使用spring security来保护我的RESt WebService
我有一个用途
此类org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<security:http entry-point-ref="restAuthenticationEntryPoint">
<security:intercept-url pattern="/api/admin/**" access="ROLE_ADMIN"/>
<security:custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/>
</security:http>
<bean id="mydataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url"
value="jdbc:mysql://127.0.0.1:3306/VconfGwDb?autoReconnect=true" />
<property name="username" value="***" />
<property name="password" value="****" />
<property name="validationQuery" value="Select 1"></property>
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="mydataSource" />
<property name="annotatedClasses">
<list>
<value>com.alpha.vconf.model.Participation</value>
<value>com.alpha.vconf.model.ParticipationId</value>
<value>com.**.**.model.***</value>
<value>com.**.*.model.**</value>
<value>com.***.**.model.**</value>
<value>com.**.**.model.***</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="dialect">org.hibernate.dialect.MySQLDialect</prop>
</props>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<bean id="myFilter" class=
"org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
</bean>
<bean id="mySuccessHandler"
class="org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="temporary" password="temporary" authorities="****"/>
<security:user name="***" password="***" authorities="***"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<tx:annotation-driven transaction-manager="transactionManager" />
<context:annotation-config />
<context:component-scan base-package="com.***.***"></context:component-scan>
</beans>
所以问题是: - 类'org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler'没有 我发现如何解决这个问题
答案 0 :(得分:1)
org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler必须位于WEB-INF/classes或WEB-INF/lib中的JAR中,但我想您知道这一点。你得到的例外是什么?请注意,NoClassDefFoundError和ClassNotFoundException之间存在差异。
修改
无论如何,您的成功处理程序必须是org.springframework.security.web.authentication.AuthenticationSuccessHandler的实现。您要么提供自己的(将不明确的com.rest.yadayada类名称更改为您班级的名称)或删除此行
<property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
使用默认成功处理程序。