我是使用Java Config配置Spring Security的新手.我试图关注这个帖子.但是,当我运行我的应用程序时,我会对所有URL 进行基本Auth挑战,包括.输入下面的任一userid/pass组合似乎不起作用./
我的控制器:
package com.xxx.web;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("/")
/**
* Controller to handle basic "root" URLs
*
* @author xxx
* @version 0.1.0
*/
public class RootController {
/**
* Handles '/'
* @param model
* @return
*/
@RequestMapping
public String index(Model model) {
return "index";
}
/**
* Handles '/signup'
* @param model
* @return
*/
@RequestMapping("/signup")
public String signup(Model model) {
return …spring spring-mvc spring-security spring-boot spring-java-config
我正在尝试建立一个包含spring security的java可配置spring环境.应用程序启动没有任何错误,但我无法成功登录.
WebAppInitializer
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import org.springframework.core.annotation.Order;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
@Order(value = 1)
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
super.onStartup(servletContext);
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { HibernateConfig.class, SecurityConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebAppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
SecurityInitializer
import org.springframework.core.annotation.Order;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
@Order(value = 2)
public class SecurityInitializer extends …使用JavaConfig我在查找@RepositorySpring bean时遇到问题.
存储库接口定义如下:
@Repository
public interface UserRepository extends JpaRepository<User, Long> {
User findByUsername(String username);
}
配置定义如下:
@Configuration
@ComponentScan("com.example")
@EnableAutoConfiguration
@EnableJpaRepositories("com.example")
public class SampleApplication extends SpringBootServletInitializer {
...
包结构如下所示:
com.example
configuration
SampleApplication
repository
UserRepository
在日志文件中,我看到存储库被认为是bean定义的候选者,但是:
ClassPathBeanDefinitionScanner | Ignored because not a concrete top-level class:
趣味事实
如果我将SampleApplication类移动到com.example包,一切都开始工作.
我缺少什么想法?
我使用java配置来配置Spring Security,并且我已经定制了AuthenticationProvider和自定义UserDetailsService,以便在http://forum.spring.io/forum/spring-projects/security/95715-extra-login-fields之后添加额外的登录字段
我很难通过使用java配置将两个自定义类添加到Spring Security框架中.作为AuthenticationProvider#authenticationProvider的java doc描述:
根据传入的自定义AuthenticationProvider添加身份验证.由于AuthenticationProvider实现未知,因此必须在外部完成所有自定义,并立即返回AuthenticationManagerBuilder.
此方法不确保UserDetailsService可用于getDefaultUserDetailsService()方法.
所以我的问题是在这种情况下设置UserDetailsService的方法是什么?
要在web.xml中强制https,我使用的是此代码段:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
在Spring Java Config中是否有相同的功能?我已经发现我需要一个ServletSecurityElement.但是我如何将它连接到其他人呢?
public class WebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) throws ServletException {
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
container.addListener(new ContextLoaderListener(context));
context.register(PersistenceJPAConfig.class);
FilterRegistration filter = container.addFilter("wicket.myproject", WicketFilter.class);
filter.setInitParameter("applicationClassName", WicketApplication.class.getName());
filter.setInitParameter(WicketFilter.FILTER_MAPPING_PARAM, "/*");
filter.addMappingForUrlPatterns(null, false, "/*");
HttpConstraintElement forceHttpsConstraint = new HttpConstraintElement(ServletSecurity.TransportGuarantee.CONFIDENTIAL, "");
ServletSecurityElement securityElement = new ServletSecurityElement(forceHttpsConstraint);
}
}
目前我有一个Spring xml配置(Spring 4),它加载了一个属性文件.
context.properties
my.app.service = myService
my.app.other = ${my.app.service}/sample
Spring xml配置
<bean id="contextProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="ignoreResourceNotFound" value="true" />
<property name="fileEncoding" value="UTF-8" />
<property name="locations">
<list>
<value>classpath:context.properties</value>
</list>
</property>
</bean>
<bean id="placeholder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="ignoreResourceNotFound" value="true" />
<property name="properties" ref="contextProperties" />
<property name="nullValue" value="@null" />
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
</bean>
使用属性的Bean
@Component
public class MyComponent {
@Value("${my.app.other}")
private String others;
}
这是完美的,others价值是MyService/sample,例外.但是当我尝试用JavaConfig替换这个配置时@Value,我的组件中的工作方式不同.值不myService/sample但是${my.app.service}/sample.
