ÏóÆäËûµÄÈí¼þÒ»Ñù£¬Acegi SecurityÒ²ÓÐÔÚÕû¸ö¿ò¼ÜÖж¼»áʹÓõÄÌØ¶¨ºËÐĽӿڣ¬À࣬ºÍ¸ÅÄî³éÏó¡£ÔÚÊÖ²áµÄÕâÒ»²¿·Ö£¬ÔÚ¼ìÊÓÕâЩ¹æ»®ºÍÖ´ÐÐAcegi Security¼¯³ÉËù±ØÐëµÄºËÐÄÒªËØÖ®Ç°£¬ÎÒÃÇÏȽéÉÜAcegi Security¡£
µÚÒ»ÕÂ. ¼ò½é
1.1. Acegi SecurityÊÇʲô?
Acegi SecurityΪ»ùÓÚJ2EEµÄÆóÒµÈí¼þÓ¦ÓÃÌá¹©È«ÃæµÄ°²È«·þÎñ¡£ÌرðÊÇʹÓÃÁìÏȵÄJ2EE½â¾ö·½°¸£Srping¿ò¼Ü¿ª·¢µÄÏîÄ¿¡£Èç¹ûÄú²»ÊÇʹÓÃSpring¿ª·¢ÆóÒµÓ¦Óã¬ÎÒÃÇÎÂܰÌáÐÑÄú×ÐϸÑо¿Ò»Ï¡£ÊìϤSpring£¬ÓÈÆäÊÇÒÀÀµ×¢ÉäÔÀí£¬»á¼«´óµÄ°ïÖúÄã¿ìËÙÕÆÎÕAcegi Security¡£
ÈËÃÇʹÓÃAcegi SecurityÓкܶàÖÖÔÒò£¬²»¹ýͨ³£ÎüÒýËûÃǵ½Õâ¸öÏîÄ¿µÄÔÒòÊÇËûÃÇÔÚJ2EEµÄ Servlet Specification »òÕß EJB SpecificationÖÐÕÒ²»µ½ÆÈÇÐÐèÒªµÄµäÐÍÆóÒµÓ¦Óó¡¾°¡£Ìáµ½ÕâЩ¹æ·¶£¬ÌرðÒªÌá³öµÄÊÇËûÃDz»ÊÇÔÚWAR»òÕßEAR¼¶±ð¿ÉÒÆÖ²µÄ¡£ÕâÑù£¬Èç¹ûÄãÇл»·þÎñÆ÷»·¾³£¬Ò»°ãÀ´ËµÄãÒªÔÚÄ¿±ê»·¾³Öл¨·ÑºÜ¶à¹¤·òÀ´ÖØÐÂÅäÖÃÄãµÄÓ¦Óð²È«¡£Ê¹ÓÃAcegi Security½â¾öÁËÕâЩÎÊÌ⣬²¢ÇÒΪÄãÌṩÁ˺ܶàÆäËûÓÐÓõģ¬ÍêÈ«¿É¶¨ÖƵİ²È«ÌØÐÔ¡£
ÈçÄãËùÖª£¬°²È«°üº¬Á½¸öÖ÷Òª²Ù×÷¡£µÚÒ»¸ö±»³ÆÎª“ÈÏÖ¤”£¬ÊÇΪÓû§½¨Á¢Ò»¸öËüËùÉùÃ÷µÄprincipal¡£Principalͨ³£´ú±íÓû§£¬É豸£¬»òÕ߯äËûÄÜÔÚÄãµÄÓ¦ÓÃÖÐÖ´ÐвÙ×÷µÄÆäËûϵͳ¡£“ÊÚȨ”Ö¸Åж¨Ò»¸öprincipalÄÜ·ñÔÚÄãµÄϵͳÖÐÖ´ÐÐij¸ö²Ù×÷¡£ÔÚµ½´ïÊÚȨÅжÏ֮ǰ£¬principalµÄµÄÉí·ÝÈÏÖ¤ÒѾÓÉÈÏÖ¤¹ý³ÌÖ´ÐйýÁË¡£ÕâЩ¸ÅÄîÊÇͨÓõ쬲»ÊÇAcegi SecurityÌØÓеġ£
ÔÚÈÏÖ¤²ãÃæ£¬Acegi Security¹ã·ºÖ§³Ö¸÷ÖÖÈÏ֤ģ¿é¡£ÕâЩÈÏ֤ģ¿é¾ø´ó¶àÊýÊǵÚÈý·½Ìṩ£¬»òÕßÏà¹ØµÄ±ê×¼×éÖ¯¿ª·¢µÄ£¬ÀýÈçInternet Engineering Task Force¡£×÷Ϊ²¹³ä£¬Acegi Security×Ô¼ºÒ²ÌṩÁËһЩÈÏÖ¤¹¦ÄÜ¡£Acegi Securityµ±Ç°Ö§³ÖÈçϵÄÈÏÖ¤¼¼Êõ¡£
