不久前,Spring为Spring Security模块提供了一个基于java的配置。我尝试从XML迁移到Java配置。 这是我的测试项目:https://github.com/Fruzenshtein/security-spr
pom.xml已更新:
spring.version = 3.2.4.RELEASE spring.security.version = 3.1.4.RELEASE
...
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-javaconfig</artifactId>
<version>1.0.0.M1</version>
</dependency>
...
<repository>
<id>repository.springsource.milestone</id>
<name>SpringSource Milestone Repository</name>
<url>http://repo.springsource.org/milestone</url>
</repository>
然后我添加了一个新的java配置类而不是spring-security.xml
package com.sprsec.init;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import com.sprsec.service.CustomUserDetailsService;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.userDetailsService(new CustomUserDetailsService())
.authorizeUrls()
.antMatchers("/sec/moderation.html").hasRole("MODERATOR")
.antMatchers("/admin/**").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/user-login.html")
.defaultSuccessUrl("/success-login.html")
.failureUrl("/error-login.html")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/index.html");
}
}
之后我将Initializaer.class改为:
package com.sprsec.init;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
public class Initializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { WebAppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebAppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
注:
当我尝试在服务器上运行应用程序时,我得到:
严重:上下文初始化失败 org.springframework.beans.factory.BeanCreationException:创建名为'webAppConfig'的bean时出错:bean的初始化失败;嵌套异常是org.springframework.beans.factory.BeanCreationException:在类路径资源[org / springframework / transaction / annotation / ProxyTransactionManagementConfiguration.class]中定义名称为'org.springframework.transaction.config.internalTransactionAdvisor'的bean创建错误:实例化豆子失败了;嵌套异常是org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法[public org.springframework.transaction.interceptor.BeanFactoryTransactionAttributeSourceAdvisor org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration.transactionAdvisor()]引发异常;嵌套异常是java.lang.NoSuchMethodError:org.springframework.transaction.interceptor.BeanFactoryTransactionAttributeSourceAdvisor.setAdvice(Lorg / aopalliance / aop / Advice;)V
有人可以提出建议吗?
答案 0 :(得分:0)
您可能遇到了一些依赖冲突。运行maven dependency:tree
以确定使用哪些依赖项并查找冲突的依赖项。使用maven-enforcer-plugin也可能有所帮助。
查看您正在使用Spring 3.1.3的示例项目以及Spring Security的示例项目,您希望具有弹簧和弹簧安全性的单独属性。
<properties>
<hibernate.version>4.1.7.Final</hibernate.version>
<mysql.connector.version>5.1.21</mysql.connector.version>
<slf4j.version>1.6.6</slf4j.version>
<spring.version>3.2.4.RELEASE</spring.version>
<spring.security.version>3.1.4.RELEASE<spring.security.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
至于Spring Security,你可能想尝试新的3.2.0.RC1,因为它已经包含了带有改进和一些便利超类的新的spring security javaconfig。
关于你的配置的最后一点,因为它有缺陷,你正在复制你的bean实例,因为你加载了相同的配置两次(复制整个配置),ContextLoaderListener
和DispatcherServlet
使用配置WebAppConfig
。这可能会有效地使您的安全无用。
提交了一个pull request,它可以为您提供有关如何解决手头问题的一些建议。