It so life

love as life

CAS 返回多个信息为空

Posted on

CAS 返回多个信息为空 - - ITeye技术网站 (2)

首页 资讯 精华 论坛 问答 博客 专栏 群组 更多 ▼

招聘 搜索

您还未登录 ! 登录 注册

liuzhiyi7288

CAS 返回多个信息为空 **

CAS client 端使用Filter 获得server端传回的信息,如果多个信息使用: Java代码 收藏代码

  1. assertion.getPrincipal().getAttributes()
    assertion.getPrincipal().getAttributes()来获得一个Map,但是有的时候Map中没有数据为null; 解决方案:配置deployerConfigContext.xml中名称为serviceRegistryDao的bean,如下 Java代码 收藏代码

  5. <bean class="org.jasig.cas.services.RegisteredServiceImpl"
  6. p:id="1"
  7. p:description="test"
  8. p:serviceId="http://192.168.104.101:8080//*"
  9. p:enabled="true"
  10. p:ssoEnabled="true"
  11. p:anonymousAccess="false">


  14. ,其中最重要的配置为: 这个属性决定了我们在client端获得map是否为null,如果不配置该属性则为null,该属性配置我们返回多个信息对应的key; 此处对应CAS SERVER端源码如下 CentralAuthenticationServiceImpl.java: Java代码 收藏代码

  15. // 获得deployerConfigContext.xml中serviceRegistryDao配置的registeredServices

  16. final RegisteredService registeredService = this.servicesManager

  17. .findServiceBy(service);
    // 获得deployerConfigContext.xml中serviceRegistryDao配置的registeredServices final RegisteredService registeredService = this.servicesManager .findServiceBy(service); allowwedAttributes配置对应的代码如下: Java代码 收藏代码

  18. ///

  19. /* 从principal.getAttributes()获得map后,获取registeredService的allowedAttributes属性,
  20. /* 可以对应的key存入返回客户端信息的中map中
  21. /*/
  22. for (final String attribute : registeredService
  23. .getAllowedAttributes()) {
  24. final Object value = principal.getAttributes().get(
  25. attribute);
  26. if (value != null) {
  27. attributes.put(attribute, value);
  28. }
  29. }
  31. final Principal modifiedPrincipal = new SimplePrincipal(
  32. principalId, attributes);
  34. final MutableAuthentication mutableAuthentication = new MutableAuthentication(
  35. modifiedPrincipal);
    /// / 从principal.getAttributes()获得map后,获取registeredService的allowedAttributes属性, / 可以对应的key存入返回客户端信息的中map中 /*/ for (final String attribute : registeredService .getAllowedAttributes()) { final Object value = principal.getAttributes().get( attribute); if (value != null) { attributes.put(attribute, value); } } final Principal modifiedPrincipal = new SimplePrincipal( principalId, attributes); final MutableAuthentication mutableAuthentication = new MutableAuthentication( modifiedPrincipal);; 希望对大家有所帮助 分享到:

CAS client 端添加初始化参数传到server端 | CAS 集成java 登录成功后空白页面

评论

1 楼 solomon 2011-10-31

不错,雪中送炭。 

发表评论

您还没有登录,请您登录后再发表评论

liuzhiyi7288的博客

liuzhiyi7288

mzmingly的博客

mzmingly

hasker的博客

hasker ninisui的博客

ninisui

dawnstars的博客

dawnstars

文章分类

存档分类

最新评论

Web安全工具大汇聚

Posted on

Web安全工具大汇聚

Test sites / testing grounds

SPI Dynamics (live) – http://zero.webappsecurity.com/ Cenzic (live) – http://crackme.cenzic.com/ Watchfire (live) – http://demo.testfire.net/ Acunetix (live) – http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com WebMaven / Buggy Bank – http://www.mavensecurity.com/webmaven Foundstone SASS tools – http://www.foundstone.com/us/resources-free-tools.asp Updated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html OWASP WebGoat – http://www.owasp.org/index.php/OWASP_WebGoat_Project OWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGenerator Stanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/ SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/

HTTP proxying / editing

WebScarab – http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Burp – http://www.portswigger.net/ Paros – http://www.parosproxy.org/ Fiddler – http://www.fiddlertool.com/ Web Proxy Editor – http://www.microsoft.com/mspress/companion/0-7356-2187-X/ Pantera – http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Suru – http://www.sensepost.com/research/suru/ httpedit (curses-based) – http://www.neutralbit.com/en/rd/httpedit/ Charles – http://www.xk72.com/charles/ Odysseus – http://www.bindshell.net/tools/odysseus Burp, Paros, and WebScarab for Mac OS X – http://www.corsaire.com/downloads/ Web-application scanning tool from `Network Security Tools’/O’Reilly – http://examples.oreilly.com/networkst/ JS Commander – http://jscmd.rubyforge.org/ Ratproxy – http://code.google.com/p/ratproxy/

