我正在创建一个OAuth授权服务器,它使用Spring Security作为我的servlet部分的安全层。其中一个重要部分是使用DelegatingFilterProxy映射到 springSecurityFilterChain bean,这需要WebApplicationContext个实例。
标准解决方案是包含ContextLoaderListener及其关联的 contextConfigLocation 配置。但这需要为根WebApplicationContext创建一个单独的配置,在我看来不必要地使事情变得复杂。
根据Spring MVC文档,每个DispatcherServlet都有自己的WebApplicationContext实例。更重要的是,通过仔细阅读DelegatingFilterProxy的代码,应该可以在构建时注入WebApplicationContext实例。
所以我的问题是:我可以将DispatcherServlet WebApplicationContext设置为DelegatingFilterProxy的实例吗?
以下是我目前的相关配置:
的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<!-- Enable Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>oauth</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/servlet.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>oauth</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
servlet.xml中:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<mvc:annotation-driven/>
<!-- ... Spring MVC config ... -->
<!-- Spring Security OAuth Config -->
<security:global-method-security pre-post-annotations="enabled" />
<oauth:authorization-server client-details-service-ref="clientDetails"
token-services-ref="tokenServices"
token-endpoint-url="/api/token">
<oauth:refresh-token/>
<oauth:client-credentials/>
</oauth:authorization-server>
<!-- ... loads more OAuth config ... -->
</beans>
答案 0 :(得分:2)
DispatcherServlet(正如FrameworkServlet的任何子类)将使用attribure名称WebApplicationContext在ServletContext中发布其org.springframework.web.servlet.FrameworkServlet.CONTEXT.<servlet-name>。
同时,DelegatingFilterProxy可以通过设置WebApplicationContext参数来告知不要使用根ServletContext,而是另一个存储在contextAttribute中。
在您的情况下,所需的配置将是:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.oauth </param-value>
</init-param>
</filter>
详细了解DelegatingFilterProxy如何在findWebApplicationContext()的javadoc中查找WebApplicationContext。