我尝试使用JavaConfig实现Spring Security 4,但我不知道如何在已经实现的XML配置中使用它。
我有如下SecurityConfig类:
package com.wirecard.attendapp.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@ImportResource({ "classpath:root-context.xml" })
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
ApplicationContext context = new ClassPathXmlApplicationContext("root-context.xml");
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().hasRole("USER").and().formLogin().loginPage("/login").permitAll().and()
.logout().permitAll();
}
}
并清空SecurityInitializer类:
package com.wirecard.attendapp.security;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
在我的root-context.xml中,我试图添加它,但它不起作用:
<beans>
<!-- first, define your individual @Configuration classes as beans -->
<bean class="com.wirecard.attendapp.security.SecurityConfig"/>
<!-- be sure to include the JavaConfig bean post-processor -->
<bean class="org.springframework.config.java.process.ConfigurationPostProcessor"/>
在我的web.xml中,我有这个:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
</param-value>
</context-param>
我该如何使用它才能正常工作?现在它无法从我的应用加载任何页面。提前致谢。
答案 0 :(得分:0)
root-context.xml SecurityInitializer确实需要引用安全性config:
package org.springframework.security.samples.config;
import org.springframework.security.web.context.*;
public class SecurityWebApplicationInitializer
extends AbstractSecurityWebApplicationInitializer {
public SecurityWebApplicationInitializer() {
super(SecurityConfig.class);
}
}
root-context.xml不需要引用安全配置 - 将其删除