我正在现有(旧)应用程序中使用SpringMVC开发REST API,并希望使用spring security配置pre-auth身份验证。但是我遇到了错误。
这里我要做的是使用REST API的特定上下文并将根上下文保留到旧应用程序。我希望仅对应用程序的REST API部分具有安全性。 (对于以../mobile/**开头的任何网址)
请找到我的Web.xml
<servlet>
<servlet-name>mobileDispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
<init-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>a.b.c.d.WebConfig</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>mobileDispatcher</servlet-name>
<url-pattern>/mobile/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.mobileDispatcher</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/mobile/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
请找我的安全配置类
@Configuration
@ImportResource( {"classpath:/spring-security.xml" })
public class SecurityConfig {}
我的spring-security.xml
<sec:http auto-config='true'>
<sec:intercept-url pattern="/mobile/**" access="ROLE_USER" />
</sec:http>
<beans:bean id="inMemoryAuthenticationUserDetailsService"
class="a.b.c.d.InMemoryAuthenticationUserDetailsService"/>
<beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<beans:bean id="preAuthenticatedAuthenticationProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService" ref="inMemoryAuthenticationUserDetailsService"/>
</beans:bean>
<beans:bean id="simpleAttributes2GrantedAuthoritiesMapper"
class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
<beans:property name="attributePrefix" value=""/>
</beans:bean>
<beans:bean id="webXmlMappableAttributesRetriever"
class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever"/>
<beans:bean id="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"
class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
<beans:property name="mappableRolesRetriever" ref="webXmlMappableAttributesRetriever"/>
<beans:property name="userRoles2GrantedAuthoritiesMapper" ref="simpleAttributes2GrantedAuthoritiesMapper"/>
</beans:bean>
<beans:bean id="preAuthFilter"
class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
<beans:property name="authenticationManager" ref="appControlAuthenticationManager"/>
<beans:property name="authenticationDetailsSource"
ref="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"/>
</beans:bean>
<sec:authentication-manager alias="appControlAuthenticationManager">
<sec:authentication-provider ref="preAuthenticatedAuthenticationProvider"/>
</sec:authentication-manager>
这个问题可能是什么原因?在堆栈溢出中经历类似的问题之后,感觉我必须将安全上下文放到根上下文中,但我不想触及现有应用程序使用的根上下文。
答案 0 :(得分:0)
上面的配置没有任何问题,我在导入spring-security.xml的另一个Config文件中意外地出现了这个问题。所以spring-security.xml已经导入了两次。一旦我删除它一切都完美。