工具：

1. Windows 2003 sp1

2. svn-1.3.0-setup.exe SVN服务端软件

3. SVNService.exe  添加到Windows服务需要的工具

4. TortoiseSVN-1.4.0.7501-win32-svn-1.4.0.msi SVN客户端软件

5. LanguagePack-1.4.0.7501-win32-zh_CN.exe SVN客户端软件的中文语言包

相关下载：

1．Subversion

http://subversion.tigris.org

2．客户端软件TortoiseSVN

http://tortoisesvn.tigris.org

Eclipse 下使用的插件,需要在线更新

更新地址: http://subclipse.tigris.org/update_1.0.x

安装指南: http://subclipse.tigris.org/install.html

安装SVN服务器

1. 安装服务器软件

2. 将SVN添加到Windows服务

1. 新建一个文件夹用来存放库文件 c:\SVN

2. 运行命令:SVNService -install -d -r c:\svn 安装 Windows 服务

3. 通过Windows服务管理平台启动SVN服务

4. 其它命令

1. 改变服务设置:

运行命令:SVNService -setup -d -r <newsvnroot>

在实际操作中,<newsvnroot>代表与SubVersion服务启动时不同的电子仓库目录.

2. 删除服务:

运行命令:SVNService -remove

安装客户端工具

因为安装TortoiseSVN 需要重启系统，所以在这里略过安装步骤

配置SVN

1. 配置服务器

打开仓库目录下的 conf/svnserve.conf 文件

********************************************

[general]

# anon-access = read

# auth-access = write

password-db = passwd

authz-db = authz

——————————————–

去掉 password-db = passwd 和 authz-db = authz 的注释

前两行为匿名用户的权限

后两行为启用配置文件来对用户和权限进行管理

注意：所有配置信息必须顶格

2. 配置用户

打开仓库目录下的 conf/passwd 文件

[users]

admin=admin 等号左边为用户名，右边为密码

新增用户只需要在这里直接增加即可，如： oksonic = 123456

增加好用户以后需要重启SVN服务器

3. 配置工作组

打开仓库目录下的 conf/authz 文件，文件内容如下：

********************************************

# [groups]

# harry_and_sally = harry,sally

# [/foo/bar]

# harry = rw

# * =

# [repository:/baz/fuz]

# @harry_and_sally = rw

# * = r

——————————————–

因为所有配置信息都被注释掉了，所以所有的用户都有管理员的权限(所有目录的读/写)

[groups] 这里的内容为组的配置

把已经建好的两个用户合并为一个分组，用户名之内以逗号分隔，配置内容如下：

********************************************

[groups]

admin_group = admin,oksonic

——————————————–

4. 配置权限

SVN 的权限只有两个，1 是只读，2 是读/写

例：

********************************************

[/]

# 指定所有的仓库默认只读

* = r

# 指定 admin_group 组的用户对库中所有内容具有读/写权限

@admin_group = rw

——————————————–

[/] ：这里代表的仓库的目录，此为根目录

* = r : * 号代表所有的用户， r 为只读

现在需要建一个项目到仓库中

1. 在桌面建一个文件夹，如：SVN测试

2. 在目录中新建几个文件和文件夹以作测试

3. 使用客户端工具把目录中的所有文件加入到SVN服务器中的 test 目录中

补充哈:
SVN1.4.3 安装和配置:

1)下载svn-1.4.3-setup.exe,安装的目录为: D:\Subversion ; 仓库目录: F:\Major\Java\ExerciseSVN

2)由于1.4版本的更新,不需要SVNService.exe(添加到Windows服务需要的工具),先创建SVN服务,命令如下:

D:\>sc create SVNService binpath= “\”D:\Subversion\bin\svnserve.exe\” –service –root \”F:\Major\Java\ExerciseSVN\”" displayname= “Subversion Server” depend= Tcpip start= auto

