堆棧內存溢出
  簡體   English   中英

具有Hibernate和Annotations和基本HTTP身份驗證的Spring安全性

[英]Spring security with Hibernate and Annotations and basic HTTP authentication

 原文  2013-08-08 08:06:22       java/ spring/ hibernate/ spring-mvc/ spring-security

問題描述

在研究了許多示例之后,我找不到任何示例說明如何創建Spring Security配置,而Roles列在注釋中,而Hibernate用於身份驗證。

我的文件:

mvc-dispather-servlet.xml: 

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/mvc
    http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <import resource="classpath:hibernate-beans.xml" />

    <mvc:annotation-driven/>
    <context:annotation-config/>
    <context:component-scan base-package="com.salespredict"/>

</beans>

spring-security.xml: 

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:security="http://www.springframework.org/schema/security"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http>
     <http-basic/>
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="authenticationService" />
</authentication-manager>

<global-method-security secured-annotations="enabled" />

</beans:beans>

服務:

@Service公共類AuthenticationService實現UserDetailsS​​ervice { 

@Autowired
private IUserRepository userRepository;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    User user = userRepository.findOne(username);
    Set<Role> roles = user.getRoles();
    Set<GrantedAuthority> authorities = new HashSet<>();
    for(Role role:roles) {
        authorities.add(new SimpleGrantedAuthority(role.getRole().name()));
    }
    return new org.springframework.security.core.userdetails.User(
            user.getUsername(),
            user.getPassword(),
            authorities);
}

}

控制器: 

@Controller
@Secured({RoleNames.ADMIN, RoleNames.SALES_PREDICT_ADMIN})
@RequestMapping("/admin")
public class Admin extends WebServiceBase {


    @RequestMapping(value = "/users", method = RequestMethod.PUT, produces = "application/json", consumes = "application/json")
    public
    @ResponseBody
    ResponseEntity registerNewUsers(InputStream data) throws Exception {
        // deserialize from JSON
        Users users = _mapper.readValue(data, Users.class);
        PutUsers msg = new PutUsers(users.getUsers());
        postMessage(msg, DefaultResponse.class);
        return ok();
     }
    ...
    }

如果我將<http>更改為 

 <http use-expressions="true">
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <http-basic />
</http>

然后,將調用我的身份驗證服務,但它僅檢查用戶是否提供密碼,而不檢查角色。 如果刪除它,則根本不會調用身份驗證服務。

我應該在<intercept-url pattern="/**" access= ... >寫什么,以使其通過@Secured注釋檢查角色?

1 個解決方案

解決方案1
 0  2013-08-08 12:48:24

嘗試移動你的 

<global-method-security secured-annotations="enabled" />

聲明為mvc-dispather-servlet.xml因為您的Admin控制器由mvc-dispather-servlet.xml而不是spring-security.xml拾取。 請參閱相應的常見問題解答條目

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Spring Security HTTP基本身份驗證 HTTP基本身份驗證在Spring Security中不起作用 為Oauth和Http Basic身份驗證配置Spring Security 用於Web的RESTFul和FormLogin(Cookies)的Spring Security HTTP Basic - 注釋 對同一資源使用 Oauth2 或 Http-Basic 身份驗證的 Spring Security 使用java中的http頭在Spring安全性中傳遞基本身份驗證詳細信息 Spring 使用 HTTP 基本和 OIDC 承載令牌進行安全認證 Spring Security如何處理HTTP基本身份驗證? Spring Security Rest基本身份驗證 Spring Boot 2安全性基本認證
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM