我在设置Spring Security时遇到问题。 首先,我有一个Configuration类,如下所示:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
@ComponentScan("com.boardviewer")
public class BoardviewerConfiguration extends WebSecurityConfigurerAdapter {
@Inject
private BoardviewerSecurityService boardviewerSecurityService;
@Bean
public InternalResourceViewResolver internalResourceViewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/pages/");
resolver.setSuffix(".jsp");
return resolver;
}
@Bean /* The "${props} can now be parsed before runtime with this bean declaration */
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
/* Spring Sec */
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
dao.setUserDetailsService(boardviewerSecurityService);
return dao;
}
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
list.add(daoAuthenticationProvider());
return new ProviderManager(list);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
auth.authenticationProvider(daoAuthenticationProvider());
auth.userDetailsService(boardviewerSecurityService);
}
}
基本上一些基本的WebSecurity配置...... 我没有收到任何错误,但我可以正常浏览网站,没有任何限制。
例如,我有一个带@PreAuthorize注释的控制器,我直接通过它。
我正在运行Spring Security 3.2.0 RC2以便能够获得注释配置......但到目前为止还没有运气。
是否需要在web.xml中添加其他配置?或者我错过了什么? 有人得到一个有效的Spring Security注释配置示例吗?
另外,我正在使用hibernate来获取用户帐户等,而我的boardviewerSecurityService
看起来像这样:
@Service
public class BoardviewerSecurityService implements UserDetailsService {
@Inject
private UserDAO userDAO;
@Inject
private BoardviewerTransformer transformer;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
User u = userDAO.getByUsername(s);
if(u == null) {
throw new UsernameNotFoundException("Couldn't find a user with that username");
} else {
return transformer.userToSpringUser(u);
}
}
}
变换器只是将实体重新映射到Spring UserDetails User
对象(org.springframework.security.core.userdetails.User
)
我错过了什么吗? (设置登录页面和网址拦截器的一部分?我以为我不需要那些因为我只想控制类/方法级别的访问)
非常感谢任何帮助!
此致