@Configuration
@PropertySource(name="contextProperties", ignoreResourceNotFound=true, value={"classpath:context.properties"})
public class PropertiesConfiguration { …我一直在遇到测试类的@ComponentScan问题@Configuration- 也就是说,在集成测试期间会@ComponentScan出现意外@Configuration情况.
例如,假设您有一些全局配置,src/main/java其中包含组件com.example.service,com.example.config.GlobalConfiguration:
package com.example.config;
...
@Configuration
@ComponentScan(basePackageClasses = ServiceA.class)
public class GlobalConfiguration {
...
}
它旨在提供两个服务,com.example.services.ServiceA并com.example.services.ServiceB注释@Component和@Profile("!test")(为简洁起见省略).
然后在src/test/java中,com.example.services.ServiceATest:
package com.example.services;
...
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = ServiceATest.ServiceATestConfiguration.class)
public class ServiceATest {
...
@Configuration
public static class ServiceATestConfiguration {
@Bean
public ServiceA serviceA() {
return ServiceA(somemocking...);
}
}
}
而且com.example.ServiceBIntegrationTest,GlobalConfiguration.class为了进行集成测试需要引入,但仍然避免使用@ActiveProfiles("test")以下方法引入危险的实现:
package com.example.services;
... …我在初始化程序中有以下代码:
public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Filter[] getServletFilters() {
DelegatingFilterProxy shiroFilter = new DelegatingFilterProxy("shiroFilter");
shiroFilter.setTargetFilterLifecycle(true);
return new Filter[]{new CorsFilter(),shiroFilter};
}
}
我想CorsFilter先被执行ShiroFilter.但是,Spring文档并未说明执行过滤器的顺序取决于它们在返回数组中的顺序.
如果是,有人可以澄清一下吗?如果没有,有人建议如何做,我保证过滤器的执行顺序?
我们的应用程序中有几个DB连接,因此JPA有几个配置.配置只有架构名称,数据库主机名等不同.其余如休眠设置等(通常)相同.这导致多个HibernateJpaVendorAdapter,数据源等bean.它们都需要不同的名称,以免它们发生碰撞.我们目前手动设置如下:
@Configuration
@Bean
public class FooDbConfig {
public DataSource fooDataSource() {
return ...;
}
// ... more beans like HibernateJpaVendorAdapter etc.
}
@Configuration
@Bean
public class BarDbConfig {
public DataSource barDataSource() {
return ...;
}
// ... more beans like HibernateJpaVendorAdapter etc.
}
这当然是非常脆弱的维护.
我们想要一些java配置"Configurer",通过传递bean名称前缀来创建必要bean的设置.然后它应该创建具有不同名称的所有必需的bean(数据源等),前缀为给定的前缀(例如"fooDataSource"和"barDataSource").
这样做的好方法是什么?
我怎么能用java配置以编程方式生成bean别名?
是否可以以从外部文件读取配置详细信息并相应配置的方式配置Spring安全性.
(我不是在运行时更改配置.我在谈论在启动时从文件中读取)
我现有 Sporing安全配置的一个示例是:
@EnableWebSecurity
@Configuration
public class SecurityConfig {
@Bean
public UserDetailsService userDetailsService() throws Exception {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("user").password("userPass").roles("USER").build());
manager.createUser(User.withUsername("admin").password("adminPass").roles("ADMIN").build());
return manager;
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
}
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/v1/**")
.authorizeRequests()
.antMatchers("/api/v1/**").authenticated()
.and()
.httpBasic();
}
}
@Configuration
@Order(2)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user1").password("user").roles("USER"); …spring ×9
java ×8
spring-boot ×2
spring-mvc ×2
https ×1
junit ×1
spring-bean ×1
spring-data ×1
unit-testing ×1