基于Spring-security.xml代码的配置
[英]Spring-security.xml code based configuration
问题描述
I'm looking for an example of how to do a code based configuration of the spring-security.xml file. 
我正在寻找有关如何对spring-security.xml文件进行基于代码的配置的示例。 This is a standard spring-security.xml file that I'm using to guide myself. 这是我用来指导自己的标准spring-security.xml文件。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true">
<intercept-url pattern="/admin**" access="ROLE_USER" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
And this is a code based configuration class that I'm also using to guide myself 这是一个基于代码的配置类,我也用来指导自己
@EnableWebSecurity
@Configuration
public class CustomWebSecurityConfigurerAdapter extends
WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth
.inMemoryAuthentication()
.withUser("user") // #1
.password("password")
.roles("USER")
.and()
.withUser("admin") // #2
.password("password")
.roles("ADMIN","USER");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**"); // #3
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.antMatchers("/signup","/about").permitAll() // #4
.antMatchers("/admin/**").hasRole("ADMIN") // #6
.anyRequest().authenticated() // 7
.and()
.formLogin() // #8
.loginUrl("/login") // #9
.permitAll(); // #5
}
}
But if you see in the spring-security.xml file there are these URLS 但是,如果您在spring-security.xml文件中看到这些URL,
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
How do I put those URL in code? 如何将这些URL放入代码中? or should I just ignore them. 还是我应该忽略它们。
1 个解决方案
解决方案1
1 2015-03-24 20:44:34
These URLs are where you find spring security XML schemas and the URL ended in .xsd are the XML schemas itself. 在这些URL中可以找到Spring Security XML模式,而以.xsd结尾的URL是XML模式本身。
Did you try access http://www.springframework.org/schema/security ? 您是否尝试访问http://www.springframework.org/schema/security ? If so, you will see some XSD files, which are XML schemas. 如果是这样,您将看到一些XSD文件,它们是XML模式。
From XML schema recommendation/specification : 从XML模式推荐/规范 :
XML Schemas express shared vocabularies and allow machines to carry out rules made by people.
An XML schema describes the structure of an XML document . XML模式描述XML文档的结构 。 In other works, XML schemas will help and guarantee to you that your XML config is a valid XML. 在其他作品中,XML模式将帮助您并确保您的XML配置是有效的XML。
As you are now using code based configuration, you can just ignore, is not necessary, the schema is now the Java code, interfaces, methods, etc. 由于您现在使用的是基于代码的配置,因此您可以忽略(不必要),该架构现在是Java代码,接口,方法等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.