为我当前的springmvc添加spring安全性

时间:2012-07-02 19:46:46

标签: spring spring-mvc spring-security

对不起,我对Spring Security比较陌生。我有以下applicationContext.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.0.xsd
            http://www.springframework.org/schema/mvc 
            http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

    <!-- Activates various annotations to be detected in bean classes -->
    <context:annotation-config />

    <!-- Scans the classpath for annotated components that will be auto-registered as Spring beans.
     For example @Controller and @Service. Make sure to set the correct base-package-->
    <context:component-scan base-package="org.assessme.com" />

    <!-- Configures the annotation-driven Spring MVC Controller programming model.
    Note that, with Spring 3.0, this tag works in Servlet MVC only!  -->
    <mvc:annotation-driven /> 

</beans>

我正在关注......

的教程

http://static.springsource.org/spring-security/site/tutorial.html

我的问题是,我应该添加到现有的applicationContext.xml还是创建一个单独的XML文件?

我的web.xml如下...... 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring/root-context.xml</param-value>
  </context-param>
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>
</web-app>

我在教程中有点困惑,它指定了xml的context-param,但我已经声明了一个,我可以拥有更多的一个context-param吗?如果有人能让我了解一起使用springmvc和spring security的最佳方法,那就太好了,因为目前我发现很难“合并”xml文件。

谢谢,

2 个答案:

答案 0 :(得分:7)

您可以将安全配置放在单独的文件中,也可以与现有的应用程序上下文结合使用。如果要使用现有的应用程序上下文。您将默认命名空间保留为bean:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd">

      <security:http auto-config="true">
         <security:intercept-url pattern="/**" access="ROLE_USER" />
      </security:http>
   ...
</beans>

并且您必须为所有安全元素添加安全性前缀。

但是如果你在单独的文件中定义。优点是您可以将安全性作为默认命名空间,并省略安全性前缀,如下所示:

 <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

      <http auto-config='true'>
           <intercept-url pattern="/**" access="ROLE_USER" />
      </http>
      ...
</beans:beans>

常见的方法是定义文件名,如下所示:

 1)applicationContext.xml
 2)applicationContext-security.xml

并在你的web.xml中这样:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>

或以逗号或空格分隔的列表如下所示:

<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/applicationContext.xml /WEB-INF/applicationContext-security.xml</param-value>
</context-param>

Documentation: ContextLoader

Documentation: namespace config

答案 1 :(得分:0)

在您关注的教程中,它还使用:

<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>
       classpath:applicationContext-business.xml
       /WEB-INF/security-app-context.xml
   </param-value>
</context-param>

其中applicationContext-business.xml与您的root-context.xml相似。因此,您需要添加Spring安全配置文件的路径。并且,请记住还要包含web.xml中提到的安全过滤器。

相关问题
最新问题