stackoom
  简体   繁体   中英

How to correctly define web.xml and java-based config for Spring Security at the same time

 原文  2016-09-30 07:03:03       java/ google-app-engine/ spring-security/ csrf/ thymeleaf

Question

My project was based completely on java-based configs. So instead of standart web.xml I had this: 

public class MyWebAppInitializer implements WebApplicationInitializer {

    @Override
    public void onStartup(ServletContext container) throws ServletException {
        AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
          rootContext.register(WebAppConfiguration.class);
          AnnotationConfigWebApplicationContext dispatcherContext = new AnnotationConfigWebApplicationContext();

          ServletRegistration.Dynamic dispatcher = container.addServlet("dispatcher", new DispatcherServlet(dispatcherContext));
          dispatcher.setLoadOnStartup(1);
          dispatcher.addMapping("/");
    }

That work just fine, and I was able to get csrf token in Thymeleaf template like that: 

<meta name="_csrf" th:content="${_csrf.token}"/>
<meta name="_csrf_header" th:content="${_csrf.headerName}"/>

But now I need to deploy my project to Google App Engine, and it requires to have web.xml otherwise it even doesn't start. I added web.xml, and remove the java config above : 

<context-param>
        <param-name>contextClass</param-name>
        <param-value>
        org.springframework.web.context.support.AnnotationConfigWebApplicationContext
    </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>com.demshin.medpro.configuration.WebAppConfiguration</param-value>
    </context-param>

    <servlet>
        <servlet-name>springServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextClass</param-name>
            <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>springServlet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

And when I try to open my app's url, I get an exception:

org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "_csrf.token"

As I think, the problem is in corrupted filter chain. But if I add this to web.xml: 

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

instead of this java config: 

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
    public SecurityWebApplicationInitializer() {
        super(WebSecurityConfiguration.class);
    }
}

, the problem is still there though the trace is a bit different.

So how this can be cured? Maybe there is a way to get rid of web.xml on Google App Engine? Thank you.

2 answers

solution1
 0  2016-10-05 14:12:42

What if you keep the java config and then create an empty web.xml eg 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
     version="3.1">

</web-app>

solution2
 0 ACCPTED  2016-10-07 17:08:25

I found some useful information here . The problem is that WebApplicationInitializer requires Servlet 3.0, but Appengine supports only Servlet 2.5. So we have to use plain XML based config, at least for initialization. And configure Spring filter/servlet in web.xml manually. Unfortunately I failed to make it work without completely moving spring configuration to xml, just adding spring-security.xml didn't work.

We can also vote for Servlet 3.0 support here , but it seems Google doesn't have any plans to add it, unfortunately.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do you add Java Based Spring config to an existing web.xml? How to implement correctly web.xml for spring-mvc and spring-security together How to use web.xml to define security realm / jaas domain Convert web.xml to java config in Spring Boot Completely replace web.xml with java config (Spring MVC 4 - Tomcat 7/8) 404 error in Spring (java config / no web.xml) How to use @Autowired with Java-based config? How to migrate <security-constraint> in web.xml to spring class based configuration (WebApplicationInitializer) Spring 3.2 servlet 3.0 Java Config (no web.xml) how to create custom 404 handler How to convert web.xml code to java config for java melody
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM