Question

我正在尝试将Spring Social引入Spring Security的现有Web应用程序。现有的Web应用程序使用XML配置，即：

<security:http  
    disable-url-rewriting="true"
    use-expressions="true"
    xmlns="http://www.springframework.org/schema/security">
    ...
    <intercept-url
        pattern="/w/configuration/**"
        access="hasRole ('ROLE_ADMIN')"/>
    ...
    <form-login
        login-page="/w/welcome"
        authentication-success-handler-ref="authSuccessHandler"
        authentication-failure-handler-ref="authFailureHandler"/>
    <logout logout-success-url="/w/welcome"/>
</security:http>

如何将SpringSocialConfigurer（）添加到配置中？关于Spring Social的所有文档都使用了我想要避免的基于Java的配置，例如：

@Override
protected void configure(HttpSecurity http) throws Exception
{
    http
        .formLogin()
            .loginPage("/signin")
            .loginProcessingUrl("/signin/authenticate")
            .failureUrl("/signin?param.error=bad_credentials")
        .and()
            .logout()
                .logoutUrl("/signout")
                .deleteCookies("JSESSIONID")
        .and()
            .apply(new SpringSocialConfigurer());
}

apply（）方法的XML等价物是什么？

Answer 1

在花了一些时间查看SpringSocialConfigurer的代码之后，这里有有些等效的XML配置：

<security:http  
    disable-url-rewriting="true"
    use-expressions="true"
    xmlns="http://www.springframework.org/schema/security">
    ...
    <intercept-url
        pattern="/w/configuration/**"
        access="hasRole ('ROLE_ADMIN')"/>
    ...
    <form-login
        login-page="/w/welcome"
        authentication-success-handler-ref="authSuccessHandler"
        authentication-failure-handler-ref="authFailureHandler"/>
    <logout logout-success-url="/w/welcome"/>

    <!-- Add a custom filter to handle Social media logins -->
    <custom-filter before="PRE_AUTH_FILTER" ref="socialAuthFilter"/>
</security:http>

<security:authentication-manager
    id="authenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <!-- Social Media sites as authentication provider -->
    <authentication-provider ref="socialAuthProvider"/>
</security:authentication-manager>

<!--
   Define the framework required for using Social Media sites
   as Authentication Providers.
 -->
<bean id="connectionFactoryLocator"
    class="org.springframework.social.security.SocialAuthenticationServiceRegistry">
    <property name="connectionFactories">
        <list>
            <bean class="org.springframework.social.facebook.connect.FacebookConnectionFactory">
                <constructor-arg value="${social.facebook.appId}" />
                <constructor-arg value="${social.facebook.appSecret}" />                
            </bean>
        </list>
    </property>
</bean>
<bean id="socialUsersConxRepo"
    class="org.springframework.social.connect.mem.InMemoryUsersConnectionRepository">
    <constructor-arg ref="connectionFactoryLocator"/>
</bean>
<bean id="socialUserIdSource"
    class="org.springframework.social.security.AuthenticationNameUserIdSource"/>
<bean id="socialAuthFilter"
    class="org.springframework.social.security.SocialAuthenticationFilter">
    <constructor-arg ref="authenticationManager"/>
    <constructor-arg ref="socialUserIdSource"/>
    <constructor-arg ref="socialUsersConxRepo"/>
    <constructor-arg ref="connectionFactoryLocator"/>
</bean>
<bean id="socialAuthProvider"
    class="org.springframework.social.security.SocialAuthenticationProvider">
    <constructor-arg ref="socialUsersConxRepo"/>

    <!-- application defined @Service -->
    <constructor-arg ref="socialGamerManager"/>
</bean>

应用程序员应该编写自己的“socialGamerManager”bean，它必须实现org.springframework.social.security.SocialUserDetailsService。可以更改“socialUsersConxRepo”bean以使用JDBC实现。

Spring Social和Spring Security使用XML配置

1 个答案: