在Spring Security 3.1中使用Spring MVC 3.2
目标容器是JBoss 4(不要问)所以servlet API仍然是2.4。在测试Spring安全性配置时,它是用XML编写的,并带有许多其他东西进入web.xml。以为我会编写一个较小的JUnit测试平台来模拟基本请求并调用Spring安全检查身份验证。在将其集成到项目的其余部分之前,Idea是帮助其他开发人员测试安全配置。
无论如何,如果我没有在安全XML中定义身份验证管理器,我会得到:
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add a gobal <authentication-manager> element to your configuration (with child <authentication-provider> elements)? Alternatively you can use the authentication-manager-ref attribute on your <http> and <global-method-security> elements.
我的JUnit测试类看起来像这样:
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = {LdapSecurityTest.WebAppConfig.class,
LdapSecurityTest.WebSecurityConfig.class})
public class LdapSecurityTest {
@Controller
public static class DummyController {
@RequestMapping(value = "/blankettservice/admin/test", method = RequestMethod.GET)
@ResponseBody
public String hello() {
return "hello world";
}
}
@EnableWebMvc
@Configuration
@ComponentScan("se.bolagsverket.insidan.web.common")
public static class WebAppConfig {
}
@Configuration
@ImportResource({"classpath:applicationContext-security.xml"})
public static class WebSecurityConfig {
@Autowired
private List<AuthenticationProvider> providers;
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(providers);
}
}
public class SpringInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
AnnotationConfigWebApplicationContext ctx =
new AnnotationConfigWebApplicationContext();
ServletRegistration.Dynamic dispatcher =
servletContext.addServlet("dispatcher", new DispatcherServlet(
ctx));
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
servletContext.addFilter("springSecurityFilterChain",
new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/*");
}
}
@Resource
private WebApplicationContext context;
@Test
public void initialize() throws Exception {
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken("user", "password"));
MockMvc mvc = webAppContextSetup(context).build();
mvc.perform(get("/blankettservice/admin/test")).andExpect(status().isOk())
.andExpect(content().string("hello world"));
;
}
}
为了清楚起见,applicationContext-security看起来像:
<http>
<intercept-url pattern="/**/blankettservice/admin/**"
access="ROLE_BLANKETTSERVICE_ADMIN" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<http-basic />
<anonymous />
</http>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://server:port" />
<beans:property name="userDn" value="..." />
<beans:property name="password" value="..." />
</beans:bean>
<beans:bean id="bvLdapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider>
....
</beans:bean>
使用 bvLdapAuthProvider 提供程序填充创建的ProviderManager bean。
答案 0 :(得分:0)
在我们的LDAP配置(Spring Security 3)中,我们使用此配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd">
...
<security:authentication-manager>
<security:ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>
</security:authentication-manager>
<security:ldap-server url="ldap://localhost:10389/dc=example,dc=com" />
...
希望它对你有所帮助。