• HTTP BASIC authentication headers (an IEFT RFC-based standard)
• HTTP Digest authentication headers (an IEFT RFC-based standard)
• HTTP X.509 client certificate exchange (an IEFT RFC-based standard)
• LDAP (a very common approach to cross-platform authentication needs, especially in large environments)
• Form-based authentication (for simple user interface needs)
• Computer Associates Siteminder
• JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open source single sign on system)
• Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)
• Auto
• Anonymous authentication (allowing every call to auto
• Run-as authentication (which is useful if one call should proceed with a different security identity)
• Java Authentication and Authorization Service (JAAS)
• Container integration with JBoss, Jetty, Resin and Tomcat (so you can still use Container Manager Authentication if desired)
• Äã×Ô¼ºµÄÈÏ֤ϵͳ (ÈçÏÂËùʾ)
ºÜ¶à¶ÀÁ¢Èí¼þ¹©Ó¦ÉÌ(ISVs)Ñ¡ÔñAcegi SecurityÊÇÒòΪËü¾ßÓзḻµÄÈÏ֤ģ¿é¡£ÕâÑùÎÞÂÛËûÃǵÄÖն˿ͻ§ÐèҪʲô£¬ËûÃǶ¼¿ÉÒÔ¿ìËÙ¼¯³Éµ½ËûÃǵÄϵͳÖУ¬²»Óû¨ºÜ¶à¹¤·ò»òÕßÈÃÖն˿ͻ§¸Ä±ä»·¾³¡£Èç¹ûAcegi Security System for SpringµÄ7¸öÈÏ֤ģ¿é»¹Ã»ÓÐÂú×ãÄãµÄÐèÇóµÄ»°£¬Acegi SecurityÊÇÒ»¸ö¿ª·ÅµÄϵͳ£¬ºÜÈÝÒ×дÄã×Ô¼ºµÄÈÏÖ¤»úÖÆ¡£Ðí¶àAcegi SecurityµÄÆóÒµÓû§ÐèÒªºÍ“ÒÅÁô”ϵͳ¼¯³É£¬ÕâЩÒÅÁôϵͳ²»×ñÑÈκΰ²È«±ê×¼£¬Acegi SecurityÄܹ»ºÍÕâÑùµÄϵͳ“ºÏ×÷Óä¿ì”¡£
