[英]Spring Security Java config does not intercept request accessing JSP available only for authenticated sources
[英]Spring security java config does not intercept
我正在嘗試使用java配置將spring security放入我的spring mvc項目中,但是,我仍然可以訪問所有頁面而沒有任何spring security攔截。 有人可以幫忙嗎? 謝謝。 (我正在使用weblogic 12c)
pom.xml的一部分
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
WebAppInitializer.java
package com.home.config;
public class WebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) throws ServletException {
AnnotationConfigWebApplicationContext rootCtx = new AnnotationConfigWebApplicationContext();
rootCtx.register(HomeConfig.class);
container.addListener(new ContextLoaderListener(rootCtx));
container.setInitParameter("defaultHtmlEscape", "true");
AnnotationConfigWebApplicationContext webCtx = new AnnotationConfigWebApplicationContext();
webCtx.register(WebConfig.class);
ServletRegistration.Dynamic servlet = container.addServlet(
"spring-dispatcher", new DispatcherServlet(webCtx));
servlet.setLoadOnStartup(1);
servlet.addMapping("/");
}
}
WebConfig.java
package com.home.config;
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "com.home.controllers", "com.home.websecurity" })
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
resolver.setExposeContextBeansAsAttributes(true);
return resolver;
}
// Configure static content handling
@Override
public void configureDefaultServletHandling(
DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
SecurityConfig.java
package com.home.websecurity;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("abc123")
.roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("root123")
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin()
.and().httpBasic();
}
}
SecurityWebInitializer.java
package com.home.websecurity;
public class SecurityWebInitializer extends
AbstractSecurityWebApplicationInitializer {
}
我花了很長時間嘗試使Spring 4與Weblogic 12c一起使用。 在這種情況下,對我有用的是將以下代碼添加到WebAppInitializer類的onStartup()方法中:
Dynamic registration = context.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.ASYNC);
registration.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
並擺脫SecurityWebInitializer類。 我還必須將安全性配置顯式導入到根配置類。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.