RSnake’s XSS cheat sheet based-tools, webapp fuzzing, and encoding tools

Wfuzz – http://www.edge-security.com/wfuzz.php ProxMon – http://www.isecpartners.com/proxmon.html Wapiti – http://wapiti.sourceforge.net/ Grabber – http://rgaucher.info/beta/grabber/ XSSScan – http://darkcode.ath.cx/scanners/XSSscan.py CAL9000 – http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project HTMangLe – http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm JBroFuzz – http://sourceforge.net/projects/jbrofuzz XSSFuzz – http://ha.ckers.org/blog/20060921/xssfuzz-released/ WhiteAcid’s XSS Assistant – http://www.whiteacid.org/greasemonkey/ Overlong UTF – http://www.microsoft.com/mspress/companion/0-7356-2187-X/ [TGZ] MielieTool (SensePost Research) – http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz RegFuzzer: test your regular expression filter – http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter screamingCobra – http://www.dachb0den.com/projects/screamingcobra.html SPIKE and SPIKE Proxy – http://immunitysec.com/resources-freesoftware.shtml RFuzz – http://rfuzz.rubyforge.org/ WebFuzz – http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999 TestMaker – http://www.pushtotest.com/Docs/downloads/features.html ASP Auditor – http://michaeldaw.org/projects/asp-auditor-v2/ WSTool – http://wstool.sourceforge.net/ Web Hack Control Center (WHCC) – http://ussysadmin.com/whcc/ Web Text Converter – http://www.microsoft.com/mspress/companion/0-7356-2187-X/ HackBar (Firefox Add-on) – https://addons.mozilla.org/firefox/3899/ Net-Force Tools (NF-Tools, Firefox Add-on) – http://www.net-force.nl/library/downloads/ PostIntercepter (Greasemonkey script) – http://userscripts.org/scripts/show/743

HTTP general testing / fingerprinting

Wbox: HTTP testing tool – http://hping.org/wbox/ ht://Check – http://htcheck.sourceforge.net/ Mumsie – http://www.lurhq.com/tools/mumsie.html WebInject – http://www.webinject.org/ Torture.pl Home Page – http://stein.cshl.org/~lstein/torture/ JoeDog’s Seige – http://www.joedog.org/JoeDog/Siege/ OPEN-LABS: metoscan (http method testing) – http://www.open-labs.org/ Load-balancing detector – http://ge.mine.nu/lbd.html HMAP – http://ujeni.murkyroc.com/hmap/ Net-Square: httprint – http://net-square.com/httprint/ Wpoison: http stress testing – http://wpoison.sourceforge.net/ Net-square: MSNPawn – http://net-square.com/msnpawn/index.shtml hcraft: HTTP Vuln Request Crafter – http://druid.caughq.org/projects/hcraft/ rfp.labs: LibWhisker – http://www.wiretrip.net/rfp/lw.asp Nikto – http://www.cirt.net/code/nikto.shtml twill – http://twill.idyll.org/ DirBuster – http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project [ZIP] DFF Scanner – http://security-net.biz/files/dff/DFF.zip [ZIP] The Elza project – http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled – http://sf.net/projects/hackfox

Browser-based HTTP tampering / editing / replaying

TamperIE – http://www.bayden.com/Other/ isr-form – http://www.infobyte.com.ar/developments.html Modify Headers (Firefox Add-on) – http://modifyheaders.mozdev.org/ Tamper Data (Firefox Add-on) – http://tamperdata.mozdev.org/ UrlParams (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1290/ TestGen4Web (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1385/ DOM Inspector / Inspect This (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/ LiveHTTPHeaders / Header Monitor (Firefox Add-on) – http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/

[TGZ] stompy: session id tool – http://lcamtuf.coredump.cx/stompy.tgz Add’N Edit Cookies (AnEC, Firefox Add-on) – http://addneditcookies.mozdev.org/ CookieCuller (Firefox Add-on) – http://cookieculler.mozdev.org/ CookiePie (Firefox Add-on) – http://www.nektra.com/oss/firefox/extensions/cookiepie/ CookieSpy – http://www.codeproject.com/shell/cookiespy.asp Cookies Explorer – http://www.dutchduck.com/Features/Cookies.aspx

Ajax and XHR scanning

Sahi – http://sahi.co.in/ scRUBYt – http://scrubyt.org/ jQuery – http://jquery.com/ jquery-include – http://www.gnucitizen.org/projects/jquery-include Sprajax – http://www.denimgroup.com/sprajax.html Watir – http://wtr.rubyforge.org/ Watij – http://watij.com/ Watin – http://watin.sourceforge.net/ RBNarcissus – http://idontsmoke.co.uk/2005/rbnarcissus/ SpiderTest (Spider Fuzz plugin) – http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin Javascript Inline Debugger (jasildbg) – http://jasildbg.googlepages.com/ Firebug Lite – http://www.getfirebug.com/lite.html firewaitr – http://code.google.com/p/firewatir/

RSS extensions and caching

LiveLines (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/324/ rss-cache – http://www.dubfire.net/chris/projects/rss-cache/

SQL injection scanning

0×90.org: home of Absinthe, Mezcal, etc – http://0×90.org/releases.php SQLiX – http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project sqlninja: a SQL Server injection and takover tool – http://sqlninja.sourceforge.net/ JustinClarke’s SQL Brute – http://www.justinclarke.com/archives/2006/03/sqlbrute.html BobCat – http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html sqlmap – http://sqlmap.sourceforge.net/ Scully: SQL Server DB Front-End and Brute-Forcer – http://www.sensepost.com/research/scully/ FG-Injector – http://www.flowgate.net/?lang=en&seccion=herramientas PRIAMOS – http://www.priamos-project.com/

Web application security malware, backdoors, and evil code

W3AF: Web Application Attack and Audit Framework – http://w3af.sourceforge.net/ Jikto – http://busin3ss.name/jikto-in-the-wild/ XSS Shell – http://ferruh.mavituna.com/article/?1338 XSS-Proxy – http://xss-proxy.sourceforge.net AttackAPI – http://www.gnucitizen.org/projects/attackapi/ FFsniFF – http://azurit.elbiahosting.sk/ffsniff/ HoneyBlog’s web-based junkyard – http://honeyblog.org/junkyard/web-based/ BeEF – http://www.bindshell.net/tools/beef/ Firefox Extension Scanner (FEX) – http://www.gnucitizen.org/projects/fex/ What is my IP address? – http://reglos.de/myaddress/ xRumer: blogspam automation tool – http://www.botmaster.net/movies/XFull.htm SpyJax – http://www.merchantos.com/makebeta/tools/spyjax/ Greasecarnaval – http://www.gnucitizen.org/projects/greasecarnaval Technika – http://www.gnucitizen.org/projects/technika/ Load-AttackAPI bookmarklet – http://www.gnucitizen.org/projects/load-attackapi-bookmarklet MD’s Projects: JS port scanner, pinger, backdoors, etc – http://michaeldaw.org/my-projects/

Web application services that aid in web application security assessment

Netcraft – http://www.netcraft.net AboutURL – http://www.abouturl.com/ The Scrutinizer – http://www.scrutinizethis.com/ net.toolkit – http://clez.net/ ServerSniff – http://www.serversniff.net/ Online Microsoft script decoder – http://www.greymagic.com/security/tools/decoder/ Webmaster-Toolkit – http://www.webmaster-toolkit.com/ myIPNeighbbors, et al – http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address PHP charset encoding – http://h4k.in/encoding data: URL testcases – http://h4k.in/dataurl

Browser-based security fuzzing / checking

Zalewski’s MangleMe – http://lcamtuf.coredump.cx/mangleme/mangle.cgi hdm’s tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan – http://metasploit.com/users/hdm/tools/ Peach Fuzzer Framework – http://peachfuzz.sourceforge.net/ TagBruteForcer – http://research.eeye.com/html/tools/RT20060801-3.html PROTOS Test-Suite: c05-http-reply – http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html COMRaider – http://labs.idefense.com bcheck – http://bcheck.scanit.be/bcheck/ Stop-Phishing: Projects page – http://www.indiana.edu/~phishing/?projects LinkScanner – http://linkscanner.explabs.com/linkscanner/default.asp BrowserCheck – http://www.heise-security.co.uk/services/browsercheck/ Cross-browser Exploit Tests – http://www.jungsonnstudios.com/cool.php Stealing information using DNS pinning demo – http://www.jumperz.net/index.php?i=2&a=1&b=7 Javascript Website Login Checker – http://ha.ckers.org/weird/javascript-website-login-checker.html Mozilla Activex – http://www.iol.ie/~locka/mozilla/mozilla.htm Jungsonn’s Black Dragon Project – http://blackdragon.jungsonnstudios.com/ Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) – http://ha.ckers.org/mr-t/ Vulnerable Adobe Plugin Detection For UXSS PoC – http://www.0×000000.com/?i=324 About Flash: is your flash up-to-date? – http://www.macromedia.com/software/flash/about/ Test your installation of Java software – http://java.com/en/download/installed.jsp?detect=jre&try=1 WebPageFingerprint – Light-weight Greasemonkey Fuzzer – http://userscripts.org/scripts/show/30285

PHP static analysis and file inclusion scanning

PHP-SAT.org: Static analysis for PHP – http://www.program-transformation.org/PHP/ Unl0ck Research Team: tool for searching in google for include bugs – http://unl0ck.net/tools.php FIS: File Inclusion Scanner – http://www.segfault.gr/index.php?cat_id=3&cont_id=25 PHPSecAudit – http://developer.spikesource.com/projects/phpsecaudit

PHP Defensive Tools

PHPInfoSec – Check phpinfo configuration for security – http://phpsec.org/projects/phpsecinfo/

A Greasemonkey Replacement can be found at http://yehg.net/lab//#tools.greasemonkey Php-Brute-Force-Attack Detector – Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc.http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip PHP-Login-Info-Checker – Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic

http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip

http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip php-DDOS-Shield – A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/ PHPMySpamFIGHTER – http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar

Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources

APIDS on Wikipedia – http://en.wikipedia.org/wiki/APIDS PHP Intrusion Detection System (PHP-IDS) – http://php-ids.org/ http://code.google.com/p/phpids/ dotnetids – http://code.google.com/p/dotnetids/ Secure Science InterScout – http://www.securescience.com/home/newsandevents/news/interscout1.0.html Remo: whitelist rule editor for mod_security – http://remo.netnea.com/ GotRoot: ModSecuirty rules – http://www.gotroot.com/tiki-index.php?page=mod_security+rules The Web Security Gateway (WSGW) – http://wsgw.sourceforge.net/ mod_security rules generator – http://noeljackson.com/tools/modsecurity/ Mod_Anti_Tamper – http://www.wisec.it/projects.php?id=3 [TGZ] Automatic Rules Generation for Mod_Security – http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz AQTRONIX WebKnight – http://www.aqtronix.com/?PageID=99 Akismet: blog spam defense – http://akismet.com/ Samoa: Formal tools for securing web services – http://research.microsoft.com/projects/samoa/

Web services enumeration / scanning / fuzzing

WebServiceStudio2.0 – http://www.codeplex.com/WebserviceStudio Net-square: wsChess – http://net-square.com/wschess/index.shtml WSFuzzer – http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project SIFT: web method search tool – http://www.sift.com.au/73/171/sift-web-method-search-tool.htm iSecPartners: WSMap, WSBang, etc – http://www.isecpartners.com/tools.html

Web application non-specific static source-code analysis

Pixy: a static analysis tool for detecting XSS vulnerabilities – http://www.seclab.tuwien.ac.at/projects/pixy/ Brixoft.Net: Source Edit – http://www.brixoft.net/prodinfo.asp?id=1 Security compass web application auditing tools (SWAAT) – http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project An even more complete list here – http://www.cs.cmu.edu/~aldrich/courses/654/tools/ A nice list that claims some demos available – http://www.cs.cmu.edu/~aldrich/courses/413/tools.html A smaller, but also good list – http://spinroot.com/static/ Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/

Static analysis for C/C++ (CGI, ISAPI, etc) in web applications

RATS – http://www.securesoftware.com/resources/download_rats.html ITS4 – http://www.cigital.com/its4/ FlawFinder – http://www.dwheeler.com/flawfinder/ Splint – http://www.splint.org/ Uno – http://spinroot.com/uno/ BOON (Buffer Overrun detectiON) – http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net Valgrind – http://www.valgrind.org/

Java static analysis, security frameworks, and web application security tools

LAPSE – http://suif.stanford.edu/~livshits/work/lapse/ HDIV Struts – http://hdiv.org/ Orizon – http://sourceforge.net/projects/orizon/ FindBugs: Find bugs in Java programs – http://findbugs.sourceforge.net/ PMD – http://pmd.sourceforge.net/ CUTE: A Concolic Unit Testing Engine for C and Java – http://osl.cs.uiuc.edu/~ksen/cute/ EMMA – http://emma.sourceforge.net/ JLint – http://jlint.sourceforge.net/ Java PathFinder – http://javapathfinder.sourceforge.net/ Fujaba: Move between UML and Java source code – http://wwwcs.uni-paderborn.de/cs/fujaba/ Checkstyle – http://checkstyle.sourceforge.net/ Cookie Revolver Security Framework – http://sourceforge.net/projects/cookie-revolver tinapoc – http://sourceforge.net/projects/tinapoc jarsigner – http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html Solex – http://solex.sourceforge.net/ Java Explorer – http://metal.hurlant.com/jexplore/ HTTPClient – http://www.innovation.ch/java/HTTPClient/ another HttpClient – http://jakarta.apache.org/commons/httpclient/ a list of code coverage and analysis tools for Java – http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html

Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C/# and VB.NET

Threat modeling

Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) – http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Amenaza: Attack Tree Modeling (SecurITree) – http://www.amenaza.com/software.php Octotrike – http://www.octotrike.org/

Add-ons for Firefox that help with general web application security

Web Developer Toolbar – https://addons.mozilla.org/firefox/60/ Plain Old Webserver (POW) – https://addons.mozilla.org/firefox/3002/ XML Developer Toolbar – https://addons.mozilla.org/firefox/2897/ Public Fox – https://addons.mozilla.org/firefox/3911/ XForms Buddy – http://beaufour.dk/index.php?sec=misc&pagename=xforms MR Tech Local Install – http://www.mrtech.com/extensions/local_install/ Nightly Tester Tools – http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html IE Tab – https://addons.mozilla.org/firefox/1419/ User-Agent Switcher – https://addons.mozilla.org/firefox/59/ ServerSwitcher – https://addons.mozilla.org/firefox/2409/ HeaderMonitor – https://addons.mozilla.org/firefox/575/ RefControl – https://addons.mozilla.org/firefox/953/ refspoof – https://addons.mozilla.org/firefox/667/ No-Referrer – https://addons.mozilla.org/firefox/1999/ LocationBar^2 – https://addons.mozilla.org/firefox/4014/ SpiderZilla – http://spiderzilla.mozdev.org/ Slogger – https://addons.mozilla.org/en-US/firefox/addon/143 Fire Encrypter – https://addons.mozilla.org/firefox/3208/

Add-ons for Firefox that help with Javascript and Ajax web application security

Selenium IDE – http://www.openqa.org/selenium-ide/ Firebug – http://www.joehewitt.com/software/firebug/ Venkman – http://www.mozilla.org/projects/venkman/ Chickenfoot – http://groups.csail.mit.edu/uid/chickenfoot/ Greasemonkey – http://www.greasespot.net/ Greasemonkey compiler – http://www.letitblog.com/greasemonkey-compiler/ User script compiler – http://arantius.com/misc/greasemonkey/script-compiler Extension Developer’s Extension (Firefox Add-on) – http://ted.mielczarek.org/code/mozilla/extensiondev/ Smart Middle Click (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/3885/

Bookmarklets that aid in web application security

RSnake’s security bookmarklets – http://ha.ckers.org/bookmarklets.html BMlets – http://optools.awardspace.com/bmlet.html Huge list of bookmarklets – http://www.squarefree.com/bookmarklets/ Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality – http://www.blummy.com/ Bookmarklets every blogger should have – http://www.micropersuasion.com/2005/10/bookmarklets_ev.html Flat Bookmark Editing (Firefox Add-on) – http://n01se.net/chouser/proj/mozhack/ OpenBook and Update Bookmark (Firefox Add-ons) – http://www.chuonthis.com/extensions/

SSL certificate checking / scanning

[ZIP] THCSSLCheck – http://thc.org/root/tools/THCSSLCheck.zip [ZIP] Foundstone SSLDigger – http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip Cert Viewer Plus (Firefox Add-on) – https://addons.mozilla.org/firefox/1964/

Honeyclients, Web Application, and Web Proxy honeypots

Honeyclient Project: an open-source honeyclient – http://www.honeyclient.org/trac/ HoneyC: the low-interaction honeyclient – http://honeyc.sourceforge.net/ Capture: a high-interaction honeyclient – http://capture-hpc.sourceforge.net/ Google Hack Honeypot – http://ghh.sourceforge.net/ PHP.Hop – PHP Honeynet Project – http://www.rstack.org/phphop/ SpyBye – http://www.monkey.org/~provos/spybye/ Honeytokens – http://www.securityfocus.com/infocus/1713

Blackhat SEO and maybe some whitehat SEO

SearchStatus (Firefox Add-on) – http://www.quirk.biz/searchstatus/ SEO for Firefox (Firefox Add-on) – http://tools.seobook.com/firefox/seo-for-firefox.html SEOQuake (Firefox Add-on) – http://www.seoquake.com/

Footprinting for web application security

Evolution – http://www.paterva.com/evolution-e.html GooSweep – http://www.mcgrewsecurity.com/projects/goosweep/ Aura: Google API Utility Tools – http://www.sensepost.com/research/aura/ Edge-Security tools – http://www.edge-security.com/soft.php Fierce Domain Scanner – http://ha.ckers.org/fierce/ Googlegath – http://www.nothink.org/perl/googlegath/ Advanced Dork (Firefox Add-on) – https://addons.mozilla.org/firefox/2144/ Passive Cache (Firefox Add-on) – https://addons.mozilla.org/firefox/977/ CacheOut! (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1453/ BugMeNot Extension (Firefox Add-on) – http://roachfiend.com/archives/2005/02/07/bugmenot/ TrashMail.net Extension (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1813/ DiggiDig (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2819/ Digger (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1467/

Database security assessment

Scuba by Imperva Database Vulnerability Scanner – http://www.imperva.com/scuba/

Browser Defenses

DieHard – http://www.diehard-software.org/ LocalRodeo (Firefox Add-on) – http://databasement.net/labs/localrodeo/ NoMoXSS – http://www.seclab.tuwien.ac.at/projects/jstaint/ Request Rodeo – http://savannah.nongnu.org/projects/requestrodeo FlashBlock (Firefox Add-on) – http://flashblock.mozdev.org/ CookieSafe (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2497 NoScript (Firefox Add-on) – http://www.noscript.net/ FormFox (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1579/ Adblock (Firefox Add-on) – http://adblock.mozdev.org/ httpOnly in Firefox (Firefox Add-on) – http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html SafeCache (Firefox Add-on) – http://www.safecache.com/ SafeHistory (Firefox Add-on) – http://www.safehistory.com/ PrefBar (Firefox Add-on) – http://prefbar.mozdev.org/ All-in-One Sidebar (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1027/ QArchive.org web file checker (Firefox Add-on) – https://addons.mozilla.org/firefox/4115/ Update Notified (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2098/ FireKeeper – http://firekeeper.mozdev.org/ Greasemonkey: XSS Malware Script Detector – http://yehg.net/lab//#tools.greasemonkey

Browser Privacy

TrackMeNot (Firefox Add-on) – https://addons.mozilla.org/firefox/3173/ Privacy Bird – http://www.privacybird.com/

Application and protocol fuzzing (random instead of targeted)

Sulley – http://fuzzing.org/ taof: The Art of Fuzzing – http://sourceforge.net/projects/taof/ zzuf: multipurpose fuzzer – http://sam.zoy.org/zzuf/ autodafé: an act of software torture – http://autodafe.sourceforge.net/ EFS and GPF: Evolutionary Fuzzing System – http://www.appliedsec.com/resources.html 来源: [http://blog.chinaunix.net/uid-17085332-id-2832129.html](http://blog.chinaunix.net/uid-17085332-id-2832129.html)

EHCache的使用教程

Posted on

EHCache的使用教程-黑神领主的博客-dev26.com

分享到

百度分享

首页|文章|博客|开源

www.dev26.com

黑神领主的Web开发站博客

在 文章 博客 开源 论坛 中检索

个人资料

黑神领主

这家伙很懒,什么都没有留下……

等级: 20

加入时间:2011-12-05 22:36

发送消息

操作中心

所有文章

最新评论>>

你好,能不能把示例代码和xml发给我,我研究下自定义类,我这里用起来有点问题。谢谢 jiangdk85@126.com

上面的代码找不到ResourceDetailsBuilder这个类 上面已经是源码了哟,只是没有JAR包而已,你下载一下吧

大大共享下源码可以么? 是内存中的权限缓存,这样设置的权限可以即时生效 -

EHCache的使用教程

发表于2012-06-08 19:19 | 阅读 218 | 1人对此综合评价 5分

开发高并发量,高性能的网站应用系统时,缓存Cache起到了非常重要的作用。本文主要介绍EHCache的使用,以及使用EHCache的实践经验。 笔者使用过多种基于Java的开源Cache组件,其中包括OSCache、JBossCache、EHCache。OSCache功能强大,使用灵活,可用于对象缓存、Filter缓存以及在JSP中直接使用cache标签。笔者在最近的使用过程中发现,在并发量较高时,OSCache会出现线程阻塞和数据错误,通过分析源代码发现是其内部实现的缺陷。JBossCache最大的优点是支持基于对象属性的集群同步,不过JBossCache的配置使用都较复杂,在并发量较高的情况下,对象属性数据在集群中同步也会加大系统的开销。以上两种Cache本文仅作简单介绍,不做深入探讨。 EHCache是来自sourceforge(http://ehcache.sourceforge.net/)的开源项目,也是纯Java实现的简单、快速的Cache组件。EHCache支持内存和磁盘的缓存,支持LRU、LFU和FIFO多种淘汰算法,支持分布式的Cache,可以作为Hibernate的缓存插件。同时它也能提供基于Filter的Cache,该Filter可以缓存响应的内容并采用Gzip压缩提高响应速度。

 EHCache API的基本用法 首先介绍CacheManager类。它主要负责读取配置文件,默认读取CLASSPATH下的ehcache.xml,根据配置文件创建并管理Cache对象。 1

2 3

4 5

6 7

8 9

10 11

12 13

14 15

16 // 使用默认配置文件创建CacheManager

CacheManager manager = CacheManager.create(); // 通过manager可以生成指定名称的Cache对象

Cache cache = cache = manager.getCache(

"demoCache"

); // 使用manager移除指定名称的Cache对象

manager.removeCache(

"demoCache"

); 可以通过调用manager.removalAll()来移除所有的Cache。通过调用manager的shutdown()方法可以关闭CacheManager。

有了Cache对象之后就可以进行一些基本的Cache操作,例如: //往cache中添加元素

Element element =

new

Element(

"key"

,

"value"

); cache.put(element);

//从cache中取回元素 Element element = cache.get(

"key"

);

element.getValue(); //从Cache中移除一个元素

cache.remove(

"key"

);

可以直接使用上面的API进行数据对象的缓存,这里需要注意的是对于缓存的对象都是必须可序列化的。在下面的篇幅中笔者还会介绍EHCache和Spring、Hibernate的整合使用。

 配置文件 配置文件ehcache.xml中命名为demoCache的缓存配置: 1

2 3

4 5

6 7<

cache

name

=

"demoCache"

maxElementsInMemory

=

"10000" eternal

=

"false"

overflowToDisk

=

"true" timeToIdleSeconds

=

"300"

timeToLiveSeconds

=

"600" memoryStoreEvictionPolicy

=

"LFU"

/>

各配置参数的含义: maxElementsInMemory:缓存中允许创建的最大对象数 eternal:缓存中对象是否为永久的,如果是,超时设置将被忽略,对象从不过期。 timeToIdleSeconds:缓存数据的钝化时间,也就是在一个元素消亡之前,两次访问时间的最大时间间隔值,这只能在元素不是永久驻留时有效,如果该值是 0 就意味着元素可以停顿无穷长的时间。 timeToLiveSeconds:缓存数据的生存时间,也就是一个元素从构建到消亡的最大时间间隔值,这只能在元素不是永久驻留时有效,如果该值是0就意味着元素可以停顿无穷长的时间。 overflowToDisk:内存不足时,是否启用磁盘缓存。 memoryStoreEvictionPolicy:缓存满了之后的淘汰算法。LRU和FIFO算法这里就不做介绍。LFU算法直接淘汰使用比较少的对象,在内存保留的都是一些经常访问的对象。对于大部分网站项目,该算法比较适用。 如果应用需要配置多个不同命名并采用不同参数的Cache,可以相应修改配置文件,增加需要的Cache配置即可。

 利用Spring APO整合EHCache 首先,在CLASSPATH下面放置ehcache.xml配置文件。在Spring的配置文件中先添加如下cacheManager配置: 1

2 3

4 5

6 7

8 9

10

配置demoCache:

demoCache

接下来,写一个实现org.aopalliance.intercept.MethodInterceptor接口的拦截器类。有了拦截器就可以有选择性的配置想要缓存的 bean 方法。如果被调用的方法配置为可缓存,拦截器将为该方法生成 cache key 并检查该方法返回的结果是否已缓存。如果已缓存,就返回缓存的结果,否则再次执行被拦截的方法,并缓存结果供下次调用。具体代码如下:

1

2 3

4 5

6 7

8 9

10 11

12 13

14 15

16 17

18 19

20 21

22 23

24 25

26 27

28 29

30 31

32 33

34 35

36 37

38 39

40 41

42 43

44 public

class

MethodCacheInterceptor

implements

MethodInterceptor,

InitializingBean { private

Cache cache;

public

void

setCache(Cache cache) {

this

.cache = cache; }

public

void

afterPropertiesSet()

throws

Exception {

Assert.notNull(cache, "A cache is required. Use setCache(Cache) to provide one."

);

}

public

Object invoke(MethodInvocation invocation)

throws

Throwable { String targetName = invocation.getThis().getClass().getName();

String methodName = invocation.getMethod().getName(); Object[] arguments = invocation.getArguments();

Object result; String cacheKey = getCacheKey(targetName, methodName, arguments);

Element element =

null

; synchronized

(

this

){

element = cache.get(cacheKey); if

(element ==

null

) {

//调用实际的方法 result = invocation.proceed();

element =

new

Element(cacheKey, (Serializable) result); cache.put(element);

} }

return

element.getValue(); }

private

String getCacheKey(String targetName, String methodName,

Object[] arguments) { StringBuffer sb =

new

StringBuffer();

sb.append(targetName).append(

"."

).append(methodName); if

((arguments !=

null

) && (arguments.length !=

0

)) {

for

(

int

i =

0

; i < arguments.length; i++) { sb.append(

"."

).append(arguments[i]);

} }

return

sb.toString(); }

}

synchronized (this)这段代码实现了同步功能。为什么一定要同步?Cache对象本身的get和put操作是同步的。如果我们缓存的数据来自数据库查询,在没有这段同步代码时,当key不存在或者key对应的对象已经过期时,在多线程并发访问的情况下,许多线程都会重新执行该方法,由于对数据库进行重新查询代价是比较昂贵的,而在瞬间大量的并发查询,会对数据库服务器造成非常大的压力。所以这里的同步代码是很重要的。

接下来,继续完成拦截器和Bean的配置: 1

2 3

4 5

6 7

8 9

10 11

12 13

14 15<

bean

id

=

"methodCacheInterceptor"

class

=

"com.xiebing.utils.interceptor.MethodCacheInterceptor"

>

<

property

name

=

"cache"

> <

ref

local

=

"demoCache"

/>

</

property

> </

bean

>

<

bean

id

=

"methodCachePointCut"

class

=

"org.springframework.aop.support.RegexpMethodPointcutAdvisor"

> <

property

name

=

"advice"

>

<

ref

local

=

"methodCacheInterceptor"

/> </

property

>

<

property

name

=

"patterns"

