只有在服务器上配置哪个目录在访问的时候用HTTP基本认证它才会起作用(一开始还以为是Acegi的BUG呢)
下面说一下真正对URL资源的保护了filterSecurityInterceptor它的本质是个过滤器有了前面*管理器的基础了这就很容易了
<bean id=
filterSecurityInterceptor
class=
org
acegisecurity
intercept
web
FilterSecurityInterceptor
>
<property name=authenticationManager>
<ref local=authenticationManager/>
</property>
<property name=accessDecisionManager>
<ref local=accessDecisionManager/>
</property>
<property name=objectDefinitionSource><! 把URL和可访问的用户组对应起来 >
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON<! 把URL全部转化为小写 >
PATTERN_TYPE_APACHE_ANT<! 以ANT的形式来配置路径 >
/okhtml=ROLE_USER
</value>
</property>
</bean>
光这样配置还是不够的因为当授权失败的时候会抛出异常的我们应该配置一个异常过滤器来捕获它exceptionTranslationFilter它是用来捕获异常的看一下配置吧
<bean id=
exceptionTranslationFilter
class=
org
acegisecurity
ui
ExceptionTranslationFilter
>
<property name=authenticationEntryPoint><ref local=authenticationProcessingFilterEntryPoint/></property>
<property name=accessDeniedHandler>
<bean class=orgacegisecurityuiAccessDeniedHandlerImpl>
<property name=errorPage value=/failurehtml/><! 发生异常转向的网页 >
</bean>
</property>
</bean>
<bean id=authenticationProcessingFilterEntryPoint class=orgacegisecurityuiwebappAuthenticationProcessingFilterEntryPoint>
<property name=loginFormUrl><value>/Loginhtml</value></property><! 得到表单的信息 >
<property name=forceHttps><value>false</value></property><! 不用https >
</bean>
这样就OK了
最后说一下对类中方法的保护首先写一个类并在spring中配置好
package orgliacegi;
public class TestAcegi
{
public void Role()
{
Systemoutprintln(javafish);
}
}
<bean id=testAcegi class=orgliacegiTestAcegi/>
然看写个servlet访问一下它
package orgliservlet;
import javaioIOException;
import javaioPrintWriter;
import javaxservletServletException;
import javaxservlethttpHttpServlet;
import javaxservlethttpHttpServletRequest;
import javaxservlethttpHttpServletResponse;
[] [] [] [] [] []
![浅谈Acegi配置-Spring-Java[4]](/UploadFiles/7.jpg)