有没有人做过acegi,那个方法拦截是怎么实现的,大家看看这个部分配置有没有问题

<!-- ===================== METHOD SECURITY ====================  -->
  <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
    <property name="dataSource">
      <ref bean="dataSource"/>
    </property>
  </bean>
  <bean id="customEditorConfigurer" class="org.springframework.beans.factory.config.CustomEditorConfigurer">
    <property name="customEditors">
      <map>
        <entry key="net.sf.acegisecurity.intercept.method.MethodDefinitionSource">
          <bean class="com.huaweisymantec.autosolution.atcenter.security.util.DataSourceMethodDefinitionSourceEditor">
            <property name="jdbcTemplate"> <ref bean="jdbcTemplate"/> </property>
          </bean>
        </entry>
      </map>
    </property>
  </bean>
  <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
       <property name="interceptorNames">
          <list>
             <value>securityInterceptor</value>
          </list>
       </property>
       <property name="beanNames">
          <list>            
              <value>*Action</value>
          </list>
     </property>
     <property name="proxyTargetClass" value="true"/> 
    </bean>
  <bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
        <property name="objectDefinitionSource">
        <value>
          select authority,PROTECTED_RES from auth where authority like 'AUTH_%Action%' and type='METHOD'   
        </value>
     </property>
  </bean>   

解决方案 »

  1.   

    <bean id="jdbcDaoImpl" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
         <property name="dataSource"><ref bean="dataSource"/></property>
         <property name="usersByUsernameQuery">
           <value>SELECT User_HWId as USERNAME,User_Active as PASSWORD,1 as ENABLE FROM testuser WHERE User_HWId=? and User_Active=1</value>
         </property>
         <property name="authoritiesByUsernameQuery">
           <value>
             SELECT u.User_HWId,a.Authority FROM `testuser` u ,`role` r, `user_role` ur,`auth` a,`role_auth` ra
             where  u.User_Id=ur.User_Id
                    and r.Role_Id=ur.Role_Id
                    and ur.Role_Id=ra.Role_Id
                    and a.Auth_Id=ra.Auth_Id
                    and u.User_HWId=?
           </value>
         </property>
       </bean>
      

  2.   

    <bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
         <property name="key"><value>foobar</value></property>
         <property name="userAttribute"><value>anonymousUser,AUTH_ANONYMOUS,AUTH_TaskAction_detail,AUTH_TaskAction_showLog,AUTH_TaskAction_download</value></property>
      </bean>
    --------------------------------------------------------------------------
    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
          <property name="objectDefinitionSource">
             <value>
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /add*au.action=AUTH_ProductAction_add
        /Login!loadAllUsers.action=AUTH_UserAction_query
                    /RoleAction!queryRoles.action=AUTH_RoleAction_query
                    
             </value>
          </property>
       </bean>