> <

list

>

<

value

./*myMethod</

value

> </

list

>

</

property

> </

bean

>

1

2 3

4 5

6 7

8 9

10 11

12 13<

bean

id

=

"myServiceBean"

class

=

"com.xiebing.ehcache.spring.MyServiceBean"

> </

bean

>

<

bean

id

=

"myService"

class

=

"org.springframework.aop.framework.ProxyFactoryBean"

> <

property

name

=

"target"

>

<

ref

local

=

"myServiceBean"

/> </

property

>

<

property

name

=

"interceptorNames"

> <

list

>

<

value

methodCachePointCut</

value

> </

list

>

</

property

> </

bean

>

其中myServiceBean是实现了业务逻辑的Bean,里面的方法myMethod()的返回结果需要被缓存。这样每次对myServiceBean的myMethod()方法进行调用,都会首先从缓存中查找,其次才会查询数据库。使用AOP的方式极大地提高了系统的灵活性,通过修改配置文件就可以实现对方法结果的缓存,所有的对Cache的操作都封装在了拦截器的实现中。

 CachingFilter功能 使用Spring的AOP进行整合,可以灵活的对方法的的返回结果对象进行缓存。CachingFilter功能可以对HTTP响应的内容进行缓存。这种方式缓存数据的粒度比较粗,例如缓存整张页面。它的优点是使用简单、效率高,缺点是不够灵活,可重用程度不高。 EHCache使用SimplePageCachingFilter类实现Filter缓存。该类继承自CachingFilter,有默认产生cache key的calculateKey()方法,该方法使用HTTP请求的URI和查询条件来组成key。也可以自己实现一个Filter,同样继承CachingFilter类,然后覆写calculateKey()方法,生成自定义的key。 在笔者参与的项目中很多页面都使用AJAX,为保证JS请求的数据不被浏览器缓存,每次请求都会带有一个随机数参数i。如果使用SimplePageCachingFilter,那么每次生成的key都不一样,缓存就没有意义了。这种情况下,我们就会覆写calculateKey()方法。

要使用SimplePageCachingFilter,首先在配置文件ehcache.xml中,增加下面的配置: 1

2 3

4 5

6 7

8 9

10 11

12 <

cache

name

=

"SimplePageCachingFilter"

maxElementsInMemory

=

"10000"

eternal

=

"false"

overflowToDisk

=

"false"

timeToIdleSeconds

=

"300"

timeToLiveSeconds

=

"600" memoryStoreEvictionPolicy

=

"LFU"

/>

其中name属性必须为SimplePageCachingFilter,修改web.xml文件,增加一个Filter的配置: <

filter

>

<

filter-name

SimplePageCachingFilter</

filter-name

> <

filter-class

net.sf.ehcache.constructs.web.filter.SimplePageCachingFilter</

filter-class

>

</

filter

> <

filter-mapping

>

<

filter-name

SimplePageCachingFilter</

filter-name

> <

url-pattern

/test.jsp</

url-pattern

>

</

filter-mapping

>

下面我们写一个简单的test.jsp文件进行测试,缓存后的页面每次刷新,在600秒内显示的时间都不会发生变化的。代码如下:

1

2 3<%

out.println(

new

Date()); %>

CachingFilter输出的数据会根据浏览器发送的Accept-Encoding头信息进行Gzip压缩。经过笔者测试,Gzip压缩后的数据量是原来的1/4,速度是原来的4-5倍,所以缓存加上压缩,效果非常明显。 在使用Gzip压缩时,需注意两个问题:

  1. Filter在进行Gzip压缩时,采用系统默认编码,对于使用GBK编码的中文网页来说,需要将操作系统的语言设置为:zh_CN.GBK,否则会出现乱码的问题。
  2. 默认情况下CachingFilter会根据浏览器发送的请求头部所包含的Accept-Encoding参数值来判断是否进行Gzip压缩。虽然IE6/7浏览器是支持Gzip压缩的,但是在发送请求的时候却不带该参数。为了对IE6/7也能进行Gzip压缩,可以通过继承CachingFilter,实现自己的Filter,然后在具体的实现中覆写方法acceptsGzipEncoding。

具体实现参考: 1

2 3

4 5protected

boolean

acceptsGzipEncoding(HttpServletRequest request) {

final

boolean

ie6 = headerContains(request,

"User-Agent"

,

"MSIE 6.0"

); final

boolean

ie7 = headerContains(request,

"User-Agent"

,

"MSIE 7.0"

);

return

acceptsEncoding(request,

"gzip"

) || ie6 || ie7; }

EHCache在Hibernate中的使用 EHCache可以作为Hibernate的二级缓存使用。在hibernate.cfg.xml中需增加如下设置:

1

2 3<

prop

key

=

"hibernate.cache.provider_class"

>

org.hibernate.cache.EhCacheProvider </

prop

>

然后在Hibernate映射文件的每个需要Cache的Domain中,加入类似如下格式信息:

比如:

1

2 3

4 5

6 7

8 9<

cache

usage

=

"read-write"

/>

最后在配置文件ehcache.xml中增加一段cache的配置,其中name为该domain的类名。 <

cache

name

=

"domain.class.name"

maxElementsInMemory

=

"10000" eternal

=

"false"

timeToIdleSeconds

=

"300" timeToLiveSeconds

=

"600"

overflowToDisk

=

"false" />

EHCache的监控 对于Cache的使用,除了功能,在实际的系统运营过程中,我们会比较关注每个Cache对象占用的内存大小和Cache的命中率。有了这些数据,我们就可以对Cache的配置参数和系统的配置参数进行优化,使系统的性能达到最优。EHCache提供了方便的API供我们调用以获取监控数据,其中主要的方法有:

