在我开始之前,我要说的是我找到的最接近的答案就在这里,但说实话,我并不真正理解那里发生了什么.
我正在使用Struts2 + Spring Security 2.06与自定义身份验证提供程序和访问决策管理器来消除对"ROLE_"前缀的需求.
我的applicationContext-security.xml看起来像这样:
<beans:bean id="customAuthenticationProvider"
class="com.test.testconsole.security.CustomAuthenticationProvider">
<beans:property name="userManagementService" ref="userManagementService"/>
<custom-authentication-provider/>
</beans:bean>
<!--Customize Spring Security's access decision manager to remove need for "ROLE_" prefix-->
<beans:bean
id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:ref bean="roleVoter"/>
<beans:ref bean="authenticatedVoter"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean
id="roleVoter"
class="org.springframework.security.vote.RoleVoter">
<beans:property name="rolePrefix" value=""/>
</beans:bean>
<beans:bean
id="authenticatedVoter"
class="org.springframework.security.vote.AuthenticatedVoter">
</beans:bean>
<global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>
我的web.xml的相关部分:
<!--Spring Security-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<!--Has to be placed _Before_ the struts2 filter-mapping-->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern> …Spring 3.1安全性contact示例在其中使用了几个角色applicationContext-security.xml:
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/switchuser.jsp" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/j_spring_security_switch_user" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
这些IS_AUTHENTICATED_ANONYMOUSLY,ROLE_SUPERVISOR,ROLE_USER角色定义在哪里?这些默认角色是由Spring Security创建的吗?
我正在学习Spring,我的Spring Security实验失败了.如果我从Eclipse启动并部署到Tomcat,我会得到一个ClassNotFoundException.将Maven构建WAR部署到独立的Tomcat时,我得到IllegalArgumentException.
我究竟做错了什么?
Spring依赖项:
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>timetracking</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>timetracking</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
security-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<user-service id="userService">
<user name="user1" password="user1" authorities="USER_ROLE"/>
<user …我为用户提供了带有访问密钥的特殊URL.与简单的匿名用户相比,通过此特殊网址访问公共页面的用户应该能够看到一些额外的数据.
我想基于请求中提供的参数给匿名用户一些额外的角色,所以我可以在我的模板中做这样的事情:
<@sec.authorize ifAnyGranted="ROLE_ADMIN, ROLE_USER, ROLE_INVITED_VISITOR">
...some additional stuff for invited user to see
</@sec.authorize>
目前我正在实施Spring的OncePerRequestfilter:
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
if (null != request.getParameter("accessKey")) {
if(isValid(request.getParameter("accessKey"))) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//how do i add additional roles to authenticated (potentially anonymous) user?
}
}
}
我在集成过程中在Spring Security之外有一个自定义身份验证实现。
我正在基于现有用户模型在身份验证过程中生成一个Spring用户。
除了getAuthority函数外,其他所有东西似乎都工作正常。
我在实现UserDetails的User模型中具有以下内容。
@Override
public Set<GrantedAuthority> getAuthorities() {
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(this.role));
return authorities;
}
但是,我得到以下答复。
“ message”:“需要授权的文本表示形式”,
我相信我在数据库中缺少正确的ROLES的生成。当前private String role是“ USER”。
我想我的问题是这个。
我的角色字段的正确格式是什么,以使其正常工作?插入此角色的最佳方法是什么?
我在网上找到的一个非常简单的弹簧安全3示例给了我一个jboss的strage ecxeption!ecxeption与日志:
01:04:19,150 ERROR [ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.SecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.SecurityFilterChain#0': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [USER_NORMAL]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating …