小编luc*_*uca的帖子

我为我的网页和Web服务实现了数据库身份验证.它适用于两者,现在我必须添加Ldap身份验证.我必须通过远程Ldap服务器进行身份验证(使用用户名和密码),如果用户存在,我必须使用我的数据库作为用户角色(在我的数据库用户名中是与Ldap相同的用户名).所以我必须从我的实际代码切换到Ldap和数据库身份验证,如上所述.我的代码是:SecurityConfig类

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{
        @Override
        protected void configure(HttpSecurity http) throws Exception {
             http.csrf().disable()
             .antMatcher("/client/**")
             .authorizeRequests()
             .anyRequest().authenticated()
             .and()
             .httpBasic();
        }
    }

    @Configuration
    @Order(2)
    public static class FormWebSecurityConfig extends WebSecurityConfigurerAdapter{

        @Override
        public void configure(WebSecurity …

我必须配置Spring安全性以通过LDAP对用户进行身份验证.这是经理用户所在的子树:

ldaps://vldp.floal:636/CN=Administration,CN=fdam,DC=fg,DC=local

这是用户所在的地方:

ldaps://vldp.floal:636/CN=ProxyUsers,CN=fdam,DC=fg,DC=local

所以我使用这个设置:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
     auth.ldapAuthentication()
      .contextSource()
        .url("ldaps://vldp.floal:636/DC=fg,DC=local")
        .managerDn("CN=A0XXX32,CN=Administration,CN=fdam,DC=fg,DC=local")
        .managerPassword(password)
      .and()         
      .userSearchBase("CN=ProxyUsers,CN=fdam")     
      .userSearchFilter("(CN={0})")
      .ldapAuthoritiesPopulator(myAuthPopulator);     
}

当我尝试通过用户登录时,问题是异常抛出,我收到此错误:

2016-03-25 14:43:14 [http-nio-8086-exec-6] ERROR o.s.s.w.a.UsernamePasswordAuthenticationFilter - An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
    'CN=fdam,DC=fg,DC=local'
 ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
    'CN=fdam,DC=fg,DC=local'
 ]; …

我正在使用带有CSRF的Spring Security,我的javascript中有一些POST调用问题.对于我的页面,我使用Thymeleaf和HTML 5,对于我的控制器的Rest调用我使用jQuery.ajax.如果我对我的表单使用ajax调用,如下所示:

$(function() {
    $("#saveCarButton").click(
            function() {
                var form = $("#addCarForm");        
                $.ajax({
                    type : "POST",
                    url : form.attr("action"),
                    data : form.serialize(),
                    // all right with rest call
                    success : function(data) {...}  
                    //error during rest call
                    error : function(data) {
                        window.location.href = "/500";
                    }
                });
            });
});

一切正常,但当我打电话给这个函数时:

jQuery.ajax({
        url : 'upload',
        type: 'POST',
        contentType: false,
        processData: false,
        data:formData,
        beforeSend:function(xhr) {
            waitingModal.showPleaseWait();
        },  
        success: function(data,status,xhr){...}
        error: function(xhr,status,e){
        }
    }).complete(function() {
        //add timeout because otherwise user could see a too fast …

我正在尝试从服务器上部署的Rest Web服务返回文件流,并在客户端上从Rest Web服务处理此流.在服务器上我使用此代码:

@Override
@RequestMapping(value = "/file", method = RequestMethod.GET, produces = MediaType.APPLICATION_OCTET_STREAM_VALUE) 
public @ResponseBody Resource getAcquisition(@RequestParam(value="filePath", required = true) String filePath) throws FileNotFoundException{
    // acquiring the stream
    File file= new File(filePath);
    InputStream stream = new FileInputStream(file);
    // counting the length of data
    final long contentLength = file.length() ;

    return new InputStreamResource(stream){
        @Override
        public long contentLength() throws IOException {
            return contentLength;
        }
    };
}

而且,此刻,在客户端我使用它(然后我必须在文件系统上写文件)

@Override
public void getFile(String serverIp, String toStorePath, String filePath) throws Exception{
    RestTemplate restTemplate = new …

我正在按照此指南流文件通过 spring 发送文件，但我在客户端收到此异常：

org.springframework.web.client.RestClientException: Could not extract response: no suitable HttpMessageConverter found for response type [class org.springframework.http.ResponseEntity] and content type [application/octet-stream]
    at org.springframework.web.client.HttpMessageConverterExtractor.extractData(HttpMessageConverterExtractor.java:110)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:572)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
    at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:237)
    at client.services.FileServicesImpl.getFile(FileServicesImpl.java:28)
    at client.wbcontroller.ControllerMatlab.Get(ControllerMatlab.java:24)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:776)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:705)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) …

