我试图使用java配置将spring security放入我的spring mvc项目中,但是,我仍然可以在没有任何Spring安全拦截的情况下访问所有页面。有人可以帮忙吗?谢谢。 (我使用的是weblogic 12c)
pom.xml的一部分
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
WebAppInitializer.java
package com.home.config;
public class WebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) throws ServletException {
AnnotationConfigWebApplicationContext rootCtx = new AnnotationConfigWebApplicationContext();
rootCtx.register(HomeConfig.class);
container.addListener(new ContextLoaderListener(rootCtx));
container.setInitParameter("defaultHtmlEscape", "true");
AnnotationConfigWebApplicationContext webCtx = new AnnotationConfigWebApplicationContext();
webCtx.register(WebConfig.class);
ServletRegistration.Dynamic servlet = container.addServlet(
"spring-dispatcher", new DispatcherServlet(webCtx));
servlet.setLoadOnStartup(1);
servlet.addMapping("/");
}
}
WebConfig.java
package com.home.config;
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "com.home.controllers", "com.home.websecurity" })
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
resolver.setExposeContextBeansAsAttributes(true);
return resolver;
}
// Configure static content handling
@Override
public void configureDefaultServletHandling(
DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
SecurityConfig.java
package com.home.websecurity;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("abc123")
.roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("root123")
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin()
.and().httpBasic();
}
}
SecurityWebInitializer.java
package com.home.websecurity;
public class SecurityWebInitializer extends
AbstractSecurityWebApplicationInitializer {
}
答案 0 :(得分:0)
我花了很长时间尝试让Spring 4与Weblogic 12c一起工作。在这种情况下,对我来说有用的是将以下代码添加到WebAppInitializer类中的onStartup()方法中:
Dynamic registration = context.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.ASYNC);
registration.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
并摆脱SecurityWebInitializer类。我还必须将安全配置显式导入到根配置类。