堆栈内存溢出
  繁体   English   中英

使用Spring Security保护GWT Servlet

[英]Securing GWT servlets with Spring Security

 原文  2013-04-17 08:59:01       spring/ security/ gwt/ spring-security/ web.xml

问题描述

我正在编写一个受Spring安全保护的GWT应用程序。 登录工作正常,但授权不成功。

我尝试在我的方法上使用@Secured和@PreAuthorize注释,但这些方法也不起作用。

例如,这是来自AppUserServiceImpl的代码段 

@Secured("ROLE_ADMINISTRATOR")
    @Override
    public List<AppUser> fetch(Integer startRow, Integer endRow, Map criteria) {
        return appUserManagerBean.getUsers(criteria);
    }

applicationContext.xml中 

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">


<http auto-config="true">
    <intercept-url pattern="/testapplication/**" access="ROLE_USER"/>
    <intercept-url pattern="/gwt/**" access="ROLE_USER"/>
    <intercept-url pattern="/**/*.html" access="ROLE_USER"/>
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/security/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/testapplication/appUserService*" access="ROLE_ADMIN"/>

    <form-login
            login-page="/login.jsp"
            authentication-failure-url="/security/error.html"
            login-processing-url="/j_spring_security_check"
            />
</http>
<beans:bean id="appUserService" class="com.test.testapplication.server.admin.appuser.AppUserServiceImpl"/>


<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
[DATASOURCE CONFIGURATION]
</beans:bean>
<global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />
<authentication-manager>
    <authentication-provider>
        <password-encoder hash="sha" />
        <jdbc-user-service data-source-ref="dataSource"
                           users-by-username-query="select username,password,DECODE(enabled,'Y',1,'N',0) as enabled from APP_USER where username=?"

                           authorities-by-username-query="select u.username, ur.role from APP_USER u, APP_USER_ROLE ur
                                                          where u.id = ur.APP_USER_ID and u.username =?  "

                />
    </authentication-provider>
</authentication-manager>

为了测试,我正在尝试保护'appUserService'。

web.xml中 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
          http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
           version="2.5">

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
        </param-value>
    </context-param>
    <servlet>
        <servlet-name>appUserService</servlet-name>
    <servlet-class>com.test.testapplication.server.admin.appuser.AppUserServiceImpl</servlet-class>
</servlet>

<!-- Spring security filter -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring listener -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Default page to serve -->
<welcome-file-list>
    <welcome-file>testapplication.html</welcome-file>
</welcome-file-list>

我正在寻找最简单的解决方案,并且我不想使用AspectJ,我们将不胜感激

1 个解决方案

解决方案1
 1  2013-04-17 17:41:24

您在哪里将servlet映射到特定路径?

我正在使用gwt-sl集成RemoteServiceServlet和Spring。 在您的web.xml中定义Dispatcher servlet: 

<servlet>
    <servlet-name>gwtservice</servlet-name>
    <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

并为您的gwt-servlet进行声明和映射: 

<bean name="DeviceListenerServlet" class="your.package.your.SomeService"/>
<bean id="urlMappingGWT" class="org.gwtwidgets.server.spring.GWTHandler">
    <property name="mappings">
        <map>
            <entry key="/service" value-ref="DriverServiceImpl"/>
        </map>
    </property>
</bean>

并在您的RemoteService类中更改Annotation(在我的示例中为@RemoteServiceRelativePath(“ gwtservice / service”))。

现在,您可以使用@Secured批注(如果已添加)

希望对您有所帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring +多个gwt servlet 使用 Spring Security 保护 REST 微服务 使用Spring Security保护RESTful API Spring Security:保护URL和参数 使用Spring Security保护REST API 使用 Spring Security 和 LDAP 保护应用程序 Gwt + Spring Security集成 GWT Spring安全 - 客户端 gwt +弹簧安全 Spring Social和Spring Security:保护网站资源
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM