Spring Security(二十五):7. Sample Applications
There are several sample web applications that are available with the project. To avoid an overly large download, only the "tutorial" and "contacts" samples are included in the distribution zip file. The others can be built directly from the source which you can obtain as described in the introduction
7.1 Tutorial Sample(教程示例)
The tutorial sample is a nice basic example to get you started. It uses simple namespace configuration throughout. The compiled application is included in the distribution zip file, ready to be deployed into your web container (spring-security-samples-tutorial-3.1.x.war
). The form-based authentication mechanism is used in combination with the commonly-used
web.xml
entries) to your existing application. Only when this basic integration is achieved do we suggest you attempt adding in method authorization or domain object security.
我們建議您從教程示例開始,因為XML很小且易於遵循。最重要的是,您可以輕鬆地將這一個XML檔案(及其相應的web.xml條目)新增到現有應用程式中。只有在實現此基本整合時,我們才建議您嘗試新增方法授權或域物件安全性。
7.2 Contacts
The Contacts Sample is an advanced example in that it illustrates the more powerful features of domain object access control lists (ACLs) in addition to basic application security. The application provides an interface with which the users are able to administer a simple database of contacts (the domain objects).
Contacts Sample是一個高階示例,它說明了除基本應用程式安全性之外的域物件訪問控制列表(ACL)的更強大功能。該應用程式提供了一個介面,使用者可以使用該介面管理簡單的聯絡人資料庫(域物件)。 To deploy, simply copy the WAR file from Spring Security distribution into your container’swebapps
directory. The war should be called
spring-security-samples-contacts-3.1.x.war
(the appended version number will vary depending on what release you are using).
要部署,只需將WAR檔案從Spring Security發行版複製到容器的webapps目錄中。該戰爭應該被稱為spring-security-samples-contacts-3.1.x.war(附加的版本號將根據您使用的版本而有所不同)。
After starting your container, check the application can load. Visit
http://localhost:8080/contacts (or whichever URL is appropriate for your web container and the WAR you deployed).
啟動容器後,檢查應用程式是否可以載入。訪問http:// localhost:8080 / contacts(或適用於您的Web容器和您部署的WAR的URL)。
Next, click "Debug". You will be prompted to authenticate, and a series of usernames and passwords are suggested on that page. Simply authenticate with any of these and view the resulting page. It should contain a success message similar to the following:
接下來,單擊“除錯”。系統將提示您進行身份驗證,並在該頁面上建議一系列使用者名稱和密碼。只需使用其中任何一個進行身份驗證即可檢視生成的頁面。它應包含類似於以下內容的成功訊息:
Security Debug Information Authentication object is of type: org.springframework.security.authentication.UsernamePasswordAuthenticationToken Authentication object as a String: org.springframew[email protected]1f127853: Principal: [email protected]: Username: rod; \ Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; \ Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; \ Password: [PROTECTED]; Authenticated: true; \ Details: org.sprin[email protected]0: \ RemoteIpAddress: 127.0.0.1; SessionId: 8fkp8t83ohar; \ Granted Authorities: ROLE_SUPERVISOR, ROLE_USER Authentication object holds the following granted authorities: ROLE_SUPERVISOR (getAuthority(): ROLE_SUPERVISOR) ROLE_USER (getAuthority(): ROLE_USER) Success! Your web filters appear to be properly configured!
Once you successfully receive the above message, return to the sample application’s home page and click "Manage". You can then try out the application. Notice that only the contacts available to the currently logged on user are displayed, and only users with ROLE_SUPERVISOR
are granted access to delete their contacts. Behind the scenes, the MethodSecurityInterceptor
is securing the business objects.
7.3 LDAP Sample
The LDAP sample application provides a basic configuration and sets up both a namespace configuration and an equivalent configuration using traditional beans, both in the same application context file. This means there are actually two identical authentication providers configured in this application.
LDAP示例應用程式提供基本配置,並使用傳統bean在同一應用程式上下文檔案中設定名稱空間配置和等效配置。這意味著在此應用程式中實際配置了兩個相同的身份驗證提供程7.4 OpenID Sample
The OpenID sample demonstrates how to use the namespace to configure OpenID and how to set up attribute exchange configurations for Google, Yahoo and MyOpenID identity providers (you can experiment with adding others if you wish). It uses the JQuery-based openid-selector project to provide a user-friendly login page which allows the user to easily select a provider, rather than typing in the full OpenID identifier.
OpenID示例演示瞭如何使用名稱空間配置OpenID以及如何為Google,Yahoo和MyOpenID身份提供程式設定屬性交換配置(如果願意,可以嘗試新增其他配置)。它使用基於JQuery的openid-selector專案來提供使用者友好的登入頁面,允許使用者輕鬆選擇提供者,而不是鍵入完整的OpenID識別符號。 The application differs from normal authentication scenarios in that it allows any user to access the site (provided their OpenID authentication is successful). The first time you login, you will get a "Welcome [your name]"" message. If you logout and log back in (with the same OpenID identity) then this should change to "Welcome Back". This is achieved by using a customUserDetailsService
which assigns a standard role to any user and stores the identities internally in a map. Obviously a real application would use a database instead. Have a look at the source form more information. This class also takes into account the fact that different attributes may be returned from different providers and builds the name with which it addresses the user accordingly.
該應用程式與普通身份驗證方案的不同之處在於,它允許任何使用者訪問該站點(前提是他們的OpenID身份驗證成功)。第一次登入時,您將收到“歡迎[您的姓名]”訊息。如果您登出並重新登入(具有相同的OpenID身份),則應更改為“歡迎回來”。這是通過使用自定義UserDetailsService,它為任何使用者分配標準角色,並在內部將身份儲存在地圖中。顯然,真正的應用程式會使用資料庫。請檢視源表單中的更多資訊。此類還考慮了不同屬性的事實可以從不同的提供者返回,並相應地構建用於向用戶傳送的名稱。
7.5 CAS Sample
The CAS sample requires that you run both a CAS server and CAS client. It isn’t included in the distribution so you should check out the project code as described in the introduction. You’ll find the relevant files under the sample/cas
directory. There’s also a Readme.txt
file in there which explains how to run both the server and the client directly from the source tree, complete with SSL support.
7.6 JAAS Sample
The JAAS sample is very simple example of how to use a JAAS LoginModule with Spring Security. The provided LoginModule will successfully authenticate a user if the username equals the password otherwise a LoginException is thrown. The AuthorityGranter used in this example always grants the role ROLE_USER. The sample application also demonstrates how to run as the JAAS Subject returned by the LoginModule by setting jaas-api-provision equal to "true".
JAAS示例是如何在Spring Security中使用JAAS LoginModule的非常簡單的示例。如果使用者名稱等於密碼,則提供的LoginModule將成功驗證使用者,否則丟擲LoginException。本示例中使用的AuthorityGranter始終授予角色ROLE_USER。示例應用程式還演示瞭如何通過將jaas-api-provision設定為“true”來作為LoginModule返回的JAAS主題執行。7.7 Pre-Authentication Sample
This sample application demonstrates how to wire up beans from the pre-authentication framework to make use of login information from a Java EE container. The user name and roles are those setup by the container.
The code is in samples/preauth
.