface TestBean {
public int getValue();
public void setValue(int value);
public void changeValue(int value);
}
==================================
public class TestBeanImpl implements TestBean {
private int value = 0;
public TestBeanImpl() {
super();
}
public int getValue() {
return this.value;
}
// replace the value.
public void setValue(int value) {
this.value = value;
}
// change the value.
public void changeValue(int value) {
this.value += value;
}
}
==
MethodSecurityInterceptor Example
MethodSecurityInterceptor
Configuring AOP MethodSecurityInterceptor
MethodSecurityInterceptor (Spring Security 3.0.0.RELEASE API)
securing Method invocation Spring
Spring Security
Using Method Invocation
objectDefinitionSource Example
methodsecurityinterceptor objectdefinitionsource
ANish
No comments:
Post a Comment