ÓÐʱºò»ù±¾µÄÈÏÖ¤ÊDz»¹»µÄ¡£ÓÐʱºòÄãÐèÒª¸ù¾ÝprincipalºÍÓ¦Óý»»¥µÄ·½Ê½À´Ó¦Óò»Í¬µÄ°²È«´ëÊ©¡£ÀýÈ磬Äã¿ÉÄÜΪÁË·ÀÖ¹ÃÜÂë±»ÇÔÈ¡£¬»òÕß·ÀÖ¹ÖÕ¶ËÓû§Êܵ½“ÖмäÈË”¹¥»÷£¬ÐèÒª±£Ö¤µ½´ïµÄÊÇÇëÇóͨ¹ýHTTPSµÄ¡£»òÕߣ¬ÄãҪȷ±£ÊÇÒ»¸öÕæÕýµÄÈ˶ø²»ÊÇijÖÖ»úÆ÷ÈË»òÕß×Ô¶¯½ø³ÌÔÚ·¢ËÍÇëÇó¡£Õâ¶ÔÓÚ±£»¤ÃÜÂë»Ö¸´²»Êܱ©Á¦ÆÆ½â¹¥»÷£¬»òÕß·ÀÖ¹ËûÈ˺ÜÈÝÒ׵ĸ´ÖÆÄãÓ¦ÓõĹؼüÄÚÈÝ¡£ÎªÁ˰ïÖúÄãʵÏÖÕâЩĿ±ê£¬Acegi SecurityÍêȫ֧³Ö×Ô¶¯“ͨµÀ°²È«”("channel security")£¬ÒÔ¼°¼¯³ÉJcaptchaÀ´¼ì²âÊÇ·ñÊÇÕæÕýÈËÀàÓû§¡£
Acegi Security²»½öÌṩÁËÈÏÖ¤¹¦ÄÜ£¬¶øÇÒÌṩÁËÍ걸µÄÊÚȨ¹¦ÄÜ¡£ÔÚÊÚȨ·½ÃæÖ÷ÒªÓÐÈý¸öÁìÓò£¬ÊÚȨwebÇëÇó£¬ÊÚȨ·½·¨µ÷Óã¬ÊÚȨ´æÈ¡µ¥¸öÁìÓò¶ÔÏóʵÀý¡£ÎªÁ˰ïÖúÄãÀí½âÕâÐ©Çø±ð£¬¶ÔÕÕ¿¼ÂÇÒ»ÏÂServlet ¹æ·¶ÖеÄwebģʽ°²È«µÄÊÚȨ¹¦ÄÜ£¬EJBÈÝÆ÷¹ÜÀí°²È«ÒÔ¼°Îļþϵͳ°²È«¡£Acegi SecurityÌṩÁËËùÓÐÕâÐ©ÖØÒªÁìÓòµÄÍ걸¹¦ÄÜ£¬ÎÒÃǽ«ÔÚ±¾ÊÖ²áµÄºóÃæ½éÉÜ¡£
1.2. ÀúÊ·
Acegi SecurityʼÓÚ2003ÄêÍíÆÚ£¬µ±Ê±ÔÚSpring DevelopersÓʼþÁбíÖÐÓÐÈËÌáÎÊÊÇ·ñÓÐÈË¿¼ÂÇÌṩһ¸ö»ùÓÚSpringµÄ°²È«ÊµÏÖ¡£µ±Ê±£¬SrpingµÄÉçÇøÊÇÏà¶Ô±È½ÏСµÄ£¨ÓÈÆäÊǺͽñÌìÏà±È£¡£©£¬Êµ¼ÊÉÏSpring±¾ÉíÒ²ÊÇ2003ÄêÔçÆÚ²Å×÷Ϊһ¸öSourceForgeÏîÄ¿³öÏֵġ£¶Ô´ËÎÊÌâµÄ»ØÓ¦ÊÇËüȷʵÊÇÒ»¸öÖµµÃÑо¿µÄÁìÓò£¬ËäÈ»ÏÞÓÚʱ¼äÎÞ·¨½øÐÐÉîÈë¡£
ÓмøÓÚ´Ë£¬Õâ¸ö¼òµ¥µÄ°²È«ÊµÏÖËäÈ»¹¹½¨Á˵«ÊDz¢Ã»Óз¢²¼¡£¼¸ÖÜÒÔºó£¬SpringÉçÇøµÄÆäËû³ÉԱѯÎÊÁ˰²È«¿ò¼Ü£¬´úÂë¾Í±»Ìṩ¸øÁËËûÃÇ¡£
