在过去的Spring项目中,当我通过Java配置类配置Spring Security时,将添加此方法以配置网页中的安全性:
@Override
public void configure(WebSecurity web) throws Exception {
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setPermissionEvaluator(permissionEvaluator);
web.expressionHandler(handler);
}
配置类是WebSecurityConfigurerAdapter
的子类。
在我最近的项目中,我使用的是XML配置,但我没有找到如何使用XML配置同一主题。有人可以暗示如何做到这一点吗?
ps。:我目前的Spring Security XML配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<security:http pattern="/" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/js/**" security="none"></security:http>
<security:http pattern="/c/**" security="none"></security:http>
<security:http pattern="/p/**" security="none"></security:http>
<security:http pattern="/page/**" security="none"></security:http>
<security:http use-expressions="true" auto-config="true">
<security:form-login login-page="/signin"
login-processing-url="/login" username-parameter="login"
password-parameter="senha" default-target-url="/"
always-use-default-target="true" />
<security:logout logout-url="/logout"
delete-cookies='JSESSIONID' logout-success-url="/" />
<security:remember-me key="remember-me"
remember-me-parameter="remember-me" remember-me-cookie="remember-me" />
<security:csrf disabled="true" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="dataSource"></property>
<property name="usersByUsernameQuery" value="select login, senha, enabled from usuario where login = ?"></property>
<property name="authoritiesByUsernameQuery" value="SELECT t1.username, t2.authority FROM (SELECT u.login as username, c.nome as credencial FROM usuario u, usuario_credencial uc, credencial c WHERE u.id = uc.usuario_id and c.id = uc.credenciais_id) as t1 INNER JOIN (SELECT c.nome as credencial, a.nome as authority FROM credencial c, credencial_autorizacao ca, autorizacao a WHERE c.id = ca.credencial_id and a.id = ca.autorizacoes_id) as t2 ON t1.credencial = t2.credencial WHERE t1.username = ?;"></property>
</bean>
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<constructor-arg name="strength" value="4"></constructor-arg></bean>
<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="permissionEvaluator"></property></bean>
<bean id="permissionEvaluator" class="org.kleber.MyPermissionEvaluator"></bean>
</beans>
答案 0 :(得分:0)
41.1.20&lt; expression-handler&gt;
定义在启用基于表达式的访问控制时将使用的
SecurityExpressionHandler
实例。如果没有提供,将使用默认实现(没有ACL支持)。&lt; expression-handler&gt;
的父元素
- global-method-security
- http
- websocket-message-broker
<强>&LT;表达处理程序&GT;属性强>
- ref 定义对实现
SecurityExpressionHandler
的Spring bean的引用。