当前位置: 编程技术>软件工程/软件设计
本页文章导读:
▪Spring Security Logout 原文地址:http://www.javaarch.net/jiagoushi/697.htm
Spring Security Logout
spring logout配置:
<http>
...
<logout/>
</http>
Logout url:jsp页面
<%@ taglib prefix="c" uri="http://java.........
▪Spring Security Basic Authentication 原文地址:http://www.javaarch.net/jiagoushi/696.htm
Spring Security Basic Authentication
spring security 配置
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema.........
▪动态代理模式 这篇博客对应上篇博客《静态代理模式》,我们来说一下动态代理,静态代理之所以扩展和维护比较困难,是因为代码写的太死,没有可替换的余地;针对代码写得死能想到什么解.........
[1]Spring Security Logout
来源: 互联网 发布时间: 2013-11-19
原文地址:http://www.javaarch.net/jiagoushi/697.htm
Spring Security Logout
spring logout配置:
<http>
...
<logout/>
</http>
Logout url:jsp页面
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head></head>
<body>
<a href=/blog_article/"<c_url/index.html value="/j_spring_security_logout" />">Logout</a>
</body>
</html>
logout成功之后url配置:
<logout logout-success-url="/afterlogout.html" /> 或者 <logout logout-success-url="/login.html" />
logout的url配置:delete-cookies="JSESSIONID" session失效
<logout
logout-success-url="/anonymous.html"
logout-url="/perform_logout" delete-cookies="JSESSIONID"/>
还可以通过success-handler-ref="customLogoutSuccessHandler"配置logout的回调接口
<logout
logout-url="/perform_logout"
delete-cookies="JSESSIONID"
success-handler-ref="customLogoutSuccessHandler" />
...
<beans:bean name="customUrlLogoutSuccessHandler" />
CustomLogoutSuccessHandler.java
public class CustomLogoutSuccessHandler extends
SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
@Autowired
private AuditService auditService;
@Override
public void onLogoutSuccess
(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String refererUrl = request.getHeader("Referer");
auditService.track("Logout from: " + refererUrl);
super.onLogoutSuccess(request, response, authentication);
}
}
github示例工程地址:https://github.com/eugenp/tutorials/tree/master/spring-security-login
作者:zhongweijian 发表于2013-6-2 16:14:14 原文链接
阅读:22 评论:0 查看评论
[2]Spring Security Basic Authentication
来源: 互联网 发布时间: 2013-11-19
原文地址:http://www.javaarch.net/jiagoushi/696.htm
Spring Security Basic Authentication
spring security 配置
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
<http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()" />
<http-basic />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user1" password="user1Pass" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
<http-basic>打开basic验证,
如果我们访问:curl -i http://localhost:8080/spring-security-basic-auth/homepage.html
会返回401
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E5A8D3C16B65A0A007CFAACAEEE6916B; Path=/spring-security-basic-auth/; HttpOnly
WWW-Authenticate: Basic realm="Spring Security Application"
Content-Type: text/html;charset=utf-8
Content-Length: 1061
Date: Wed, 29 May 2013 15:14:08 GMT
如果我们使用下面的url访问:curl -i --user user1:user1Pass http://localhost:8080/spring-security-basic-auth/homepage.html
则返回200
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=301225C7AE7C74B0892887389996785D; Path=/spring-security-basic-auth/; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 90
Date: Wed, 29 May 2013 15:19:38 GMT
我们也可以使用spring提供的扩展接口来实现验证结果自定义
<http-basic entry-point-ref="myBasicAuthenticationEntryPoint" />
@Component
public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
@Override
public void commence
(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)
throws IOException, ServletException {
response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
PrintWriter writer = response.getWriter();
writer.println("HTTP Status 401 - " + authEx.getMessage());
}
@Override
public void afterPropertiesSet() throws Exception {
setRealmName("Baeldung");
super.afterPropertiesSet();
}
}
作者:zhongweijian 发表于2013-6-2 16:13:37 原文链接
阅读:18 评论:0 查看评论
[3]动态代理模式
来源: 互联网 发布时间: 2013-11-19
这篇博客对应上篇博客《静态代理模式》,我们来说一下动态代理,静态代理之所以扩展和维护比较困难,是因为代码写的太死,没有可替换的余地;针对代码写得死能想到什么解决办法?对,就是反射。
使用反射可以很到的解决决定加载哪个代理类的问题,避免了每个代理类都要重复写的问题,话不多说,来看代码。
动态代理 接口UserManager/***
* 用户控制接口
* @author Administrator
*
*/
public interface UserManager {
public void addUser(String userId,String userName);
public void modifyUser(String userId,String userName);
public void delUser(String userId);
public String findUser(String userId);
}
实现类UserManagerImpl
/****
* 用户管理真正的实现类
* @author Administrator
*
*/
public class UserManagerImpl implements UserManager {
/*****
* 添加用户
*/
public void addUser(String userId, String userName) {
System.out.println("正在添加用户,用户为:"+userId+userName+"……");
}
/*****
* 删除用户
*/
public void delUser(String userId) {
System.out.println("delUser,userId="+userId);
}
/***
* 查找用户
*/
public String findUser(String userId) {
System.out.println("findUser,userId="+userId);
return userId;
}
public void modifyUser(String userId, String userName) {
System.out.println("modifyUser,userId="+userId);
}
}
代理类LogHandler
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
public class LogHandler implements InvocationHandler {
private Object targetObject;
public Object newProxyInstance(Object targetObject) {
this.targetObject = targetObject;
return Proxy.newProxyInstance(targetObject.getClass().getClassLoader(),
targetObject.getClass().getInterfaces(), this);
}
public Object invoke(Object proxy, Method method, Object[] args)
throws Throwable {
Object ret = null;
try {
System.out.println("正在进行操作前的准备工作……");
//调用目标方法
ret = method.invoke(targetObject, args);
System.out.println("操作成功,正在进行确认处理……");
} catch (Exception e) {
e.printStackTrace();
System.out.println("error-->>" + method.getName());
throw e;
}
return ret;
}
}
客户端Client
public class Client {
/**
* @param args
*/
public static void main(String[] args) {
LogHandler logHandler = new LogHandler();
UserManager userManager = (UserManager)logHandler.newProxyInstance(new UserManagerImpl());
userManager.findUser("0001");
}
}
运行结果
动态代理模式通过使用反射,可以在运行期决定加载哪个类,避免了一个类对应一个代理的问题;同时,通过统一的invoke方法,统一了代理类对原函数的处理过程,使用动态代理很大程度上减少了重复的代码,降低了维护的复杂性和成本。
更多DRP系列博客,其访问《DRP项目总结》。
作者:lidaasky 发表于2013-6-3 8:08:36 原文链接
阅读:4 评论:0 查看评论
最新技术文章: