Earl_86

Pathway from ACEGI to Spring Security 2.0（2）

The main part of this piece of configuration is the secureResourceFilter, this is a class that implements FilterInvocationDefinitionSource and is called when Spring Security needs to check the Authorities for a requested page.
Here is the code for MySecureResourceFilter:
view plain copy to clipboard print ?
1. package org.security.SecureFilter;
3. import java.util.Collection;
4. import java.util.List;
6. import org.springframework.security.ConfigAttributeDefinition;
7. import org.springframework.security.ConfigAttributeEditor;
8. import org.springframework.security.intercept.web.FilterInvocation;
9. import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
12. public class MySecureResourceFilter implements FilterInvocationDefinitionSource {
14. public ConfigAttributeDefinition getAttributes(Object filter) throws IllegalArgumentException {
16. FilterInvocation filterInvocation = (FilterInvocation) filter;
18. String url = filterInvocation.getRequestUrl();
20. // create a resource object that represents this Url object
21. Resource resource = new Resource(url);
23. if (resource == null) return null;
24. else{
25. ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor();
26. // get the Roles that can access this Url
27. List<Role> roles = resource.getRoles();
28. StringBuffer rolesList = new StringBuffer();
29. for (Role role : roles){
30. rolesList.append(role.getName());
31. rolesList.append(",");
32. }
33. // don't want to end with a "," so remove the last ","
34. if (rolesList.length() > 0)
35. rolesList.replace(rolesList.length()-1, rolesList.length()+1, "");
36. configAttrEditor.setAsText(rolesList.toString());
37. return (ConfigAttributeDefinition) configAttrEditor.getValue();
38. }
39. }
41. public Collection getConfigAttributeDefinitions() {
42. return null;
43. }
45. public boolean supports(Class arg0) {
46. return true;
47. }
49. }
```
package org.security.SecureFilter;

import java.util.Collection;
import java.util.List;

import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;


public class MySecureResourceFilter implements FilterInvocationDefinitionSource {

 public ConfigAttributeDefinition getAttributes(Object filter) throws IllegalArgumentException {
  
  FilterInvocation filterInvocation = (FilterInvocation) filter;
  
  String url = filterInvocation.getRequestUrl();
  
  // create a resource object that represents this Url object
  Resource resource = new Resource(url);
  
  if (resource == null) return null;
  else{
      ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor();
   // get the Roles that can access this Url
   List<Role> roles = resource.getRoles();
   StringBuffer rolesList = new StringBuffer();
   for (Role role : roles){
    rolesList.append(role.getName());
    rolesList.append(",");
   }
   // don't want to end with a "," so remove the last ","
   if (rolesList.length() > 0)
    rolesList.replace(rolesList.length()-1, rolesList.length()+1, "");
   configAttrEditor.setAsText(rolesList.toString());
   return (ConfigAttributeDefinition) configAttrEditor.getValue();
  }  
 }

 public Collection getConfigAttributeDefinitions() {
  return null;
 }

 public boolean supports(Class arg0) {
  return true;
 }

}
```
This getAttributes() method above essentially returns the name of Authorities (which I call Roles) that are allowed access to the current Url.

posted @ 2008-11-20 08:55 Earl_86 阅读(265) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

Earl_86

Pathway from ACEGI to Spring Security 2.0（2）

公告