[英]spring security config xml to java
有人可以幫助我從基於xml的spring配置遷移到基於java的嗎?
這是我的xml配置:
<!--suppress SpringFacetInspection, SpringSecurityFiltersConfiguredInspection -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<global-method-security pre-post-annotations="enabled"/>
<context:annotation-config/>
<context:spring-configured/>
<beans:bean name="userLoginService" class="service.UserLoginService"/>
<beans:bean name="standardPasswordEncoder"
class="org.springframework.security.crypto.password.StandardPasswordEncoder">
<beans:constructor-arg name="secret" value="supersecret"/>
</beans:bean>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/javax.faces.resources/**" access="permitAll"/>
<intercept-url pattern="/view/unsecured/**" access="permitAll"/>
<intercept-url pattern="/view/secured/**" access="isAuthenticated()" />
<intercept-url pattern="/view/admin/**" access="hasRole('ROLE_SUPERUSER')"/>
<intercept-url pattern="/admin/**" access="hasRole('ROLE_SUPERUSER')"/>
<form-login login-page="/view/unsecured/login.xhtml"/>
<logout logout-success-url="/index.xhtml" invalidate-session="true" delete-cookies="true"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userLoginService">
<password-encoder ref="standardPasswordEncoder"/>
</authentication-provider>
</authentication-manager>
</beans:beans>
這是我的java嘗試:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean(name = "standardPasswordEncoder")
public PasswordEncoder standardPasswordEncoder() {
return new StandardPasswordEncoder("supersecret");
}
@Bean(name = "userDetailService")
@Override
public UserDetailsService userDetailsServiceBean() {
return new UserLoginService();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//.userDetailsService(userDetailsService())
.authorizeRequests()
.antMatchers("/view/secured/**").fullyAuthenticated()
.antMatchers("/admin/**", "/view/admin/**").access("hasRole('ROLE_SUPERUSER')")
.antMatchers("/index.xhtml", "/view/unsecured/**", "/javax.faces.resources/**").permitAll()
.and()
.formLogin().loginPage("/view/unsecured/login.xhtml")
.usernameParameter("email").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/index.xhtml").invalidateHttpSession(true).deleteCookies("JSESSIONID")
.and()
.exceptionHandling().accessDeniedPage("/error.xhtml")
.and()
.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(standardPasswordEncoder());
}
}
當我嘗試登錄時,我得到例外
Caused by: java.lang.StackOverflowError: null
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator.loadUserByUsername(WebSecurityConfigurerAdapter.java:386)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator.loadUserByUsername(WebSecurityConfigurerAdapter.java:387)
...
我錯過了什么,或者出了什么問題? 謝謝
重寫userDetailsService()
方法,而不是userDetailsServiceBean()
方法。 這就是導致無限遞歸的原因。 而且無需將其聲明為@Bean
。
應該只是:
@Override
public UserDetailsService userDetailsService() {
return new UserLoginService();
}
或者 - 如果您在UserLoginService
上有@Service
注釋(以及將獲取該類的組件掃描),您可以避免手動創建bean,只需將UserLoginService
直接注入配置方法:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, UserLoginService userDetailsService) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(standardPasswordEncoder());
}
然后你不需要覆蓋userDetailsServiceBean
或userDetailsService
:因為他們正在做的就是創建該bean的實例。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.