我的WEB-INF/web.xml执行以下操作 -
1)加载我的servlet上下文 - WEB-INF/spring-web-servlet.xml
2)加载我的spring安全配置文件 - WEB-INF/spring-security.xml
3)添加springSecurityFilterChain过滤器以拦截传入的网址
web.xml <!-- Load spring-web-service.xml Servlet Definition -->
<servlet>
<servlet-name>spring-web</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<!-- Programmatically add the property sources for the current Spring Profile -->
<init-param>
<param-name>contextInitializerClasses</param-name>
<param-value>com.galapagos.context.CustomEnvironmentApplicationContextInitializer</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring-web</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Loads Spring Security config file -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml</param-value>
</context-param>
<!-- Spring Security - Intercept incoming requests for authentication -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-web-servlet.xml servlet上下文实际上定义了连接到我的数据库的dataSource bean(它还预先加载了属性)
...
<!-- Load Properties -->
<beans:bean
class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer">
</beans:bean>
<!-- Database / JDBC -->
<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<beans:property name="driverClassName" value="${jdbc.driverClassName}" />
<beans:property name="url" value="${jdbc.url}" />
<beans:property name="username" value="${jdbc.username}" />
<beans:property name="password" value="${jdbc.password}" />
</beans:bean>
...
spring-security.xml 问题是web.xml调用的第二个文件(我的WEB-INF/spring-security.xml文件)也使用数据库连接,因为它查找存储在数据库中的角色和凭据
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/"
authentication-failure-url="/login?error"
username-parameter="email"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="SELECT email, password FROM users WHERE email=?"
authorities-by-username-query="SELECT email, role FROM user_roles WHERE email=?" />
</authentication-provider>
</authentication-manager>
跑步时我得到错误 -
Cannot resolve reference to bean 'dataSource' while setting bean property 'dataSource'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'dataSource' is defined
我最好的猜测是因为dataSource是在第一个XML配置(WEB-INF/spring-web-servlet.xml)中定义的,它不适用于后者(WEB-INF/spring-security.xml)
这是对的吗?
如果是这样,定义dataSource bean的最佳方法是什么,以便所有单个XML文件可以根据需要调用它?我想我可能会在某些时候添加其他几个也需要DB访问的组件。
谢谢!
答案 0 :(得分:0)
在web.xml中尝试更改此
contextConfigLocation的 /WEB-INF/spring-security.xml,WEB-INF / spring-web-servlet.xml 这会对你有所帮助。