ËæºóÓÖÓÐÈËÇëÇ󣬵½ÁË2004ÄêÒ»Ô£¬´óÔ¼ÓÐ20ÈË×óÓÒÔÚʹÓÃÕâЩ´úÂë¡£ÁíÍâһЩÈ˼ÓÈëµ½ÕâЩÏÈÐеÄÓû§ÖÐÀ´£¬²¢½¨Ò齨Á¢Ò»¸öSourceForgeÏîÄ¿£¬Õâ¸öÏîÄ¿ÔÚ2004Äê3Ô½¨Á¢ÆðÀ´¡£
ÔÚÔçÆÚ£¬¸ÃÏîÄ¿×ÔÉí²¢²¼¾ß±¸ÈκÎÈÏ֤ģ¿é¡£ÈÏÖ¤¹ý³ÌÒÀÀµÈÝÆ÷¹ÜÀí°²È«£¨Container Managed Security£©¶øAcegi Security×¢ÖØÊÚȨ¡£ÔÚÒ»¿ªÊ¼ÕâÑùÊǺÏÊʵ쬵«ÊÇËæ×ÅÔ½À´Ô½¶àµÄÓû§ÒªÇó¶îÍâµÄÈÝÆ÷Ö§³Ö£¬»ùÓÚÈÝÆ÷µÄÈÏÖ¤µÄÏÞÖÆ¾ÍÏÔʾ³öÀ´ÁË¡£ÁíÍâÒ»¸öÏà¹ØµÄÎÊÌâÊÇÌí¼ÓеÄJARÎļþµ½ÈÝÆ÷µÄclasspath£¬Í¨³£»áÈÃ×îÖÕÓû§¸Ðµ½À§»ó²¢ÇÒÅäÖôíÎó¡£
Ëæºó£¬Acegi Security¼ÓÈëÁËÈÏÖ¤·þÎñ¡£´óÔ¼Ò»Äêºó£¬Acegi Security³ÉΪÁËÒ»¸öSpring Framework¹Ù·½×ÓÏîÄ¿¡£ÔÚ2Äê°ë¶àµÄÔÚ¶à¸öÈí¼þÏîÄ¿ÖеĻîԾʹÓÃÒÔ¼°ÊýÒ԰ټƵĸĽøºÍÉçÇø¹±Ï×£¬
½ñÌ죬Acegi Security³ÉΪһ¸öÇ¿´ó¶ø»îÔ¾µÄÉçÇø¡£ÔÚÖ§³ÖÂÛ̳ÉÏÓÐÊýÒÔǧ¼ÆµÄÌû×Ó¡£14λ¿ª·¢ÈËԱרְ¿ª·¢£¬Ò»¸ö»îÔ¾µÄÉçÇøÒ²¶¨ÆÚ¹²Ïí²¹¶¡²¢Ö§³ÖËûÃǵÄͬ١£
1.3. ·¢Ðа汾ºÅ
Àí½âAcegi SecurityµÄ°æ±¾ºÅÊǷdz£ºÃ´¦µÄ£¬Ëü¿ÉÒÔ°ïÖúÄãÅж¨Éý¼¶µÄµ½Ðµİ汾ÊÇ·ñÐèÒª»¨·ÑºÜ´ó¾«Á¦¡£ÎÒÃǵÄÕýʽ·¢Ðа汾ʹÓÃApache Portable Runtime Project°æ±¾Ö¸Òý£¬¿ÉÒÔÔÚÏÂÊöÍøÕ¾²é¿´http://apr.apache.org/versioning.html¡£ÎªÁËÄú²é¿´·½±ã£¬ÎÒÃÇÒýÓøÃÒ³µÄ˵Ã÷²¿·ÖÈçÏ£º
“°æ±¾ºÅÓÉÈý¸ö²¿·ÖµÄÕûÊý×é³É£ºÖ÷°æ±¾ºÅ£¨MAJOR£©¡¢¸±°æ±¾ºÅ£¨MINOR£©¡¢²¹¶¡°æ±¾ºÅ£¨PATCH£©¡£Ö÷ÒªµÄº¬ÒåÊÇÖ÷°æ±¾ºÅ£¨MAJOR£©ÊDz»¼æÈݵģ¬API´ó¹æÄ£Éý¼¶¡£¸±°æ±¾ºÅ£¨MINOR£©ÔÚÔ´ÎļþºÍ¿ÉÖ´ÐаæºÍÀϰ汾±£³Ö¼æÈÝ£¬²¹¶¡°æ±¾ºÅ£¨PATCH£©ÔòÒâζ×ÅÏòǰºÍÏòºóµÄÍêÈ«¼æÈÝ”¡£
°²»ÕлªµçÄÔѧУרҵְҵ¹æ»®Ê¦ÎªÄãÌṩ¸ü¶à°ïÖú¡¾ÔÚÏß×Éѯ¡¿