我有一个带弹簧安全性的弹簧mvc(3.2.5)应用程序(3.2).
我使用此方法配置了SecurityConfig.class:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/*").permitAll().and()
.formLogin().successHandler(successHandler)
.defaultSuccessUrl("/")
.failureHandler(failureHandler).failureUrl("/login?error=true")
.permitAll().and().logout()
.permitAll();
http.authorizeRequests().antMatchers("/resources/**").permitAll();
http.authorizeRequests().antMatchers("/welcome").permitAll();
http.authorizeRequests().antMatchers("/secure/*").authenticated();
http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated();
}
使用Spring security(3.2),我启用了CSRF.我认为启用它是个好主意.
我的控制器SignInController包含两个带params的方法:
编辑:添加action=参数
@RequestMapping(value = "/signup")
public ModelAndView signup() {
boolean auth = SecurityContextHolder.getContext().getAuthentication() == null ? false
: SecurityContextHolder.getContext().getAuthentication()
.isAuthenticated()
&& (SecurityContextHolder.getContext()
.getAuthentication().getPrincipal() instanceof User);
ModelAndView result = null;
if (auth) {
result = new ModelAndView("redirect:" + "/");
} else {
UserForm user = new UserForm();
result = new ModelAndView("registration", "userForm", user);
}
return …我尝试配置日志记录方面,但我不明白它是如何工作的.
我有一个spring web mvc应用程序.考虑一下:
一个包含LoggingConfiguration的配置类包:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import my.package.aspects.LoggingAspect;
import my.package.web.controller.MemberController;
@Configuration
@EnableAspectJAutoProxy
public class LoggingConfiguration {
@Bean
public LoggingAspect loggingAspect() {
return new LoggingAspect();
}
@Bean
MemberController memberController(){
return new MemberController();
}
}
一个方面:
@Aspect
@Component
public class LoggingAspect {
static Logger log = LoggerFactory.getLogger(LoggingAspect.class);
@Before("execution(* my.package..*.*(..) )")
public void logBefore(JoinPoint joinPoint) {
log.debug("logBefore() is running!");
log.debug(joinPoint.getSignature().getName());
}
}
log4j.xml(定义了appender)
<logger name="my.package" additivity="false">
<appender-ref ref="consoleAppender" />
<appender-ref ref="fileControllerAppender" />
</logger>
为什么配置不起作用?
谢谢
编辑
web.xml是
<?xml …我尝试在 MacOS 10.5.8 上使用 Eclipse Java EE,但是当我启动 IDE 时,收到此错误:
The JVM shared library "/System/Library/Frameworks/JavaVM.framework"
does not contain the JNI_CreateJavaVM symbol.
在控制台模式下,如果我运行 java -version,结果是:
java version "1.5.0_28"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_28-b04-382-9M3326)
Java HotSpot(TM) Client VM (build 1.5.0_28-157, mixed mode, sharing)
你有好主意吗?
我想在我的应用程序中使用身份验证.我有一个Spring MVC应用程序和Spring Security应用程序.对浏览器,它工作正常.这意味着,我向我的应用程序验证用户并使用网页.
现在,我想用休息.我添加了不安全的控制器方法@ResponseBody,我在json中收到响应.但是如何使用RestTemplate用户和密码连接到我的应用程序?
我在RestClient中的代码是(用于测试):
public void unsecureProfileTest() {
String url = articleServiceUrl + "unsecure/profile/test.json";
url = articleServiceUrl + "secure/profile/wiew.json";
HttpEntity<Object> entity = new HttpEntity<Object>(getHeaders("user:userpassword"));
Object s = restTemplate.exchange(url, HttpMethod.GET, entity, Object.class);
}
static HttpHeaders getHeaders(String auth) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON,
MediaType.TEXT_HTML));
byte[] encodedAuthorisation = Base64.encode(auth.getBytes());
headers.add("Authorization", "Basic "
+ new String(encodedAuthorisation));
return headers;
}
我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers("/*").permitAll().and()
.formLogin().successHandler(successHandler)
.defaultSuccessUrl("/").failureHandler(failureHandler)
.failureUrl("/login?error=true").permitAll().and().logout()
.permitAll();
http.authorizeRequests().antMatchers("/resources/**").permitAll();
http.authorizeRequests().antMatchers("/welcome").permitAll();
http.authorizeRequests().antMatchers("/unsecure/**").permitAll();
http.authorizeRequests().antMatchers("/secure/*").authenticated();
http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated(); …我有这个域名:
class Participation {
ParticipationStatus status
}
class ParticipationStatus{
String name
Date creationDate
}
我创建了一个查询:
Participation.createCriteria().list{
createAlias("status","statusAlias")
order "statusAlias.creationDate"
projections{
groupProperty "id"
}
}
但是我收到一个错误:引起:java.sql.SQLException:ORA-00979:N'est pas une expression GROUP BY
我2天前在这个查询grrrr上工作了!;-)
非常感谢
我尝试通过令牌将Rest身份验证添加到我的应用程序.我创建了一个简单的过滤器,其他任何东西都不打印消
public class RestAuthenticationProcessingFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
System.out.println(arg0);
// EDIT 25/02/2014
arg2.doFilter(arg0,arg1);
}
}
我正在使用Spring 4.0和Spring Security 3.2与JavaConfig.
我在我的适配器中添加了这个:
@Override
protected void configure(HttpSecurity http) throws Exception {
/*
* @RemarqueDev Différence entre permitAll et anonymous : permitAll
* contient anonymous. Anonymous uniquement pour non connecté
*/
http.addFilter(new RestAuthenticationProcessingFilter());
http.csrf().disable().headers().disable();
http.exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());
当我运行jetty服务器时,我收到此消息:
Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Instantiation of …我想用不同的配置文件运行maven但它似乎不起作用.我为我的JPAConfiguration创建了2个不同的java类:
JPAConfiguration.class和JPAConfigurationTest.class
@Configuration
@Profile({"dev"})
@EnableTransactionManagement(proxyTargetClass = true)
@EnableJpaRepositories(basePackages = { "com.jle.athleges.model.repository", "com.jle.athleges.security.repository" })
@ComponentScan(basePackages = { "com.jle.athleges.model.services", "com.jle.athleges.security.services" })
public class JpaConfiguration {
@Bean
public DataSource dataSource() throws SQLException {
System.out.println("use dev");
EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder();
builder.setName("dev");
return builder.setType(EmbeddedDatabaseType.H2).build();
}
@Bean
public EntityManagerFactory entityManagerFactory() throws SQLException {
HibernateJpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter();
vendorAdapter.setGenerateDdl(true);
LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean();
factory.setJpaVendorAdapter(vendorAdapter);
factory.setPackagesToScan("com.jle.athleges.model.entity", "com.jle.athleges.security.entity");
factory.setDataSource(dataSource());
factory.afterPropertiesSet();
return factory.getObject();
}
@Bean
public EntityManager entityManager(EntityManagerFactory entityManagerFactory) {
return entityManagerFactory.createEntityManager();
}
@Bean
public PlatformTransactionManager transactionManager() …我想创建一个相册.但我想在服务器上组织相册,所以我想创建新的文件夹:
/ myapp/myapp/albums/myapp/albums/1/myapp/albums/2 ...
我怎么能用Grails在tomcat上做到这一点?它在tomcat/bin中创建所有新文件夹而不是tomcat/webapps/myapp /
我有一个课堂hirarchy:
class Item {}
class Participation extends Item{}
class Contribution extends Participation{}
class Question extends Participation{}
我希望每个类都有一个表,所以我在Item中添加了tablePerHierarchy false
我需要一个discrimator来实现一个查询:where class ="Contribution"
我尝试了很多实现,但它不起作用.
怎么做 ?
谢谢