我正在使用数据表处理消息，但我想在出现此消息时阻止数据表。这很重要，因为否则用户可能会使用旧行。这是我的配置：

datatableTable = $('#datatableTable').DataTable({
            responsive: true,
            "bLengthChange": false,
            deferRender:    true,
            scrollY:        '60vh',
            scrollCollapse: true,
            scroller:       true,
            "bProcessing": true,

我正在使用这个消息CSS：

div.dataTables_wrapper div.dataTables_processing {
  position: absolute;
  top: 50%;
  left: 50%;
  width: 200px;
  margin-left: -100px;
  margin-top: -26px;
  text-align: center;
  padding: 1em 0;
  z-index: 9999;
}

有没有办法阻止数据表？谢谢

我正在使用Hibernate和MySql,今天我在我的一个表中设置了一个复合主键,如下所示:

DefSelfLearning

这个实体是OneToMany with SelfLearning:

这是我的java实体:

@Entity
@Table(name = "defselflearning", catalog = "ats")
public class DefSelfLearning implements java.io.Serializable {

    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    @EmbeddedId
    private DefSelfLearningKeys defSelfLearningKeys;
    private Ecu ecu;
    private String excelColumn;
    @JsonIgnore
    private Set<SelfLearning> selfLearnings = new HashSet<SelfLearning>(0);

    public DefSelfLearning() {
    }

    public DefSelfLearning(DefSelfLearningKeys defSelfLearningKeys, Ecu ecu) {
        this.defSelfLearningKeys = defSelfLearningKeys;
        this.ecu = ecu;
    }

    public DefSelfLearning(Ecu ecu, DefSelfLearningKeys defSelfLearningKeys, String excelColumn, Set<SelfLearning> selfLearnings) {
        this.ecu = ecu;
        this.defSelfLearningKeys = defSelfLearningKeys; 
        this.excelColumn …

我使用的数据表与Ajax调用,我想补充的错误处理和重定向到500页,如果有一个错误.现在我有这张桌子:

licenseTable = $('#licensesTable').DataTable({
    responsive: true,
    //disable order and search on column
    columnDefs: [
         {
             targets: [4,5],
             //set priority to column, so when resize the browser window this botton stay on the screen because have max priority
             responsivePriority: 1,
             orderable: false,
             searchable: false,
         }
     ],
     //fix problem with responsive table
     "autoWidth": false,
         "ajax":{ 
             "url":"table",
             //Check if there was an error on the query like all other ajax request
             "dataSrc": function ( json ) {
                 if (json.success){
                     return json.result.data; …

我正在为我的项目使用Spring和Hibernate,我的数据库是MySql.我正在使用注释而不是xml.每天,当我发出第一个登录请求时,我得到了这个例外,然后在刷新之后就可以了.

18-Feb-2016 10:59:20.990 SEVERE [http-nio-443-exec-9] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [dispatcher] in context with path [/ATS] threw exception
 org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.TransactionException: JDBC begin transaction failed: 
    at org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:431)
    at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:373)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:427)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:276)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
    at com.services.MyAuthoritiesPopulator$$EnhancerBySpringCGLIB$$9580eab6.getGrantedAuthorities(<generated>)
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:215)
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:84)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192)
    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) …

我在 spring 项目中使用jquery 下载插件，但浏览器给我以下错误：

Refused to display 'http://localhost:8086/DART/fleetAndCar/download/5' in a frame because it set 'X-Frame-Options' to 'DENY'.

我读到的是 Spring Security 中关于 Xframe 的问题，所以我添加了

http
    .headers()
      .addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))

但它不会改变拒绝但甚至添加 SAMEORIGIN 所以我有他以下错误：

Multiple 'X-Frame-Options' headers with conflicting values ('DENY, SAMEORIGIN') encountered when loading 'http://localhost:8086/DART/fleetAndCar/download/5'. Falling back to 'DENY'.

这是http请求：

这是我的弹簧配置：

@Configuration
    @Order(1)
    public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable()
            .antMatcher("/client/**")
            .authorizeRequests()
            //Exclude send file from authentication because it doesn't work with spring …