Spring Security（二十五）：7. Sample Applications

There are several sample web applications that are available with the project. To avoid an overly large download, only the "tutorial" and "contacts" samples are included in the distribution zip file. The others can be built directly from the source which you can obtain as described in the introduction. It’s easy to build the project yourself and there’s more information on the project web site at http://spring.io/spring-security/. All paths referred to in this chapter are relative to the project source directory.

项目提供了几个示例Web应用程序。为避免过大的下载，分发zip文件中仅包含“教程”和“联系人”示例。其他可以直接从您可以获得的源构建，如介绍中所述。自己构建项目很容易，有关项目网站的更多信息，请访问http://spring.io/spring-security/。本章中提到的所有路径都与项目源目录相关。

7.1 Tutorial Sample（教程示例）

The tutorial sample is a nice basic example to get you started. It uses simple namespace configuration throughout. The compiled application is included in the distribution zip file, ready to be deployed into your web container (spring-security-samples-tutorial-3.1.x.war). The form-based authentication mechanism is used in combination with the commonly-used remember-me authentication provider to automatically remember the login using cookies.

教程示例是一个很好的基本示例，可帮助您入门。它始终使用简单的命名空间配置已编译的应用程序包含在分发zip文件中，可以部署到您的Web容器中（spring-security-samples-tutorial-3.1.x.war）。基于表单的身份验证机制与常用的记住我身份验证提供程序结合使用，以使用cookie自动记住登录。

We recommend you start with the tutorial sample, as the XML is minimal and easy to follow. Most importantly, you can easily add this one XML file (and its corresponding web.xml entries) to your existing application. Only when this basic integration is achieved do we suggest you attempt adding in method authorization or domain object security.

我们建议您从教程示例开始，因为XML很小且易于遵循。最重要的是，您可以轻松地将这一个XML文件（及其相应的web.xml条目）添加到现有应用程序中。只有在实现此基本集成时，我们才建议您尝试添加方法授权或域对象安全性。

7.2 Contacts

The Contacts Sample is an advanced example in that it illustrates the more powerful features of domain object access control lists (ACLs) in addition to basic application security. The application provides an interface with which the users are able to administer a simple database of contacts (the domain objects).

Contacts Sample是一个高级示例，它说明了除基本应用程序安全性之外的域对象访问控制列表（ACL）的更强大功能。该应用程序提供了一个界面，用户可以使用该界面管理简单的联系人数据库（域对象）。

To deploy, simply copy the WAR file from Spring Security distribution into your container’s webapps directory. The war should be called spring-security-samples-contacts-3.1.x.war (the appended version number will vary depending on what release you are using).

要部署，只需将WAR文件从Spring Security发行版复制到容器的webapps目录中。该战争应该被称为spring-security-samples-contacts-3.1.x.war（附加的版本号将根据您使用的版本而有所不同）。

After starting your container, check the application can load. Visit http://localhost:8080/contacts (or whichever URL is appropriate for your web container and the WAR you deployed).

启动容器后，检查应用程序是否可以加载。访问http：// localhost：8080 / contacts（或适用于您的Web容器和您部署的WAR的URL）。

Next, click "Debug". You will be prompted to authenticate, and a series of usernames and passwords are suggested on that page. Simply authenticate with any of these and view the resulting page. It should contain a success message similar to the following:

接下来，单击“调试”。系统将提示您进行身份验证，并在该页面上建议一系列用户名和密码。只需使用其中任何一个进行身份验证即可查看生成的页面。它应包含类似于以下内容的成功消息：

Security Debug Information

Authentication object is of type:

org.springframework.security.authentication.UsernamePasswordAuthenticationToken

Authentication object as a String:

org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1f127853:

Principal: org.springframework.security.core.userdetails.User@b07ed00: Username: rod; \

Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;

credentialsNonExpired: true; AccountNonLocked: true; \

Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; \

Password: [PROTECTED]; Authenticated: true; \

Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: \

RemoteIpAddress: 127.0.0.1; SessionId: 8fkp8t83ohar; \

Granted Authorities: ROLE_SUPERVISOR, ROLE_USER

Authentication object holds the following granted authorities:

ROLE_SUPERVISOR (getAuthority(): ROLE_SUPERVISOR)

ROLE_USER (getAuthority(): ROLE_USER)

Success! Your web filters appear to be properly configured!

Once you successfully receive the above message, return to the sample application’s home page and click "Manage". You can then try out the application. Notice that only the contacts available to the currently logged on user are displayed, and only users with ROLE_SUPERVISOR are granted access to delete their contacts. Behind the scenes, the MethodSecurityInterceptor is securing the business objects.

