![](/img/trans.png)
[英]Centralized system for session management (and killing) for Spring Security and/or Spring BlazeDS Integration
[英]RestEASY, Spring Security, Spring Session Integration
是否有人成功將RestEASY與Spring Security和Spring Session集成在一起? 我遇到了ContextLoadListener問題。 我能夠將RestEASY和Spring Security與以下web.xml集成。
<web-app>
<display-name>Admin Service</display-name>
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/admin</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>
<listener>
<listener-class>org.jboss.resteasy.plugins.spring.SpringContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>AdminService</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.etouchpoint.admin.service.AdminApplication</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>AdminService</servlet-name>
<url-pattern>/admin/*</url-pattern>
</servlet-mapping>
閱讀了Spring Session的文檔后,web.xml最終看起來像這樣:
<web-app>
<display-name>Admin Service</display-name>
<!-- Context for Spring HttpSession -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/session.xml</param-value>
</context-param>
<!-- Context for RestEasy -->
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/admin</param-value>
</context-param>
<!-- Filter and Mapping for Spring Session -->
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Filter and Mapping for Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Listener for Spring Session -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Listeners for RestEasy -->
<listener>
<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>
<listener>
<listener-class>org.jboss.resteasy.plugins.spring.SpringContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>AdminService</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.etouchpoint.admin.service.AdminApplication</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>AdminService</servlet-name>
<url-pattern>/admin/*</url-pattern>
</servlet-mapping>
此配置的問題是不允許有2個ContextLoadListeners。 因此,然后我嘗試創建一個源於Spring Security的類,並向其中添加Spring Session和RestEASY上下文偵聽器。
會話配置:
@Configuration
@EnableJdbcHttpSession
public class SessionConfig {
@Bean
public PlatformTransactionManager transactionManager(final DataSource dataSource) {
return new DataSourceTransactionManager(dataSource);
}}
ContextLoadListener:
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
public SecurityInitializer() {
super(SecurityConfig.class, SessionConfig.class, SpringContextLoaderListener.class);
}}
這也不起作用。 您以以下異常結束:
java.lang.NoSuchMethodException: org.springframework.security.access.SecurityConfig.<init>()
目前,我不知道如何使這3個庫正常運行。 有人這樣做嗎? 一般的解決方案是什么? 您是否將所有內容都移到Java中,或者是否可以XML格式?
終於想通了!!
web.xml
這里要注意的幾件事。
- 此配置適用於Servlet 3.0容器。 因此,請遵循針對Servlet 3.0容器的一些Restesy設置
- 即使使用了Servlet 3.0容器,也請使用org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap和org.jboss.resteasy.plugins.spring.SpringContextLoaderListener。 不要使用org.springframework.web.context.ContextLoaderListener。 有關Resteasy的信息,請參見Spring集成 。
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Admin</display-name>
<!-- Filter for Spring Session -->
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<!-- Filter for Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Listener for Resteasy -->
<listener>
<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>
<listener>
<listener-class>org.jboss.resteasy.plugins.spring.SpringContextLoaderListener</listener-class>
</listener>
</web-app>
applicationContext.xml
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd">
<!-- This context will contain all of the spring configs -->
<import resource="classpath:admin-context.xml" />
<!-- This context will contain all of the spring session/security configs -->
<import resource="classpath:admin-security-context.xml" />
</beans>
admin-security-context.xml
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd">
<context:annotation-config/>
<bean class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<constructor-arg ref="dataSource"/>
</bean>
<bean class="....CustomJdbcHttpSessionConfiguration" />
<bean id="adminAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/index.html" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
<property name="useReferer" value="true" />
</bean>
<bean id="adminLoginFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.html" />
<property name="forwardToDestination" value="true" />
</bean>
<security:http pattern="/static/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />
<security:http pattern="/robots.txt" security="none" />
<security:http>
<security:csrf disabled="true"/>
<security:intercept-url pattern="/login.html" access="hasAnyRole('ANONYMOUS')" requires-channel="any" />
<security:intercept-url pattern="/login" access="hasAnyRole('ANONYMOUS')" requires-channel="any" />
<security:intercept-url pattern="/**" access="hasAnyRole('ADMIN')" requires-channel="any" />
<!-- All of these parameters are needed for login to work correctly -->
<security:form-login login-page="/login.html" login-processing-url="/login" authentication-success-handler-ref="adminAuthenticationSuccessHandler" authentication-failure-handler-ref="adminLoginFailureHandler" username-parameter="username" password-parameter="password"/>
<!-- Change cookie name to 'SESSION' because that is what is used with Spring Session -->
<!-- And all parameters are needed -->
<security:logout logout-url="/logout" invalidate-session="true" delete-cookies="SESSION" logout-success-url="/login.html" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder hash="sha" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
CustomJdbcHttpSessionConfiguration.java
在此處創建一個自定義對象,以便可以部署多個應用程序,並且所有應用程序都使用相同的cookie。 請注意此處,因為這會將cookie設置為“ /”,這意味着,如果cookie需要使用不同的域,則此自定義對象將覆蓋這些域。
public class CustomJdbcHttpSessionConfiguration extends JdbcHttpSessionConfiguration {
@Bean
public CookieSerializer cookieSerializer() {
final DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("SESSION"); // <1>
serializer.setCookiePath("/"); // <2>
serializer.setDomainNamePattern("^.+?\\.(\\w+\\.[a-z]+)$"); // <3>
return serializer;
}
}
AdminApplication.java
@ApplicationPath("service")
public class AdminApplication extends Application {
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.