[英]Spring security with Hibernate and Annotations and basic HTTP authentication
在研究了許多示例之后,我找不到任何示例說明如何創建Spring Security配置,而Roles列在注釋中,而Hibernate用於身份驗證。
我的文件:
mvc-dispather-servlet.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<import resource="classpath:hibernate-beans.xml" />
<mvc:annotation-driven/>
<context:annotation-config/>
<context:component-scan base-package="com.salespredict"/>
</beans>
spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http>
<http-basic/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="authenticationService" />
</authentication-manager>
<global-method-security secured-annotations="enabled" />
</beans:beans>
服務:
@Service公共類AuthenticationService實現UserDetailsService {
@Autowired
private IUserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findOne(username);
Set<Role> roles = user.getRoles();
Set<GrantedAuthority> authorities = new HashSet<>();
for(Role role:roles) {
authorities.add(new SimpleGrantedAuthority(role.getRole().name()));
}
return new org.springframework.security.core.userdetails.User(
user.getUsername(),
user.getPassword(),
authorities);
}
}
控制器:
@Controller
@Secured({RoleNames.ADMIN, RoleNames.SALES_PREDICT_ADMIN})
@RequestMapping("/admin")
public class Admin extends WebServiceBase {
@RequestMapping(value = "/users", method = RequestMethod.PUT, produces = "application/json", consumes = "application/json")
public
@ResponseBody
ResponseEntity registerNewUsers(InputStream data) throws Exception {
// deserialize from JSON
Users users = _mapper.readValue(data, Users.class);
PutUsers msg = new PutUsers(users.getUsers());
postMessage(msg, DefaultResponse.class);
return ok();
}
...
}
如果我將<http>
更改為
<http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()" />
<http-basic />
</http>
然后,將調用我的身份驗證服務,但它僅檢查用戶是否提供密碼,而不檢查角色。 如果刪除它,則根本不會調用身份驗證服務。
我應該在<intercept-url pattern="/**" access= ... >
寫什么,以使其通過@Secured注釋檢查角色?
嘗試移動你的
<global-method-security secured-annotations="enabled" />
聲明為mvc-dispather-servlet.xml
因為您的Admin
控制器由mvc-dispather-servlet.xml
而不是spring-security.xml
拾取。 請參閱相應的常見問題解答條目 。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.