1

2 3

4 5

6 7

8 //得到缓存中的对象数

cache.getSize(); //得到缓存对象占用内存的大小

cache.getMemoryStoreSize(); //得到缓存读取的命中次数

cache.getStatistics().getCacheHits() //得到缓存读取的错失次数

cache.getStatistics().getCacheMisses()

分布式缓存 EHCache从1.2版本开始支持分布式缓存。分布式缓存主要解决集群环境中不同的服务器间的数据的同步问题。具体的配置如下:

在配置文件ehcache.xml中加入 1

2 3

4 5<

cacheManagerPeerProviderFactory

class

=

"net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory" properties

=

"peerDiscovery=automatic, multicastGroupAddress=230.0.0.1, multicastGroupPort=4446"

/>

<

cacheManagerPeerListenerFactory class

=

"net.sf.ehcache.distribution.RMICacheManagerPeerListenerFactory"

/>

另外,需要在每个cache属性中加入

1

2 3

4 5

6 7

8 <

cacheEventListenerFactory

class

=

"net.sf.ehcache.distribution.RMICacheReplicatorFactory"

/>

例如: <

cache

name

=

"demoCache"

maxElementsInMemory

=

"10000" eternal

=

"true"

overflowToDisk

=

"true"

> <

cacheEventListenerFactory

class

=

"net.sf.ehcache.distribution.RMICacheReplicatorFactory"

/>

</

cache

>

总结 EHCache是一个非常优秀的基于Java的Cache实现。它简单、易用,而且功能齐全,并且非常容易与Spring、Hibernate等流行的开源框架进行整合。通过使用EHCache可以减少网站项目中数据库服务器的访问压力,提高网站的访问速度,改善用户的体验。

原文:http://blog.sina.com.cn/s/blog_46d5caa40100ka9z.html 更多 0

- 评分 请登录后再对此文章评分

列出所有评论

没有可显示的项目

发表您的评论

您尚未登录,无法发表评论 dev26登录为什么要登录后才能发表评论? 我们发现许多网站的大多数恶意评论(人身攻击,广告等)都是以匿名形式发布的,这样难以使一个技术社区形成一个和谐的讨论氛围。我们鼓励网友提出中肯的评论,留下您的身份也使得作者更容易与您交流。 您当前的登录名为** 评论:

加入收藏- 设为首页- 隐私保护- 联系我们- 获得帮助

Web开发站——为Web开发增添活力

版权所有 © 2011-2012 备案号:京ICP备12003253号-1

发送消息

EHCache分布式缓存集群环境配置

Posted on

EHCache分布式缓存集群环境配置 - 七郎 - 博客园

返回主页

七郎's Blog

草木竹石皆可為劒。至人之用人若鏡,不將不迎,應而不藏,故能勝物而不傷。

EHCache分布式缓存集群环境配置

ehcache提供三种网络连接策略来实现集群,rmi,jgroup还有jms。同时ehcache可以可以实现多播的方式实现集群,也可以手动指定集群主机序列实现集群。

Ehcache支持的分布式缓存支持有三种RMI,JGroups,JMS,这里介绍下MRI和JGrpups两种方式,Ehcache使用版本为1.5.0,关于ehcache的其他信息请参考http://ehcache.sourceforge.net/EhcacheUserGuide.html

关于jgroups的信息请参考http://www.jgroups.org/manual/html_single/index.html。

环境为两台机器 server1 ip:192.168.2.154,server2 ip:192.168.2.23

1. RMI方式:

rmi的方式配置要点(下面均是server1上的配置,server2上的只需要把ip兑换即可)

a. 配置PeerProvider:

Xml代码

配置中通过手动方式同步sever2中的userCache和resourceCache。

b. 配置CacheManagerPeerListener:

Xml代码

配置中server1监听本机40001端口。

c. 在每一个cache中添加cacheEventListener,例子如下:

Xml代码

属性解释:

必须属性:

    name:设置缓存的名称,用于标志缓存,惟一

    maxElementsInMemory:在内存中最大的对象数量

    maxElementsOnDisk:在DiskStore中的最大对象数量,如为0,则没有限制

    eternal:设置元素是否永久的,如果为永久,则timeout忽略

    overflowToDisk:是否当memory中的数量达到限制后,保存到Disk

可选的属性:

    timeToIdleSeconds:设置元素过期前的空闲时间

    timeToLiveSeconds:设置元素过期前的活动时间

    diskPersistent:是否disk store在虚拟机启动时持久化。默认为false

diskExpiryThreadIntervalSeconds:运行disk终结线程的时间,默认为120秒

    memoryStoreEvictionPolicy:策略关于Eviction

缓存子元素:

cacheEventListenerFactory:注册相应的的缓存监听类,用于处理缓存事件,如put,remove,update,和expire

bootstrapCacheLoaderFactory:指定相应的BootstrapCacheLoader,用于在初始化缓存,以及自动设置。

参考另外一篇学习笔记http://wozailongyou.javaeye.com/blog/230252,也有集群的说明

2. JGroups方式:

ehcache 1.5.0之后版本支持的一种方式,配置起来比较简单,要点:

a. 配置PeerProvider,使用tcp的方式,例子如下:

Xml代码

b.为每个cache添加cacheEventListener:

Xml代码

JGroup方式配置的两个server上的配置文件一样,若有多个server,在initial_hosts中将server ip加上即可。

一个完整的ehcache.xml文件:

Xml代码 <?xml version="1.0" encoding="UTF-8"?>

posted @ 2011-10-07 17:30 七郎 阅读(1963) 评论(0) 编辑 收藏

刷新页面返回顶部

(评论功能已被博主禁用) 程序员问答社区,解决您的技术难题

博客园首页博问新闻闪存程序员招聘知识库

公告

Copyright ©2012 七郎