spe*_*0ne 8 configuration spring acl spring-mvc spring-security
我正在尝试将ACL功能添加到我的服务器.我已经使用java文件配置了spring security,并希望以相同的方式添加ACL.我该怎么办?我发现的所有教程都使用了XML文件.
SecurityInit:
@Order(1)
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
SecurityConfig
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
@Component
@ComponentScan(basePackages = {"test.package"})
public class SecurityConfig extends
WebSecurityConfigurerAdapter {
...
@Autowired
protected void registerAuthentication(UserDetailsService userDetailsService, AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
// http://stackoverflow.com/a/21100458/162345
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.headers().disable()
.addFilterBefore(...)
.addFilterBefore(...)
// TODO: create a better way to differentiate login to signup
.exceptionHandling()
.authenticationEntryPoint(noRedirectForAnonymous)
.and()
.formLogin()
.successHandler(restAuthenticationSuccessHandler)
.failureHandler(restAuthenticationFailureHandler)
.and()
.logout()
.logoutSuccessHandler(noRedirectLogoutSuccessHandler)
.and()
.authorizeRequests()
.antMatchers("/api/keywords/**").permitAll()
.antMatchers("/api/**").authenticated();
}
}
小智 14
您可以使用Java配置类配置spring acl,如下所示
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class ACLConfig extends GlobalMethodSecurityConfiguration {
@Autowired
DataSource dataSource;
EhCacheBasedAclCache aclCache() {
EhCacheFactoryBean factoryBean = new EhCacheFactoryBean();
EhCacheManagerFactoryBean cacheManager = new EhCacheManagerFactoryBean();
factoryBean.setName("aclCache");
factoryBean.setCacheManager(cacheManager.getObject());
return new EhCacheBasedAclCache(factoryBean.getObject());
}
LookupStrategy lookupStrategy() {
return new BasicLookupStrategy(dataSource, aclCache(), aclAuthorizationStrategy(), new ConsoleAuditLogger());
}
AclAuthorizationStrategy aclAuthorizationStrategy() {
return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ACL_ADMIN"),
new SimpleGrantedAuthority("ROLE_ACL_ADMIN"),
new SimpleGrantedAuthority("ROLE_ACL_ADMIN"));
}
@Bean
JdbcMutableAclService aclService() {
JdbcMutableAclService service = new JdbcMutableAclService(dataSource, lookupStrategy(), aclCache());
service.setClassIdentityQuery("select currval(pg_get_serial_sequence('acl_class', 'id'))");
service.setSidIdentityQuery("select currval(pg_get_serial_sequence('acl_sid', 'id'))");
return service;
}
@Bean
AclMasterService masterService() {
return new AclMasterService();
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler(){
DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(new AclPermissionEvaluator(aclService()));
return expressionHandler;
}
}
配置的重要方面是从
GlobalMethodSecurityConfiguration
覆盖方法
createExpressionHandler
并在课程开始时使用跟随的anotation启用Pre和Post anotations
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true)
现在你可以使用像这样的anotations
@PreAuthorize( '调用hasPermission(#对象,读)')
有关@Pre和@Post anotations的更多用法,请参阅Spring Security的Contact示例或 spring security参考指南.此配置类在Spring 4,Spring Security 4.0.1和Spring Security ACL 3.1.2上进行了测试.如果要配置身份验证,可以使用其他Java类或从中覆盖configure方法.如果您已经配置了ehcache,则此配置无法正常工作,因为ehcache是一个单例类,并且此配置尝试创建一个新配置.
小智 -6
没有xml文件就无法配置spring acl。spring 文档本身提到了这一点。请参阅 spring 文档。
| 归档时间: |
|
| 查看次数: |
3856 次 |
| 最近记录: |