S********y
发帖数: 33 | 1 My group has one contractor position. Let me know if you are interested.
JOB TITLE
* Senior Java Developer with experience in Data Warehouse
SKILL OR EXPERIENCE:
* Should have over 7 years of experience
* J2EE, Design patterns, Spring Framework (Spring core, MVC, Transaction
Management, Annotation, Acegi, AOP), Hibernate 3.x or iBatis
* Ability to develop and understand complex SQL statements
* Working experience with Oracle Data Warehouse. Performance tuning with
SQL and PL/SQL is a plus.
* AJA |
|
g*****g
发帖数: 34805 | 2 Personally I use acegi, and of course servlet filter, but I believe that one
is even simpler. |
|
g*****g
发帖数: 34805 | 3 This is in a comparison of JSF vs. Wicket.
http://ptrthomas.wordpress.com/2007/05/14/a-wicket-user-tries-jsf/
I manage a project that started off innocently enough a year and half ago
using SpringMVC and JSTL markup for the presentation tier. Acegi managed
authentication/authorization. We soon added Displaytag for handling table
layouts, Struts-Menu for a menubar, and SiteMesh for page decorating.
Eventually we felt the need for more control over page navigation so we
added SpringWebflow and fou |
|
g*****g
发帖数: 34805 | 4 If you are doing web application, try Acegi, all you need to
is some xml configuration. |
|
S*********t
发帖数: 78 | 5 I am using ejb3
it seems acegi does not support ejb3 .
配置 |
|
t*******e
发帖数: 684 | 6 JAAS是low level API,vendors用的多,application developers一般用不到。JavaEE
specification没有cover存password的部分,所以这是vendor proprietary的。
tomcat,weblogic,websphere都有自己的一套办法,具体看你用那个web server了。用
acegi的话,就是portable的。 |
|
t*******e
发帖数: 684 | 7 Acegi is mostly an application-managed security framework. What you need is
container-managed security. |
|
|
b**********g
发帖数: 806 | 9 要给现在的一个application加上security,不能用form-based authentication.这个application是用EJB跟spring MVC做的.client call remote的action server,拿到data,然后用xml显示出来.
www.mycompany.com/app/person.xml?id=1&username=beerdrinking&password=pwd.已
经有个command parser,能拿到这些parameter的value.但是拿到username跟password以
后,应该怎么实现spring security呢? 多谢. |
|
t*******e
发帖数: 684 | 10 Try HTTP basic authentication. |
|
d**k
发帖数: 1223 | 11 我碰到一个很头大的问题:前后做了两个web application, 这儿就叫app1, app2. 两
个都是用spring security (实际上是acegi) 做authentication. 每个都跑的挺好的。
最近发现一个issue: 我不能用同一个browser同时打开两个app. 就是说,如果我用IE,
打开app1, 然后login, 没有任何问题。如果我再开同一个browser的新窗口,打开
app2, 然后login, 也没问题,但是第一个browser开的app1就被自动的log out 了。
app1 和 app2 都是deploy在同一个weblogic 11g 下面,但是各自有各自不同的
managed server, 用的端口也不一样。
Spring security 的人说这个更能 connected to how sessions are maintained
between the browser and your server.
然后建议我 monitor the session cookies and see whether the two |
|
g*****g
发帖数: 34805 | 12
举个很简单的例子,我想log所有service layer getXXXX方法的调用。不用AOP你
怎么注入。给所有的类注入logger然后log一次?这不是重复代码吗?这是很现实
的应用。比如Acegi用这个机制来做安全,Spring自己用这个机制来做declarative
transaction。这些都是在大量项目里面使用的。
Spring这个东西现在很大,不是啥都要用。但IoC跟AOP机制我还真没见什么人说
不好的。 |
|
