[英]Spring MVC: Spring Security 4 doesn't intercept
我嘗試通過Spring Security為我的Spring MVC項目完成授權(最近更新到4.2.6.RELEASE
)。 所以我添加了這些依賴:
<dependency org="org.springframework.security" name="spring-security-config" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-core" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-crypto" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-taglibs" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-web" rev="4.1.0.RELEASE" />
根據我的理解,我只需要創建這些類:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/home").permitAll().anyRequest().authenticated().and().formLogin()
.loginPage("/login").permitAll().and().logout().permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
}
和
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {
}
我希望現在為沒有登錄的用戶阻止所有URL,除了“/”,“/ home”,“/ login”和“/ logout”。 實際上沒有任何東西被阻止,我的webapp完全可以訪問。 所以我在某處錯了...
真的很感激,如果你能在這里給我一個關於我的問題可能是什么的提示。 謝謝!
我測試了你的螞蟻匹配器,它運行得很好(一切似乎都很好)所以我認為你沒有將你的客戶安全配置( SecurityConfig )注冊到spring servlet,它是用@Import
完成的。
@EnableWebMvc
@Configuration
@ComponentScan({ "yourpackage" })
@Import({ SecurityConfig .class }) // See here
public class SpringServlet {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/..");
viewResolver.setSuffix("...");
return viewResolver;
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.