没有Spring / Spring MVC的Spring Security Java配置
[英]Spring Security Java configuration without Spring/Spring MVC
问题描述
There are a few similar looking questions in stackoverflow, but none of them seems to answer it clearly. 
在stackoverflow中有一些看起来很相似的问题,但是似乎都没有一个明确的答案。
I'm adding Spring Security to an existing web application which doesn't use Spring or Spring MVC. 我正在将Spring Security添加到不使用Spring或Spring MVC的现有Web应用程序中。 I only need the Spring Security filter, and nothing else (no MVC etc). 我只需要Spring Security过滤器,就不需要别的(没有MVC等)。 My XML based configuration works perfectly fine, but not the Java configuration. 我的基于XML的配置工作得很好,但是Java配置却不能。 I was mostly following this guide . 我主要遵循此指南 。 For some reason the Spring Security filter doesn't seem to be available. 由于某种原因,Spring Security过滤器似乎不可用。
So the security configuration is as below - SecurityConfig.java 因此,安全性配置如下SecurityConfig.java
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
}
And the SecurityWebApplicationInitializer.java 还有SecurityWebApplicationInitializer.java
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
public SecurityWebApplicationInitializer() {
super(SecurityConfig.class);
}
}
What am I doing wrong above? 上面我在做什么错? How does the SecurityWebApplicationInitializer gets initialized and load the security config? 如何初始化SecurityWebApplicationInitializer并加载安全性配置? Is the initialization part of the servlet context loading - which I have to explicitly define somewhere? 初始化是Servlet上下文加载的一部分吗-我必须在某处明确定义?
2 个解决方案
解决方案1
2 已采纳 2016-09-20 17:10:18
Tomcat 6 doesn't support Servlet API 3+, see Wikipedia : Tomcat 6不支持Servlet API 3+,请参阅Wikipedia :
First Apache Tomcat release to support the Servlet 2.5, JSP 2.1, and EL 2.1 specifications.
You need a container with Servlet API 3+, see Spring Security Reference : 您需要一个带有Servlet API 3+的容器,请参阅Spring Security Reference :
The next step is to register the
springSecurityFilterChainwith the war.springSecurityFilterChain注册springSecurityFilterChain。 This can be done in Java Configuration with Spring's WebApplicationInitializer support in a Servlet 3.0+ environment.
You could use Tomcat 7 (or higher), see Wikipedia : 您可以使用Tomcat 7(或更高版本),请参阅Wikipedia :
First Apache Tomcat release to support the Servlet 3.0, JSP 2.2, and EL 2.2 specifications.
解决方案2
1 2016-09-19 11:55:31
How does the SecurityWebApplicationInitializer gets initialized and load the security config ?
From the guide: 从指南:
- Add a ContextLoaderListener that loads the WebSecurityConfig. 添加一个用于加载WebSecurityConfig的ContextLoaderListener。
This listener is responsible for initializing the configuration. 该侦听器负责初始化配置。 It should be someting like: 它应该像:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
The listener will load applicationContext.xml which should contain a component-scan where to find your beans, eg: 侦听器将加载applicationContext.xml,该文件应包含一个组件扫描以查找您的bean,例如:
<beans ...>
<context:component-scan base-package="your.package.here"/>
</beans>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.