[英]Spring Data Rest + Spring Security without Spring boot does work?
I am trying fire up my app where I use spring data rest and spring security without spring boot. 我正在尝试启动我的应用程序,在其中我使用spring数据休息和spring security而不使用spring boot。 But I could make spring security works. 但是我可以使Spring Security起作用。 All security beans are created but when I send a request it doesn't go through security filter chain, but directly to the controller method. 所有安全性Bean均已创建,但是当我发送请求时,它不会通过安全性筛选器链,而是直接传递到控制器方法。 Could you please check my configuration. 您能检查一下我的配置吗? What have I missed? 我错过了什么? Thanks in advance! 提前致谢!
@Configuration
@ComponentScan({"com.demo.gallery"})
@Import({MongoConfig.class})
public class AppConfig {
@Bean
public PropertySourcesPlaceholderConfigurer propertiesPropertySource() throws IOException {
PropertySourcesPlaceholderConfigurer source = new PropertySourcesPlaceholderConfigurer();
ResourcePropertySource propertySource = new ResourcePropertySource("classpath:application.properties");
MutablePropertySources propertySources = new MutablePropertySources();
propertySources.addFirst(propertySource);
source.setPropertySources(propertySources);
return source;
}
}
_ _
public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{AppConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebConfig.class};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
@Override
protected void customizeRegistration(ServletRegistration.Dynamic registration) {
super.customizeRegistration(registration);
String userHome = System.getProperty("java.io.tmpdir");
File bannersDir = Paths.get(userHome, ".gallery/banners").toFile();
if (!bannersDir.exists()) {
if (!bannersDir.mkdirs()) {
throw new RuntimeException(String.format("Could create %s directory", bannersDir));
}
}
registration.setMultipartConfig(new MultipartConfigElement(userHome));
}
}
_ _
@EnableMongoRepositories(basePackages = "com.demo.gallery.persistence.repository")
public class MongoConfig extends AbstractMongoConfiguration {
private final String dbName;
private final String host;
private final int port;
public MongoConfig(@Value("${db.name}") String dbName,
@Value("${db.host}") String host,
@Value("${db.port}") int port) {
this.dbName = dbName;
this.host = host;
this.port = port;
}
@Override
protected String getDatabaseName() {
return dbName;
}
@Override
public MongoClient mongoClient() {
return new MongoClient(host, port);
}
@Override
protected Collection<String> getMappingBasePackages() {
return Collections.singleton("com.demo.gallery.persistence.model");
}
}
_ _
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final AppUserRepository appUserRepository;
@Autowired
public SecurityConfig(AppUserRepository appUserRepository) {
this.appUserRepository = appUserRepository;
}
@Bean
public UserDetailsService userDetailsService() {
return email -> {
AppUser appUser = appUserRepository.findByEmail(email);
List<SimpleGrantedAuthority> authorities = appUser.getRoles().stream()
.map(Enum::name)
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
return new User(appUser.getEmail(), appUser.getPassword(), authorities);
};
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
}
_ _
@Configuration
@Import({RepositoryRestMvcConfiguration.class, SecurityConfig.class})
public class WebConfig {
@Bean
public ResourceProcessor<Resource<Ad>> personProcessor() {
return new ResourceProcessor<Resource<Ad>>() {
@Override
public Resource<Ad> process(Resource<Ad> resource) {
String baseUri = BasicLinkBuilder.linkToCurrentMapping().toString();
Link bannerLink = new Link(new UriTemplate(baseUri + "/api/ads/banner/{id}")
.with("id", TemplateVariable.VariableType.PATH_VARIABLE), "banner")
.expand(Collections.singletonMap("id", resource.getContent().getId()));
resource.add(bannerLink);
return resource;
}
};
}
@Bean
public RepositoryRestConfigurer repositoryRestConfigurer() {
return RepositoryRestConfigurer.withConfig(config -> {
config.setBasePath("/api");
});
}
}
Here is my build.gradle file: 这是我的build.gradle文件:
plugins {
id 'war'
id 'net.ltgt.apt' version '0.10'
id "org.akhikhl.gretty" version "2.0.0"
}
repositories {
mavenCentral()
mavenLocal()
maven {
url 'https://repo.spring.io/libs-milestone'
}
}
gretty {
httpPort = 8558
contextPath = '/'
}
group 'com.demo'
version '1.0-SNAPSHOT'
ext {
lombockVersion = '1.16.20'
servletapiVersion = '4.0.0'
junitVersion = '4.12'
springTestVersion = '5.0.5.RELEASE'
springDataMongodbVersion = '2.1.0.M2'
springDataRestWebMvcVersion = '3.1.0.M2'
log4jVersion = '1.2.17'
slf4jVersion = '1.7.25'
logbackVersion = '1.2.3'
springSecurityVersion = '5.0.5.RELEASE'
}
dependencies {
compile "ch.qos.logback:logback-classic:${logbackVersion}"
compileOnly "org.projectlombok:lombok:${lombockVersion}"
apt "org.projectlombok:lombok:${lombockVersion}"
testCompile "junit:junit:${junitVersion}"
compile "org.springframework:spring-test:${springTestVersion}"
compile "org.springframework.data:spring-data-mongodb:${springDataMongodbVersion}"
compile "org.springframework.data:spring-data-rest-webmvc:${springDataRestWebMvcVersion}"
compile "org.springframework.security:spring-security-web:${springSecurityVersion}"
compile "org.springframework.security:spring-security-config:${springSecurityVersion}"
providedCompile "javax.servlet:javax.servlet-api:${servletapiVersion}"
}
Security filter registration seems to be missing. 安全筛选器注册似乎丢失了。 You need to map the springSecurityFilterChain
You can easily do this by extending AbstractSecurityWebApplicationInitializer
and optionally overriding methods to customize the mapping. 您需要映射springSecurityFilterChain
您可以通过扩展AbstractSecurityWebApplicationInitializer
和可选的重写方法来自定义映射来轻松实现此目的。
Refer the below spring guide. 请参阅以下弹簧指南。 Spring Security Java Config Preview: Web Security Spring Security Java配置预览:Web安全
Here are a useful links additionally to @narayan-sambireddy's ones: 以下是@ narayan-sambireddy的链接的有用链接:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.