其中SVNService为服务名, start属性为确定SVNService服务的属性,此为自动启动, 注意=左右边的空格,还有”";
启动服务: D:\> net start SVNService 停止:D:\> net stop SVNService

3)创建仓库, D:\>svnadmin create F:\Major\Java\ExerciseSVN

其实见SVN1.4帮助文档

因为工作需要,要架设一个Subversion和Apache一起工作的源码管理器.以便协同工作.于是网上找了一些资料,在找资料的过程中,也走了一些弯路,于是自己整理了一下安装的过程和一些注意的事项,希望能对大家有些帮助.
我这里用的IDE是netbeans6.0,其实用什么IDE都无所谓,只是netbeans一直是我喜欢的IDE,所以顺便向大家推荐一下.呵呵.
好了,言归正传吧,要准备的东西如下:
1,apache_2.0.63-win32-x86-no_ssl.msi
下载:http://apache.mirror.phpchina.com/httpd/binaries/win32/apache_2.0.63-win32-x86-no_ssl.msi
2,svn-1.4.5-setup.exe
下载地址:http://subversion.tigris.org/files/documents/15/39559/svn-1.4.5-setup.exe
当然,你也可以选择安装TortoiseSVN.但是我没有装,因为我的源码管理都是用netbeans完成的.

好了,准备的两个软件都下载下来以后,就可以开始安装了.
首先安装apache,一般来说直接点下一步就可以了,在设置domain以及host的时候,设置为localhost就可以了,Email你可以填你 自己的Email,也可以随便填一个.安装apache要注意的是,你的电脑上80端口不能被占用,否则你的http服务是启动不起来的,我就遇到过这 事,因为我用了skype,它在本机上打开了80和443端口来监听,搞得我一开始装不好,总是启动不起来,后来才发现是skype占用了80端口,于是 把skype的设置改了以后,重装apache才成功.装好apache以后,这个时候,它已经在运行了,你可以在浏览器的地址栏输入 http://localhost看看,是否安装成功,如果安装成功的话,这个时候浏览器里面应该是可以看到一个页面的.
然后,再安装svn-1.4.5-setup.exe,也很简单,一步一步点下步就可以了,在安装的过程中,它会默认选中一些选项,其中就有一个是是否对 apache的HTTP服务器提供支持的选项,这个默认是勾上的,不要去反选它,其它的你可以反选掉.然后svn就宣布安装成功了.你可以到CMD下面去 试一下svn这个命令,如果有输出,则说明安装成功了,如果提示svn 不是内部或外部命令，也不是可运行的程序或批处理文件。那就说明没有装好.或者没有把这个命令加入到path中,所以最好的办法是到svn的安装目录下的 bin里面去看一下.
两者都装好了以后,就开始配置,当然,配置也是最重要的.
首先要建立一个数据仓库,我们假设建在E盘,数据仓库最好不要建在C盘,因为C盘重装系统以后就格了.我们先在E盘下面建立一个目录叫svnroot,然 后在svnroot下面再建立一个我们专门放我们工程的目录,比如叫MyProject.于是我们在E盘下面就有了这个一个文件夹:E:\svnroot\MyProject,然后我们用svnadmin的命令,使这个文件夹变成我们的数据仓库,命令如下:
svnadmin create E:\svnroot\MyProject
如果运行成功的话,什么也没有输出,这个时候,我们再来到MyProject文件夹下面,我们会发现多了几个文件夹和文件,我们打开conf文件夹,然后再打开svnserve.conf文 件,找到如下行# password-db = passwd,然后把它前面的#去掉,表示MyProject是需要密码验证的.但是我们密码设在哪里呢,这个时候我们再打开conf文件夹下面的 passwd文件,用文本编辑器打开,在[users]下面加上我们需要启动的人员的用户和密码,比如
[users]
hadeslee=hadeslee1234
tom=123456
这个的话,我们就启动了两个用户,一个叫hadeslee,密码是hadeslee1234,一个叫tom,密码是123456.然后我们保存passwd文件.然后,我们再建一个文件,叫access.auth,这个文件是设置访问权限的,里面内容如下:
[MyProject:/]
hadeslee = rw
[MyProject:/module1]
tom=rw
hadeslee=rw
这表示,MyProject下面的所有子目录hadeslee都是有权限读写的,但是tom只有权限读写此项目下面的module1目录,这个各自的访问 权限就分的更细致了.有关于MyProject文件夹下面的设置,我们就告一段落了,我们现在开始设置apache,使它能和subvertion一起工 作.

首先来到Subersion的安装目录,进入它的bin目录,我们会发现如下两个文件:
mod_authz_svn.so
mod_dav_svn.so
我们把这两个文件复制一下,粘帖到apache的安装目录下的modules文件中,然后我们再打开apache安装目录下的conf文件夹,打开httpd.conf文件.增加如下两行：
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
注意，由于dav_svn需要dav_module的支持，所以要确保下面这一行没有被注释，并且保证在dav_svn之前加载：
LoadModule dav_module modules/mod_dav.so
然后模块的设置就完成了,下面我们要设置SVN的目录,以使我们的apache能知道访问不同的URL的时候,它去哪里寻找这个URL所对应的SVN目录.
在httpd.conf文件中,增加如下内容:
<Location /svn/MyProject>
DAV svn
SVNPath E:/svnroot/MyProject

AuthzSVNAccessFile E:/svnroot/MyProject/conf/access.auth
Satisfy Any
Require valid-user

AuthType Basic
AuthName “Subversion repositories”
AuthUserFile  E:/svnroot/MyProject/conf/users.auth
Require valid-user
</Location>

添加完上面这些,我们会发现access.auth是我们刚才新建的,可是users.auth我们并没有新建啊.怎么就把它加进去了.不要急,现在我们就来生成users.auth文件.

进入apache的安装目录的bin文件夹,输入如下命令:

D:\Program Files\Apache Group\Apache2\bin>htpasswd -cb users.auth hadeslee hadeslee1234
Automatically using MD5 format.
Adding password for user hadeslee

D:\Program Files\Apache Group\Apache2\bin>

我们就会发现在bin目录生成了users.auth,我们可以看到,hadeslee用户名已经被添加进去了,密码是用MD5加密过的.然后我们还要增加用户呢,可以用如下方法:
D:\Program Files\Apache Group\Apache2\bin>htpasswd -b users.auth tom 123456
Automatically using MD5 format.
Adding password for user tom

D:\Program Files\Apache Group\Apache2\bin>

只是在生成密码的时候,小了一个c的参数,因为c表示重新生成一个这样的文件,我们第一次的时候是要加的,后面我们要添加用户的时候,就不用这个c了.然后打开users.auth,会发现两个用户都已经在里面了,这个时候,我们把users.auth移到E:/svnroot/MyProject/conf/里面去,使我们上面的设置生效.

这个时候,我们的设置就完成了.可以在浏览器里面输入http://localhost/svn/MyProject试试看.

如果以后我们还要加入其它的项目呢,可以有两点解决方式
1,把以后的项目也导入到我们的MyProject的仓库中,这个的话,就不用改什么配置了
2,新建一个数据仓库,然后只要按上面的步骤,把新的<Location…>设置放到httpd.conf里面就可以了.
当然,验证文件,访问权限文件,还有访问SVN的密码都要自己按上面的方法再设一遍.

祝大家能够设置成功:)

Zend_Acl / Zend_Auth example scenario

by Simon Mundy

Hi there all

After submitting the initial example of how Zend_Auth and Zend_Acl could be implemented Gavin pointed out areas that weren’t really addressed in my proof of concept and it could potentially confuse newcomers to the way MVC is utilised. I’d like to clarify that post to a) Address those concerns and b) see if there’s any constructive criticism of the process that could benefit everyone.

Requirements

Demonstrate a web environment where ‘public’ (i.e. non-authenticated) users and ‘member’ users have access restrictions, and to what context they may visit those resources. In a lot of ways this broad concept relates very well to small-medium sites of a lot of Zend developers (in my opinion). For purpose of clarity we will assume this is a SIG group for Mac Users to discuss all things Mac OS X-related. The site has 3 areas (home, news, tutorials) that are for the general public. Members can also view a discussion forum, community newsletter and support request area for members to share common problems.

Site layout
-------------
Expressed as :controller/:action notation:-

/home

/news/index
     /view
     /email

/tutorials/index
          /view

/forum/index
      /category
      /view
      /add
      /update
      /reply
      /search
      /report - report abuse, etc.

/support/index
        /view
        /search
        /submit
        /confirmation -
        /comment - add comment

/login/index - handles form processing and auth processing

/logout/index - destroys current auth instance

/error/noroute - handles all 404s
      /failure - handles 'Site error' messages
      /privileges - handles 'You are not privileged...' messages

/admin - a cms to handle all site management

This loosely illustrates the site functionality and content - for the sake of brevity we’ll assume that the general concepts and operations of these site functions are understood and familiar. What we’re interested in is how to handle user authentication and then access, but at least this gives us some ‘real world’ understanding of what is required.

Access rules:

Three types of user ‘roles’ have been identified for the site:-

• guest (not authenticated) - Guests can access ‘home’, ‘news’ and ‘tutorials’ only. Guests attempting to access member-only content will be asked to authenticate.
• member (authenticated) - Access all top-level controllers. Can update forum posts but only those authored by themselves. Not allowed access to admin section. Access to ‘admin’ will result in ‘privileges’ error message.
• admin (authenticated) - Unrestricted access.

Application layout

Using the ‘Conventional’ layout that Gavin outlines in http://framework.zend.com/wiki/display/ZFDEV/Choosing+Your+Application%27s+Directory+Layout

The bootstrap is located inside /htdocs/index.php

Bootstrap

The bootstrap takes care of the usual suspects - Db, View, Config, Log, Router - and stores them inside the Zend_Front_Controller so that they can be accessed via each controller using the getInvokeArg() method. This negates the need for an extra registry object and (hopefully) makes the dependencies somewhat easier to track.

To satisfy the needs of the Access rules, we create a subclassed instance of Zend_Acl like so:

class MyAcl extends Zend_Acl
{
    public function __construct(Zend_Auth $auth)
    {
        parent::__construct();

        $roleGuest = new Zend_Acl_Role('guest');

$this->add(new Zend_Acl_Resource('home'));
$this->add(new Zend_Acl_Resource('news'));
$this->add(new Zend_Acl_Resource('tutorials'));
$this->add(new Zend_Acl_Resource('forum'));
$this->add(new Zend_Acl_Resource('support'));
$this->add(new Zend_Acl_Resource('admin'));

        $this->addRole(new Zend_Acl_Role('guest'));
        $this->addRole(new Zend_Acl_Role('member'), 'guest');
        $this->addRole(new Zend_Acl_Role('admin'), 'member');

        // Guest may only view content
        $this->allow('guest', 'home');
        $this->allow('guest', 'news');
        $this->allow('guest', 'tutorials');
        $this->allow('member', 'forum');
        $this->deny('member', 'forum', 'update'); // Remove specific privilege
        $this->allow('member', 'support');
        $this->allow('admin'); // unrestricted access

        // Add authoring ACL check
        $this->allow('member', 'forum', 'update', new MyAcl_Forum_Assertion($auth));
        // NOTE: Dependency on auth object to allow getIdentity() for authenticated user object
    }
}

…and then this is added to the bootstrap. The final index.php file looks something like:

Index.php
<?php

// Initialise configuration / environment
$config = new Zend_Config(new Zend_Config_Ini('../application/config/config.ini', 'live'));

// Create sitemap from .ini using structure from example
$sitemap = new Zend_Config(new Zend_Config_Ini('../application/config/sitemap.ini', 'live'));

// Create db object and enable/disable debugging
$db = Zend_Db::factory($config->db->connection, $config->db->asArray());
...etc...

