我最近开始使用Spring开发一个项目。我第一次使用Spring。 在这个项目中,我被要求实现Java和XML Spring安全性。我开始寻找如何实现这一点,几乎没有成功。
How to implement Spring Security 4 with both XML and Java config
在这篇文章中,这个人设法实现它,但我试图做同样的事情,我得到: 创建名为'org.springframework.security.access.SecurityConfig'的bean时出错:bean的实例化失败;嵌套异常是org.springframework.beans.BeanInstantiationException:无法实例化[org.springframework.security.access.SecurityConfig]:找不到默认构造函数;嵌套异常是java.lang.NoSuchMethodException:org.springframework.security.access.SecurityConfig。()
查看错误,我得到的是基于Spring-Boot的解决方案,我没有使用。
也许我正在做一些非常错误的事情,但正如我所说,这是我第一次使用弹簧,所以我有点迷失。
这是我的AppConfig类:
@Configuration
@ComponentScan(basePackages = { "com.configuration" })
@PropertySource("classpath:application.properties")
public class AppConfig {
@Autowired
private Environment env;
@Bean
public JavaMailSenderImpl javaMailSenderImpl() {
final JavaMailSenderImpl mailSenderImpl = new JavaMailSenderImpl();
mailSenderImpl.setHost(env.getProperty("smtp.host"));
mailSenderImpl.setPort(env.getProperty("smtp.port", Integer.class));
mailSenderImpl.setUsername(env.getProperty("smtp.username"));
mailSenderImpl.setPassword(env.getProperty("smtp.password"));
final Properties javaMailProps = new Properties();
javaMailProps.put("mail.smtp.starttls.enable", Boolean.valueOf(env.getProperty("server.tls")));
javaMailProps.put("mail.smtp.auth", true);
mailSenderImpl.setJavaMailProperties(javaMailProps);
return mailSenderImpl;
}
@Bean
public CommonsMultipartResolver multipartResolver(){
CommonsMultipartResolver resolver=new CommonsMultipartResolver();
resolver.setDefaultEncoding("utf-8");
return resolver;
}
}
Java SpringSecutiry类:
@Configuration
@EnableWebSecurity
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("customUserDetailsService")
private UserDetailsService userDetailsService;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService);
authenticationManagerBuilder.authenticationProvider(customAuthenticationProvider());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider customAuthenticationProvider() {
DaoAuthenticationProvider customAuthenticationProvider = new CustomDaoAuthenticationProvider();
customAuthenticationProvider.setUserDetailsService(userDetailsService);
customAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return customAuthenticationProvider;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public CustomAuthenticationEntryPoint customAuthenticationEntryPoint(){
return new CustomAuthenticationEntryPoint();
}
@Bean
public CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler(){
return new CustomAuthenticationSuccessHandler();
}
@Bean
public CustomAuthenticationFailureHandler customAuthenticationFailureHandler(){
CustomAuthenticationFailureHandler customAuthenticationFailureHandler = new CustomAuthenticationFailureHandler();
customAuthenticationFailureHandler.setDefaultFailureUrl("/signin.html");
return customAuthenticationFailureHandler;
}
@Bean
public CustomLogoutSuccessHandler customLogoutSuccessHandler(){
return new CustomLogoutSuccessHandler();
}
@Bean
public CustomAccessDeniedHandler customAccessDeniedHandler(){
return new CustomAccessDeniedHandler();
}
@Bean
public CustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter() {
try {
CustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter = new CustomUsernamePasswordAuthenticationFilter();
customUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
customUsernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler());
customUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(customAuthenticationFailureHandler());
customUsernamePasswordAuthenticationFilter.setFilterProcessesUrl("/login");
customUsernamePasswordAuthenticationFilter.setUsernameParameter(IConstants.USERNAME_FIELD);
customUsernamePasswordAuthenticationFilter.setPasswordParameter(IConstants.PASSWORD_FIELD);
return customUsernamePasswordAuthenticationFilter;
} catch (Exception e) {
return null;
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/signin**").permitAll()
//.antMatchers("/dashboard**").hasRole("ROLE_USER")
.and().addFilterBefore(customUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.logout().permitAll().logoutSuccessUrl("/signin.html").deleteCookies("JSESSIONID").invalidateHttpSession(true).logoutSuccessHandler(customLogoutSuccessHandler())
.and().exceptionHandling().authenticationEntryPoint(customAuthenticationEntryPoint())
.accessDeniedHandler(customAccessDeniedHandler())
.and().formLogin().loginPage("/login")
.and().csrf().disable();
}
}
Spring安全性XML:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" >
<intercept-url pattern="/dashboard**" access="hasRole('ROLE_USER')" />
</http>
</beans:beans>
我尝试在web.xml文件中添加spring-security.xml声明,但它所做的只是说是springSecurity过滤器的双重声明,也尝试使用@Import注释,我得到的结果是完全忽略了Java文件,XML就是配置文件。
这里的目的是,我在Java文件中注释了“.antMatchers(”/ dashboard **“)。hasRole(”ROLE_USER“)”行并将其添加到XML中,以便我可以在那里添加任何匹配器在安全上实施。
感谢您提供任何帮助。