论文部分内容阅读
任何一个完整的应用系统,完善的认证和授权机制是必不可少的。传统的做法是通过编写代码,在actions或servlets中判断登录的用户是否有权限访问该资源,这样就使安全逻辑和业务逻辑耦合在一起,这与软件系统要求高内聚,低耦合的原则相违背。Spring框架是一个优秀的多层J2EE系统框架,Spring本身没有提供对系统的安全性支持。Acegi是一个基于Spring的安全架构,所有的安全逻辑通过Spring的标准配置文件的定义就可实现,系统的业务逻辑和安全逻辑完全分离,采用Acegi安全框架不仅节省工作量,提高编码效率,同时提高代码质量。本文探讨了Ace-gi安全框架中各部件之间的交互,并通过扩展Acegi数据库设计来实现基于Spring框架的应用的安全控制方法。
Any complete application system, perfect authentication and authorization mechanism is essential. The traditional approach is to write the code in the actions or servlets to determine whether the logged-in user has permission to access the resource, so that the security logic and business logic coupled with the software system requirements of high cohesion, the principle of low coupling Violation. Spring framework is an excellent multi-tier J2EE system framework, Spring itself does not provide security support for the system. Acegi is a Spring-based security architecture. All the security logic can be realized through the definition of Spring’s standard configuration file. The business logic and security logic of the system are completely separated. Using the Acegi security framework not only saves workload and improves coding efficiency, Code quality. This article explores the interaction between the components in the Ace-gi security framework and extends the security control approach of the Spring Framework-based application by extending the Acegi database design.