Acegi安全配置
现在我们来讨论如何在Spring配置文件中配置Acegi安全。如前所述,我们配置了业务逻辑bean,因此由securityInterceptor bean来侦听方法调用,以执行安全检查。下面我们来看看如何配置该bean。下面所示是securityInterceptor bean的部分Spring配置文件代码。securityInterceptor bean是由名为MethodSecurityInterceptor的Acegi类提供的。正如其名称所示,该类用于加强方法调用的安全,通过侦听调用并检查调用方是否经过认证和授权。
<beans>
. . .
<bean id="securityInterceptor"
class="org.acegisecurity.intercept.method.
aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager">
<bean class="org.acegisecurity.
providers.ProviderManager">
<property name="providers">
<list>
<bean class="org.acegisecurity.providers.anonymous.
AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>
</property>
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity. vote.RoleVoter"/>
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
com.mybank.bizlogic.AccountMgr.transferFunds=ROLE_MANAGER
</value>
</property>
</bean>
. . .
</beans>
. . .
<bean id="securityInterceptor"
class="org.acegisecurity.intercept.method.
aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager">
<bean class="org.acegisecurity.
providers.ProviderManager">
<property name="providers">
<list>
<bean class="org.acegisecurity.providers.anonymous.
AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>
</property>
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity. vote.RoleVoter"/>
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
com.mybank.bizlogic.AccountMgr.transferFunds=ROLE_MANAGER
</value>
</property>
</bean>
. . .
</beans>