// Create auth object
$auth = Zend_Auth::getInstance();

// Create acl object
$acl = new MyAcl($auth); // see 

// Create router and configure (LIFO order for routes)
$router = new Zend_Controller_RewriteRouter;
...add rules...

// Create view and register objects
$view = new My_View;
...init view...

$front = Zend_Controller_Front::getInstance();
$front->throwExceptions(true);
$front->setRouter($router)
      ->setDispatcher(new Zend_Controller_ModuleDispatcher())
      ->registerPlugin(new My_Plugin_Auth($auth, $acl))
      ->registerPlugin(new My_Plugin_Agreement($auth))
      ->registerPlugin(new My_Plugin_View($view))
      ->setControllerDirectory(array('default' => realpath('../application/controllers/default'),
                                     'admin' => realpath('../application/controllers/admin')))
      ->setParam('auth', $auth)
      ->setParam('view', $view)
      ->setParam('config', $config)
      ->setParam('sitemap', $sitemap)
      ->dispatch();

This is a pretty standard (IMO) bootstrap - the areas to note for the purpose of Authentication/Acl are the two first plugins:

Auth.php

The purpose of this plugin is to first determine the ‘role’ of the current Auth identity. If Zend_Auth::getIdentity() returns false then we don’t have a ‘role’ for the identity, so we assume ‘guest’. If a user is authenticated, the Zend_Auth identity would be returned as an object and we would extract the role from this. For simplicity’s sake, let’s assume that the ‘role’ is stored in a MySQL database and is returned as a public property from the Identity object (i.e. ‘member’ or ‘admin’).

The ‘role’ is then a one-to-one match against the Acl rules. If we interrogate the Acl and we are allowed to view the current controller (maps to the ‘resource’ id given to each Acl resource) then the dispatcher continues on its merry way.

If the Acl denies the access, we then determine if the user has a valid identity. If not, we tell the request object that we want to redirect to a new controller (login) to perform a login. At this stage, no request data is required - this will be handled via a form in the LoginController.

If, however, the identity is valid then we know that access if definitely blocked for that user and we send the request to the ‘error’ controller to display the ‘no privleges’ error.

I’ve chosen this strategy as it means that none of the controllers need know anything about the ACL process - they can assume that access to the action has been already approved and need only check action-specific privilege checks (e.g. ensuring they view valid articles, forum threads, etc.)

However a developer could still choose to add further ACL rules if required and reduce the amount of ACL-related ‘clutter’ in the controllers themselves.

<?php

class My_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
    private $_auth;
    private $_acl;

    private $_noauth = array('module' => 'default',
                             'controller' => 'login',
                             'action' => 'index');

    private $_noacl = array('module' => 'default',
                            'controller' => 'error',
                            'action' => 'privileges');

    public function __construct($auth, $acl)
    {
        $this->_auth = $auth;
        $this->_acl = $acl;
    }

public function preDispatch($request)
{
        if ($this->_auth->hasIdentity()) {
            $role = $this->_auth->getIdentity()->getUser()->role;
        } else {
            $role = 'guest';
        }

    $controller = $request->controller;
    $action = $request->action;
    $module = $request->module;
$resource = $controller;

    if (!$this->_acl->has($resource)) {
        $resource = null;
    }

        if (!$this->_acl->isAllowed($role, $resource, $action)) {
            if (!$this->_auth->hasIdentity()) {
                $module = $this->_noauth['module'];
                $controller = $this->_noauth['controller'];
                $action = $this->_noauth['action'];