Question

我将弹簧和弹簧安全性升级到最新版本，在测试基本功能时，我的Authenticator（适用于弹簧和弹簧安全版本3）不适用于弹簧安全4.（我正在转向jdk 8所以由于asm冲突我再也不能使用旧版本了。我需要做什么配置更改才能支持新版本的spring：

这是我的web.xml：

<!--?xml version="1.0" encoding="UTF-8"?-->
<web-app
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID"
    version="3.0">

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
             <param-name>excludePatterns</param-name>
             <param-value>/resources/*</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/springapp-servlet.xml
            /WEB-INF/springapp-security.xml
        </param-value>
    </context-param>

    <display-name>template</display-name>

    <servlet>
        <servlet-name>springapp</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>springapp</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <welcome-file-list>
        <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>

    <session-config>
            <session-timeout>90000</session-timeout>
    </session-config>

    <error-page>
            <error-code>404</error-code>
            <location>/login.jsp</location>
    </error-page>           

</web-app>

这是spring xml：

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xmlns:security="http//www.springframework.org/schema/security"
   xsi:schemaLocation="
   http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
   http://www.springframework.org/schema/context
   http://www.springframework.org/schema/context/spring-context-4.3.xsd
   http://www.springframework.org/schema/mvc
   http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
   http://www.springframework.org/schema/security
   http://www.springframework.org/schema/security/spring-security-4.1.xsd">
    <context:component-scan base-package="com.spring" />
    <mvc:resources mapping="/resources/**" location="/resources/"/>
    <mvc:annotation-driven/>
    <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property>
        <property name="prefix" value="/WEB-INF/jsp/"></property>
        <property name="suffix" value=".jsp"></property>
    </bean>
    <bean id="messageSource"
        class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <property name="basename" value="classpath:messages"></property>
        <property name="defaultEncoding" value="UTF-8"></property>
    </bean>
</beans>

这里是spring security xml：

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-4.1.xsd">
    <beans:bean id="SpringAuthenticationProvider" class="com.spring.SpringAuthenticationProvider"></beans:bean>
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="SpringAuthenticationProvider"></authentication-provider>
    </authentication-manager>
    <!--  ############################################# -->
    <http auto-config="true" use-expressions="true">
        <form-login    login-page="/login"
                       default-target-url="/main"
                       username-parameter="j_username"
                       password-parameter="j_password"
                       authentication-failure-url="/login?auth=fail"/>      
        <intercept-url pattern="/admin/**" access="hasAnyRole('admin')"></intercept-url>                                                                                                 
        <!-- <intercept-url pattern="/resources/**" access="permitAll"></intercept-url> -->
        <intercept-url pattern="/login" access="permitAll"></intercept-url>
        <intercept-url pattern="/logout" access="permitAll"></intercept-url>
        <intercept-url pattern="/**" access="permitAll"/>
        <intercept-url pattern="/main" access="permitAll"></intercept-url>
        <intercept-url pattern="/" access="permitAll"></intercept-url>
        <logout logout-url="/logout" logout-success-url="/login"></logout>
        <access-denied-handler error-page="/403"/>
    </http>
</beans:beans>

这是我的身份验证员：

package com.spring;

import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

public class SpringAuthenticationProvider implements AuthenticationProvider
{
    private static final Logger LOG = LoggerFactory.getLogger( SpringAuthenticationProvider.class );

    @Override
    public boolean supports( Class<? extends Object> authentication )
    {
        return true;
    }

    /*
    @Override
    public boolean supports(Class<? extends Object> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    } 
    */   

    @Override
    public Authentication authenticate( Authentication authentication ) throws AuthenticationException
    {
        String username = authentication.getName();
        String password = authentication.getCredentials().toString();
        List<GrantedAuthority> grants = new ArrayList<GrantedAuthority>();
        grants.add( new SimpleGrantedAuthority( "admin" ) );
        return new UsernamePasswordAuthenticationToken( username , "" , grants );
    }
}

Answer 1

解决方案是将登录页面更改为指向/ login并将之前的j_username / j_password更改为jsp中的用户名/密码

Spring / Spring安全版升级后没有调用Spring安全自定义Authenticator

1 个答案: