没有Spring引导的Spring Data Rest + Spring Security可以工作吗?
[英]Spring Data Rest + Spring Security without Spring boot does work?
问题描述
I am trying fire up my app where I use spring data rest and spring security without spring boot. 
我正在尝试启动我的应用程序,在其中我使用spring数据休息和spring security而不使用spring boot。 But I could make spring security works. 但是我可以使Spring Security起作用。 All security beans are created but when I send a request it doesn't go through security filter chain, but directly to the controller method. 所有安全性Bean均已创建,但是当我发送请求时,它不会通过安全性筛选器链,而是直接传递到控制器方法。 Could you please check my configuration. 您能检查一下我的配置吗? What have I missed? 我错过了什么? Thanks in advance! 提前致谢!
@Configuration
@ComponentScan({"com.demo.gallery"})
@Import({MongoConfig.class})
public class AppConfig {
@Bean
public PropertySourcesPlaceholderConfigurer propertiesPropertySource() throws IOException {
PropertySourcesPlaceholderConfigurer source = new PropertySourcesPlaceholderConfigurer();
ResourcePropertySource propertySource = new ResourcePropertySource("classpath:application.properties");
MutablePropertySources propertySources = new MutablePropertySources();
propertySources.addFirst(propertySource);
source.setPropertySources(propertySources);
return source;
}
}
_ _
public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{AppConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebConfig.class};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
@Override
protected void customizeRegistration(ServletRegistration.Dynamic registration) {
super.customizeRegistration(registration);
String userHome = System.getProperty("java.io.tmpdir");
File bannersDir = Paths.get(userHome, ".gallery/banners").toFile();
if (!bannersDir.exists()) {
if (!bannersDir.mkdirs()) {
throw new RuntimeException(String.format("Could create %s directory", bannersDir));
}
}
registration.setMultipartConfig(new MultipartConfigElement(userHome));
}
}
_ _
@EnableMongoRepositories(basePackages = "com.demo.gallery.persistence.repository")
public class MongoConfig extends AbstractMongoConfiguration {
private final String dbName;
private final String host;
private final int port;
public MongoConfig(@Value("${db.name}") String dbName,
@Value("${db.host}") String host,
@Value("${db.port}") int port) {
this.dbName = dbName;
this.host = host;
this.port = port;
}
@Override
protected String getDatabaseName() {
return dbName;
}
@Override
public MongoClient mongoClient() {
return new MongoClient(host, port);
}
@Override
protected Collection<String> getMappingBasePackages() {
return Collections.singleton("com.demo.gallery.persistence.model");
}
}
_ _
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final AppUserRepository appUserRepository;
@Autowired
public SecurityConfig(AppUserRepository appUserRepository) {
this.appUserRepository = appUserRepository;
}
@Bean
public UserDetailsService userDetailsService() {
return email -> {
AppUser appUser = appUserRepository.findByEmail(email);
List<SimpleGrantedAuthority> authorities = appUser.getRoles().stream()
.map(Enum::name)
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
return new User(appUser.getEmail(), appUser.getPassword(), authorities);
};
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
}
_ _
@Configuration
@Import({RepositoryRestMvcConfiguration.class, SecurityConfig.class})
public class WebConfig {
@Bean
public ResourceProcessor<Resource<Ad>> personProcessor() {
return new ResourceProcessor<Resource<Ad>>() {
@Override
public Resource<Ad> process(Resource<Ad> resource) {
String baseUri = BasicLinkBuilder.linkToCurrentMapping().toString();
Link bannerLink = new Link(new UriTemplate(baseUri + "/api/ads/banner/{id}")
.with("id", TemplateVariable.VariableType.PATH_VARIABLE), "banner")
.expand(Collections.singletonMap("id", resource.getContent().getId()));
resource.add(bannerLink);
return resource;
}
};
}
@Bean
public RepositoryRestConfigurer repositoryRestConfigurer() {
return RepositoryRestConfigurer.withConfig(config -> {
config.setBasePath("/api");
});
}
}
Here is my build.gradle file: 这是我的build.gradle文件:
plugins {
id 'war'
id 'net.ltgt.apt' version '0.10'
id "org.akhikhl.gretty" version "2.0.0"
}
repositories {
mavenCentral()
mavenLocal()
maven {
url 'https://repo.spring.io/libs-milestone'
}
}
gretty {
httpPort = 8558
contextPath = '/'
}
group 'com.demo'
version '1.0-SNAPSHOT'
ext {
lombockVersion = '1.16.20'
servletapiVersion = '4.0.0'
junitVersion = '4.12'
springTestVersion = '5.0.5.RELEASE'
springDataMongodbVersion = '2.1.0.M2'
springDataRestWebMvcVersion = '3.1.0.M2'
log4jVersion = '1.2.17'
slf4jVersion = '1.7.25'
logbackVersion = '1.2.3'
springSecurityVersion = '5.0.5.RELEASE'
}
dependencies {
compile "ch.qos.logback:logback-classic:${logbackVersion}"
compileOnly "org.projectlombok:lombok:${lombockVersion}"
apt "org.projectlombok:lombok:${lombockVersion}"
testCompile "junit:junit:${junitVersion}"
compile "org.springframework:spring-test:${springTestVersion}"
compile "org.springframework.data:spring-data-mongodb:${springDataMongodbVersion}"
compile "org.springframework.data:spring-data-rest-webmvc:${springDataRestWebMvcVersion}"
compile "org.springframework.security:spring-security-web:${springSecurityVersion}"
compile "org.springframework.security:spring-security-config:${springSecurityVersion}"
providedCompile "javax.servlet:javax.servlet-api:${servletapiVersion}"
}
2 个解决方案
解决方案1
2 已采纳 2018-05-15 20:41:11
Security filter registration seems to be missing. 安全筛选器注册似乎丢失了。 You need to map the springSecurityFilterChain You can easily do this by extending AbstractSecurityWebApplicationInitializer and optionally overriding methods to customize the mapping. 您需要映射springSecurityFilterChain您可以通过扩展AbstractSecurityWebApplicationInitializer和可选的重写方法来自定义映射来轻松实现此目的。
Refer the below spring guide. 请参阅以下弹簧指南。 Spring Security Java Config Preview: Web Security Spring Security Java配置预览:Web安全
解决方案2
0 2018-05-18 17:59:51
Here are a useful links additionally to @narayan-sambireddy's ones: 以下是@ narayan-sambireddy的链接的有用链接:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Thymeleaf Security不适用于Spring Boot 1.3.5 - Thymeleaf Security does not work with Spring Boot 1.3.5
具有弹簧安全性的Spring Boot Secure Rest API - spring boot secure rest api with spring security
Spring Security不起作用 - Spring security does not work
没有Spring Boot的Spring Security身份验证与Spring Boot和类似配置不兼容 - Spring security authentication without spring boot doesn't work as opposed to with spring boot and similar configuration
没有 Spring Security 的 Spring-Boot 登录 - Spring-Boot Login without Spring Security
弹簧安全和弹簧靴 - Spring security and spring boot
Spring Data Rest + Spring Security:@Secured无法正常工作 - Spring Data Rest + Spring Security: @Secured not working
使用JSP作为视图引擎注销的Spring Boot安全性不起作用 - spring boot security using JSP as view engine logout does not work
Spring 开机安全| 为什么我的 authenticationManager 不起作用? - Spring boot security | Why does my authenticationManager not work?
Thymeleaf 3.0 Spring Boot +安全集成不起作用 - Thymeleaf 3.0 Spring Boot + Security integration does not work
相关标签