成功收到上述消息后，返回示例应用程序的主页并单击“管理”。然后，您可以试用该应用程序。请注意，仅显示当前登录用户可用的联系人，并且只有具有ROLE_SUPERVISOR的用户才有权删除其联系人。在幕后，MethodSecurityInterceptor正在保护业务对象。

The application allows you to modify the access control lists associated with different contacts. Be sure to give this a try and understand how it works by reviewing the application context XML files.

该应用程序允许您修改与不同联系人关联的访问控制列表。请务必通过查看应用程序上下文XML文件来尝试并了解其工作原理。

7.3 LDAP Sample

The LDAP sample application provides a basic configuration and sets up both a namespace configuration and an equivalent configuration using traditional beans, both in the same application context file. This means there are actually two identical authentication providers configured in this application.

LDAP示例应用程序提供基本配置，并使用传统bean在同一应用程序上下文文件中设置命名空间配置和等效配置。这意味着在此应用程序中实际配置了两个相同的身份验证提供程

7.4 OpenID Sample

The OpenID sample demonstrates how to use the namespace to configure OpenID and how to set up attribute exchange configurations for Google, Yahoo and MyOpenID identity providers (you can experiment with adding others if you wish). It uses the JQuery-based openid-selector project to provide a user-friendly login page which allows the user to easily select a provider, rather than typing in the full OpenID identifier.

OpenID示例演示了如何使用命名空间配置OpenID以及如何为Google，Yahoo和MyOpenID身份提供程序设置属性交换配置（如果愿意，可以尝试添加其他配置）。它使用基于JQuery的openid-selector项目来提供用户友好的登录页面，允许用户轻松选择提供者，而不是键入完整的OpenID标识符。

The application differs from normal authentication scenarios in that it allows any user to access the site (provided their OpenID authentication is successful). The first time you login, you will get a "Welcome [your name]"" message. If you logout and log back in (with the same OpenID identity) then this should change to "Welcome Back". This is achieved by using a custom UserDetailsService which assigns a standard role to any user and stores the identities internally in a map. Obviously a real application would use a database instead. Have a look at the source form more information. This class also takes into account the fact that different attributes may be returned from different providers and builds the name with which it addresses the user accordingly.

该应用程序与普通身份验证方案的不同之处在于，它允许任何用户访问该站点（前提是他们的OpenID身份验证成功）。第一次登录时，您将收到“欢迎[您的姓名]”消息。如果您注销并重新登录（具有相同的OpenID身份），则应更改为“欢迎回来”。这是通过使用自定义UserDetailsService，它为任何用户分配标准角色，并在内部将身份存储在地图中。显然，真正的应用程序会使用数据库。请查看源表单中的更多信息。此类还考虑了不同属性的事实可以从不同的提供者返回，并相应地构建用于向用户发送的名称。

7.5 CAS Sample

The CAS sample requires that you run both a CAS server and CAS client. It isn’t included in the distribution so you should check out the project code as described in the introduction. You’ll find the relevant files under the sample/cas directory. There’s also a Readme.txt file in there which explains how to run both the server and the client directly from the source tree, complete with SSL support.

CAS示例要求您同时运行CAS服务器和CAS客户端。它不包含在发行版中，因此您应该按照简介中的说明查看项目代码。您将在sample / cas目录下找到相关文件。还有一个Readme.txt文件，其中解释了如何直接从源代码树运行服务器和客户端，完成SSL支持。

7.6 JAAS Sample

The JAAS sample is very simple example of how to use a JAAS LoginModule with Spring Security. The provided LoginModule will successfully authenticate a user if the username equals the password otherwise a LoginException is thrown. The AuthorityGranter used in this example always grants the role ROLE_USER. The sample application also demonstrates how to run as the JAAS Subject returned by the LoginModule by setting jaas-api-provision equal to "true".

JAAS示例是如何在Spring Security中使用JAAS LoginModule的非常简单的示例。如果用户名等于密码，则提供的LoginModule将成功验证用户，否则抛出LoginException。本示例中使用的AuthorityGranter始终授予角色ROLE_USER。示例应用程序还演示了如何通过将jaas-api-provision设置为“true”来作为LoginModule返回的JAAS主题运行。

7.7 Pre-Authentication Sample

This sample application demonstrates how to wire up beans from the pre-authentication framework to make use of login information from a Java EE container. The user name and roles are those setup by the container.

The code is in samples/preauth.

此示例应用程序演示了如何从预身份验证框架中连接Bean以使用来自Java EE容器的登录信息。用户名和角色是容器设置的用户名和角色。

代码在样本/ preauth中。