Spring迁移问题到版本4.x.

时间:2015-07-19 14:04:29

标签: spring spring-mvc spring-security

我有这个调度程序servlet.xml 

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd">  

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix">
            <value>/WEB-INF/pages/</value>
        </property>
        <property name="suffix">
            <value>.jsp</value>
        </property>
    </bean>

</beans>

的applicationContext.xml 

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:task="http://www.springframework.org/schema/task"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd        
        http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd">

    <context:component-scan base-package="com.mkyong.*,com.mobapp.security.Login.handlers" />
    <mvc:annotation-driven />
    <mvc:resources mapping="/resources/**" location="/resources/" cache-period="31556926"/>    
    <import resource="ConfigFiles/Security.xml"/>

的security.xml 

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <http>
        <form-login
            username-parameter="username"
            password-parameter="password" />        
    </http>

    <beans:bean id="pwdEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
        <beans:constructor-arg name="strength" value="11" />
    </beans:bean>
    <beans:bean id="appUserDetailService" class="com.mobapp.security.AppUserDetailService"></beans:bean>

    <authentication-manager>
        <authentication-provider user-service-ref="appUserDetailService">
            <password-encoder ref="pwdEncoder"/>
        </authentication-provider>
    </authentication-manager>        

</beans:beans>

以下是/login 

@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
        @RequestParam(value = "logout", required = false) String logout) {

    ModelAndView model = new ModelAndView();
    if (error != null) {
        model.addObject("error", "Invalid username and password!");
    }

    if (logout != null) {
        model.addObject("msg", "You've been logged out successfully.");
    }
    model.setViewName("login");

    return model;

}

如果我使用

<spring.version>3.2.8.RELEASE</spring.version>
<spring.security.version>3.2.3.RELEASE</spring.security.version>

一切运作良好

但我用

 <spring.version>4.1.7.RELEASE</spring.version>  
 <spring.security.version>4.0.1.RELEASE</spring.security.version>

并尝试访问/login它显示spring默认登录表单而不是我自己的custom loginf表单

1 个答案:

答案 0 :(得分:2)

Spring Security并不像你想象的那样工作!该框架基本上提供了一个名为DelegatingFilterProxy的过滤器链,并根据配置的(默认的100)过滤器顺序(一个非常基本的用例,它是巨大的:)来将它嵌入到ApplicationFilterChain中。)

但它非常可配置! (感谢开发团队)

您的控制器方法没有被执行,因为过滤器链在版本4+中使用默认登录URL作为/ login(在3.x中它曾经是其他东西,不再记住它;))。每当您尝试访问/ login URL时,它都会被过滤器链拦截,当您要求提供默认登录页面时,它会生成并提供给您(这是预期的行为)。您的配置过去只使用3.x因为这个原因(您试图点击一个只允许匿名访问的URL)。换句话说,你曾经做过(在3.x中)Spring安全可以开箱即用的东西;自己。

如果您希望使用与默认URL不同的URL,则需要在元素中明确设置它。例如,

   <form-login login-page="/custom_login_url"
        default-target-url="/"
        login-processing-url="/auth"
        authentication-failure-url="/custom_login_url?login=failed"
        username-parameter="username_param"
        password-parameter="password_param"
        always-use-default-target="false"/>

使用这种配置,您可以强制Spring安全性在调度程序上下文中查找登录URL。您的配置URL /登录可能仍未触及自定义登录操作。但是您可以使用login.jsp(基于您的视图解析器和控制器模型视图,您的登录页面是login.jsp)作为您的登录页面,如示例所示,Spring安全性将负责其余部分。

您可能需要参考此 migration doc from 3.x to 4.x (NS config)以获取更多见解和帮助。

相关问题
最新问题