I'm trying to put spring security into my spring mvc project using java configuration, however, I can still access all the pages without any spring security interception. Can anybody give some help? Thank you. (I'm using weblogic 12c)
part of pom.xml
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
WebAppInitializer.java
package com.home.config;
public class WebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) throws ServletException {
AnnotationConfigWebApplicationContext rootCtx = new AnnotationConfigWebApplicationContext();
rootCtx.register(HomeConfig.class);
container.addListener(new ContextLoaderListener(rootCtx));
container.setInitParameter("defaultHtmlEscape", "true");
AnnotationConfigWebApplicationContext webCtx = new AnnotationConfigWebApplicationContext();
webCtx.register(WebConfig.class);
ServletRegistration.Dynamic servlet = container.addServlet(
"spring-dispatcher", new DispatcherServlet(webCtx));
servlet.setLoadOnStartup(1);
servlet.addMapping("/");
}
}
WebConfig.java
package com.home.config;
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "com.home.controllers", "com.home.websecurity" })
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
resolver.setExposeContextBeansAsAttributes(true);
return resolver;
}
// Configure static content handling
@Override
public void configureDefaultServletHandling(
DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
SecurityConfig.java
package com.home.websecurity;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("abc123")
.roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("root123")
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin()
.and().httpBasic();
}
}
SecurityWebInitializer.java
package com.home.websecurity;
public class SecurityWebInitializer extends
AbstractSecurityWebApplicationInitializer {
}
I spent a long time try to get Spring 4 to work with Weblogic 12c. What works for me in this case is to add the following code to your onStartup() method in WebAppInitializer class:
Dynamic registration = context.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.ASYNC);
registration.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
and get rid of the SecurityWebInitializer class. I also have to explicitly import the security config to the root config class.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.