Question

我在使用gradle配置Spring Web应用程序时遇到一些问题。摇篮：

    apply plugin: 'java'

sourceCompatibility = 1.7
version = '1.0'

repositories {
    mavenCentral()
}

configurations.all {
    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
        if (details.requested.group == 'org.springframework') {
            details.useVersion '4.0.1.RELEASE'
        }
    }
}

configurations {
    provided
}
sourceSets {
    main { compileClasspath += configurations.provided }
}

dependencies {
    testCompile group: 'junit', name: 'junit', version: '4.11'
    provided 'javax:javaee-web-api:7.0'
    compile 'org.springframework:spring-context:4.0.1.RELEASE'
    compile 'org.springframework:spring-webmvc:4.0.1.RELEASE'
    compile 'org.springframework.webflow:spring-webflow:2.3.2.RELEASE'
    compile 'org.springframework.data:spring-data-jpa:1.4.3.RELEASE'
    compile 'org.springframework.security:spring-security-web:3.2.0.RELEASE'
    compile 'org.springframework.security:spring-security-config:3.2.0.RELEASE'
    compile 'org.hibernate:hibernate-entitymanager:4.2.7.Final'
    compile 'mysql:mysql-connector-java:5.1.26'
    compile 'org.thymeleaf:thymeleaf-spring4:2.1.2.RELEASE'
    compile 'org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-dbcp:1.4_3'
}

我有SecurityConfiguration.java类包含：

package asd;

import asd.UserDetailsServiceAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
import org.springframework.web.servlet.support.RequestDataValueProcessor;

@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackageClasses = UserDetailsServiceAdapter.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public RequestDataValueProcessor requestDataValueProcessor() {
        return new CsrfRequestDataValueProcessor();
    }

    // @formatter:off
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/resources/**", "/signup").permitAll()
                .anyRequest().authenticated().and()
            .formLogin().and()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }
    // @formatter:on

    @Autowired
    public void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

}

我使用的是Intellij IDEA 13 Ultimate Edition。当我尝试编译我的应用程序时，我收到此错误：

java: cannot find symbol
symbol:   method loginPage(java.lang.String)
location: class org.springframework.security.config.annotation.web.builders.HttpSecurity

Answer 1

我重现了这个问题，并且更改配置顺序使编译工作正常：

     http
        .formLogin()
        .loginPage("/login")
        .permitAll()
     .and()
        .logout()
        .permitAll()
     .and()
        .authorizeRequests()
        .antMatchers("/resources/**", "/signup").permitAll()
        .anyRequest().authenticated();

另请参阅HttpSecurity的{{3}}，它有很多示例。

Answer 2

我建议您将其更改为更合适：

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/resources/**"); // Ignore static resources
}

@Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
            .antMatchers("/login/**", "/login").permitAll()
            .antMatchers("/**").authenticated()
        .and()
            .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/login")
                .defaultSuccessUrl("/")
                .failureUrl("/loginfailed").permitAll()
        .and()
            .logout()
                .deleteCookies("JSESSIONID")
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login")
}

带有Spring MVC 4.0.1.RELEASE的Spring Security 3.2

2 个答案: