![](/img/trans.png)
[英]Two realms in same application with Spring Security @configuration
[英]How to “include” Spring Security configuration into application
我是Spring Security的新手,我正在按照以下示例配置Spring Security: https : //spring.io/blog/2013/07/03/spring-security-java-config-preview-web-security/ 。 所以我看到他們使用這種方法讓彈簧知道配置。
public class SpringWebMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { HelloWebSecurityConfiguration.class };
}
...
}
但是我有這樣的應用程序初始化:
public class AppInit implements WebApplicationInitializer{
public void onStartup(ServletContext servletContext) throws ServletException {
// TODO Auto-generated method stub
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.register(AppConfiguration.class);
ServletRegistration.Dynamic registration =
servletContext.addServlet("dispatcher", new DispatcherServlet(context));
registration.setLoadOnStartup(1);
registration.addMapping("/services/rest/*");
}
}
我想在其中包括我的spring安全配置,因為沒有它,我將在瀏覽器中收到消息:您的登錄嘗試失敗,請重試。
原因:找不到org.springframework.security.authentication.UsernamePasswordAuthenticationToken的AuthenticationProvider
從AbstractAnnotationConfigDispatcherServletInitializer
擴展是一種使spring加載安全配置的方法,但我不使用它。 一種更方便的方法可以像這樣(首先減少pom.xml
的spring security
依賴項):
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER")
.and().withUser("admin").password("admin").roles("USER","ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/").hasRole("USER")
.antMatchers("/index").hasRole("USER")
.antMatchers("/message/*").hasRole("USER")
.anyRequest().permitAll()
.and().formLogin().loginPage("/login").defaultSuccessUrl("/index").failureUrl("/login?error").permitAll()
.and().rememberMe().tokenValiditySeconds(60*60*7).key("message")
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").permitAll();
// define your action here.
}
}
Spring會在啟動時自動為您加載此配置,這足以確保spring security
。 如您所見,您應該在configure(HttpSecurity http)
定義規則,以告訴Spring Security當請求到來時該怎么做。
您只需更改行即可在AppInit類中注冊安全配置
context.register(AppConfiguration.class);
至
context.register({HelloWebSecurityConfiguration.class, AppConfiguration.class});
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.