如何在没有XML文件的情况下配置Spring ACL

时间:2014-10-10 05:20:10

标签: spring spring-mvc configuration spring-security acl

我正在尝试将ACL功能添加到我的服务器。我已经使用java文件配置了spring security,并希望以相同的方式添加ACL。我该怎么办?我发现的所有教程都使用了XML文件。

SecurityInit: 

@Order(1)
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}

SecurityConfig 

@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
@Component
@ComponentScan(basePackages = {"test.package"})
public class SecurityConfig extends 

WebSecurityConfigurerAdapter {

...
    @Autowired
    protected void registerAuthentication(UserDetailsService userDetailsService, AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

//  http://stackoverflow.com/a/21100458/162345
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .headers().disable()
                .addFilterBefore(...)
                .addFilterBefore(...)

//                TODO: create a better way to differentiate login to signup
                .exceptionHandling()
                    .authenticationEntryPoint(noRedirectForAnonymous)
                    .and()

                .formLogin()
                    .successHandler(restAuthenticationSuccessHandler)
                    .failureHandler(restAuthenticationFailureHandler)
                    .and()

                .logout()
                    .logoutSuccessHandler(noRedirectLogoutSuccessHandler)
                    .and()

                .authorizeRequests()
                    .antMatchers("/api/keywords/**").permitAll()
                    .antMatchers("/api/**").authenticated();
    }
}

2 个答案:

答案 0 :(得分:13)

您可以使用Java配置类配置spring acl,如下所示

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class ACLConfig extends GlobalMethodSecurityConfiguration {

@Autowired
DataSource dataSource;

EhCacheBasedAclCache aclCache() {
    EhCacheFactoryBean factoryBean = new EhCacheFactoryBean();
    EhCacheManagerFactoryBean cacheManager = new EhCacheManagerFactoryBean();

    factoryBean.setName("aclCache");
    factoryBean.setCacheManager(cacheManager.getObject());
    return new EhCacheBasedAclCache(factoryBean.getObject());
}


LookupStrategy lookupStrategy() {
    return new BasicLookupStrategy(dataSource, aclCache(), aclAuthorizationStrategy(), new ConsoleAuditLogger());
}


AclAuthorizationStrategy aclAuthorizationStrategy() {
    return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ACL_ADMIN"),
        new SimpleGrantedAuthority("ROLE_ACL_ADMIN"),
        new SimpleGrantedAuthority("ROLE_ACL_ADMIN"));
}

@Bean
JdbcMutableAclService aclService() {
    JdbcMutableAclService service = new JdbcMutableAclService(dataSource, lookupStrategy(), aclCache());
    service.setClassIdentityQuery("select currval(pg_get_serial_sequence('acl_class', 'id'))");
    service.setSidIdentityQuery("select currval(pg_get_serial_sequence('acl_sid', 'id'))");
    return service;
}

@Bean
AclMasterService masterService() {
    return new AclMasterService();
}

@Override
protected MethodSecurityExpressionHandler createExpressionHandler(){
    DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
    expressionHandler.setPermissionEvaluator(new AclPermissionEvaluator(aclService()));
    return expressionHandler;
}
}

配置的重要方面是

  

GlobalMethodSecurityConfiguration

覆盖方法

  

createExpressionHandler

并在课程开始时使用跟随的anotation启用Pre和Post anotations

  

@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled =   真)

现在您可以使用

等语言
  

@PreAuthorize( '调用hasPermission(#对象,读)')

有关@Pre和@Post anotations的更多用法,请参阅Spring Security的Contact示例或spring security reference guide。 此配置类在Spring 4,Spring Security 4.0.1和Spring Security ACL 3.1.2上进行了测试。如果要配置身份验证,可以使用其他Java类或从中覆盖configure方法。如果您已经配置了ehcache,则由于ehcache是​​一个单独的类,此配置无法正常工作,并且此配置会尝试创建一个新配置。

答案 1 :(得分:-5)

没有xml文件就无法配置spring acl。这在春季文档本身中提到。参见spring文档。

相关问题
最新问题