package cn.net.cogent.summer.extension.acegisecurity.providers;
public interface UserKindComparisonAware {
public void setExpectedUserKind(String expectedUserKind);
public void setCurrentUserKind(String currentUserKind);
}
该接口说明实现类需要实现两个方法,setExpectedUserKind用于接受一个期望的用户类型标志(通常该标志通过配置来设置),setCurrentUserKind用于接受当前登录用户的用户类型标志(系统在运行时捕获,并传递给实现类)
编写MKUDaoAuthenticationProvider类:
package cn.net.cogent.summer.extension.acegisecurity.providers.dao;
import cn.net.cogent.summer.extension.acegisecurity.BadUserKindException;
import cn.net.cogent.summer.extension.acegisecurity.providers.UserKindComparisonAware;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.acegisecurity.userdetails.UserDetails;
import cn.net.cogent.summer.util.LoggerUtil;
public class MKUDaoAuthenticationProvider extends DaoAuthenticationProvider implements
UserKindComparisonAware {
private String expectedUserKind;
private String currentUserKind;
public String getExpectedUserKind() {
return expectedUserKind;
}
public void setExpectedUserKind(String expectedUserKind) {
this.expectedUserKind = expectedUserKind;
}
public String getCurrentUserKind() {
return currentUserKind;
}
public void setCurrentUserKind(String currentUserKind) {
this.currentUserKind = currentUserKind;
}
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
LoggerUtil.getLogger().debug("expectedUserKind = '" + expectedUserKind + "', currentUserKind = '" + currentUserKind + "'");
if (currentUserKind.equals(expectedUserKind))
super.additionalAuthenticationChecks(userDetails, authentication);
else
throw new BadUserKindException(
"Flag UserKind does not match");
}
}
该类继承自DaoAuthenticationProvider并实现UserKindComparisonAware接口,在additionalAuthenticationChecks方法中判断当前登录用户的用户类型标志与期望的用户类型标志是否一致,如果一致则执行父类的additionalAuthenticationChecks,完成验证;否则抛出一个BadUserKindException异常,表明验证失败。BadUserKindException继承自org.acegisecurity.AuthenticationException,具体的代码略
在applicationContext.xml中删除daoAuthenticationProvider相关的配置,增加如下配置:
<bean id="customerDaoAuthenticationProvider" class="cn.net.cogent.summer.extension.acegisecurity.providers.dao.MKUDaoAuthenticationProvider">
<property name="userDetailsService" ref="customerDao"/>
<property name="passwordEncoder" ref="passwordEncoder"/>
<property name="expectedUserKind" value="1"/>
</bean>
<bean id="userDaoAuthenticationProvider" class="cn.net.cogent.summer.extension.acegisecurity.providers.dao.MKUDaoAuthenticationProvider">
<property name="userDetailsService" ref="userDao"/>
<property name="passwordEncoder" ref="passwordEncoder"/>
<property name="expectedUserKind" value="0"/>
</bean>
可以看出customerDaoAuthenticationProvider仅用于验证客户(其expectedUserKind被指定为1),而userDaoAuthenticationProvider仅用于验证员工(其expectedUserKind被指定为0)。customerDao的配置如下:
<bean id="customerDao" class="cn.net.cogent.summer.extension.appfuse.dao.hibernate.CustomerDaoHibernate">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
CustomerDaoHibernate的代码如下:
