我正在开发使用Spring(MVC),Hibernate,Spring Security和ZK作为前端的Web应用程序。我正在使用所有库的最新版本(3.1.2 Spring,3.1.3 Spring Security,4.1.7 Hibernate),我遇到了国际化问题(i18n)。我将在配置后进入细节(仅限相关部分):
的web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml /WEB-INF/spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>zkLoader</servlet-name>
<servlet-class>org.zkoss.zk.ui.http.DHtmlLayoutServlet</servlet-class>
<init-param>
<param-name>update-uri</param-name>
<param-value>/zkau</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>auEngine</servlet-name>
<servlet-class>org.zkoss.zk.au.http.DHtmlUpdateServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>zkLoader</servlet-name>
<url-pattern>*.zul</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>auEngine</servlet-name>
<url-pattern>/zkau/*</url-pattern>
</servlet-mapping>
<listener>
<description>ZK JSP Tags environment initiation </description>
<display-name>ZK JSP Initiator</display-name>
<listener-class>org.zkoss.jsp.spec.JspFactoryContextListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class> org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
servlet的上下文
<beans:bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<beans:property name="defaultLocale" value="hr" />
</beans:bean>
<interceptors>
<beans:bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<beans:property name="paramName" value="lang" />
</beans:bean>
</interceptors>
<beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:message" />
</beans:bean>
弹簧security.xml文件:
<http pattern="/resources/**" security="none" />
<http auto-config="true">
<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/" authentication-failure-url="/loginfailed" />
</http>
根context.xml中:
这里没有任何问题,只有数据源定义,sessionfactory和bean声明。
现在解决问题:
我有两个文件:message_en.properties和message_hr.properties,它们都位于src / main / resources目录中。我使用“Spring模板项目”创建了这个项目,然后选择了“Spring MVC项目”(使用STS 2.9.2)。我已经阅读了有关如何自定义Spring Security消息的信息,而那些需要被覆盖的消息放在message.properties文件中,并附带自定义消息。我用来测试的是:
spring-security-core.jar中的原始消息 AbstractUserDetailsAuthenticationProvider.badCredentials =错误凭据
在message_en.properties中重写:
AbstractUserDetailsAuthenticationProvider.badCredentials =无效的用户名或密码
在message_hr.properties中重写:
AbstractUserDetailsAuthenticationProvider.badCredentials = Bla Bla Bla
情景1:
如果我将上述所有内容保留在配置文件中,在url栏中更改lang参数,或者只需单击登录页面中的链接,就可以正确读取自定义message_xx.properties中的所有消息,但SS的除外。因此,我没有给我“无效的用户名或密码”或“Bla Bla Bla”,而是获得了“不良凭证”。
情景2:
如果我将messageSource bean从servlet-context.xml移动到spring-security.xml,它会加载正确的错误消息,但无论设置什么语言环境,它总是读取“Bla Bla Bla”。即使我更改了localeChangeInterceptor bean的lang参数,也会发生这种情况。
我想在这里做些什么来使这项工作正常进行?
忘记提及: 为了获得Spring Security消息,我在jsp页面中使用它
$ {sessionScope [ “SPRING_SECURITY_LAST_EXCEPTION”]。消息}
答案 0 :(得分:4)
遇到同样的问题。阅读this from Spring Security i18n后,我创建了一个过滤器:
此过滤器必须出现在spring.xml中的springSecurityFilterChain的过滤映射之前。这样,当spring-security调用LocaleContextHolder.getLocale()时,它会检索正确的。在您的情况下,您可以从会话中检索语言环境,因为您使用的是org.springframework.web.servlet.i18n.SessionLocaleResolver。
在spring context xml文件中(你仍然可以使用SessionLocaleResolver):
<!-- Saves a locale change using a cookie -->
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver" />
Java过滤器代码(重要的一行是LocaleContextHolder.setLocale,因为spring-security使用了LocaleContextHolder.getLocale):
package com.xyz;
import java.io.IOException;
import java.util.Locale;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.web.servlet.i18n.CookieLocaleResolver;
import org.springframework.web.util.WebUtils;
/**
* Transfert the value of user Locale into LocaleContextHolder which is used by spring-security
*/
public class FilterI18nCookie implements Filter {
private static final Logger LOG = LoggerFactory.getLogger(FiltreI18nCookie.class);
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest pRequest, ServletResponse pResponse, FilterChain pFilterChain) throws IOException, ServletException {
if (!(pRequest instanceof HttpServletRequest)) {
pFilterChain.doFilter(pRequest, pResponse);
return;
}
HttpServletRequest request = (HttpServletRequest) pRequest;
Cookie cookie = WebUtils.getCookie(request, CookieLocaleResolver.LOCALE_REQUEST_ATTRIBUTE_NAME);
if (cookie != null) {
Locale locale = org.springframework.util.StringUtils.parseLocaleString(cookie.getValue());
if (locale != null) {
LOG.info("Locale cookie: [" + cookie.getValue() + "] == '" + locale + "'");
request.setAttribute(CookieLocaleResolver.LOCALE_REQUEST_ATTRIBUTE_NAME, locale);
LocaleContextHolder.setLocale(locale, true);
}
}
pFilterChain.doFilter(pRequest, pResponse);
}
/**
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig filterConfig) throws ServletException {
}
/**
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
}
}
在web.xml文件中(springSecurityFilterChain之前的自定义过滤器FilterI18nCookie appreas的过滤器映射定义):
<filter>
<filter-name>FilterI18nCookie</filter-name>
<filter-class>com.xyz.FilterI18nCookie</filter-class>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<filter-mapping>
<filter-name>FilterI18nCookie</filter-name>
<url-pattern>/ *</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/ *</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
答案 1 :(得分:0)
根据A.Masson的建议,我做了一些更改,以支持任何类型的LocalResolver实现。
/**
* Transfert the value of user Locale into LocaleContextHolder which is used by spring-security
*/
public class FilterI18nSpringSecurity implements Filter {
private static final Logger LOG = LoggerFactory.getLogger(FilterI18nSpringSecurity.class);
private WebApplicationContext springContext;
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest pRequest, ServletResponse pResponse, FilterChain pFilterChain) throws IOException, ServletException {
if (!(pRequest instanceof HttpServletRequest)) {
pFilterChain.doFilter(pRequest, pResponse);
return;
}
LocaleResolver bean = springContext.getBean(LocaleResolver.class);
Locale locale = bean.resolveLocale((HttpServletRequest) pRequest);
LOG.info("Locale -> " + locale);
LocaleContextHolder.setLocale(locale, true);
pFilterChain.doFilter(pRequest, pResponse);
}
/**
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig filterConfig) throws ServletException {
springContext = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());
}
/**
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
}
}
修改: 以前的方法在某些情况下不起作用。我改变了这个,改善了行为。 我使用Spring异常类名作为消息键,因此我可以在当前属性文件中映射这些消息。 (我的模板引擎是百里香)
在页面中:
<th:block th:if="${session.SPRING_SECURITY_LAST_EXCEPTION != null && param.error != null}">
<div th:replace="fragments/alert :: alert (type='danger', message=#{${session.SPRING_SECURITY_LAST_EXCEPTION.class.name}})">Alert</div>
</th:block>
messages.properties:
org.springframework.security.authentication.BadCredentialsException=Usuario o contraseña...
org.springframework.security.authentication.LockedException=Usuario bloqueado
org.springframework.security.authentication.DisabledException=El usuario está deshabilitado