在Spring Boot中使用web.xml安全性约束

时间:2017-02-16 22:12:31

标签: java spring security

我有一个奇怪的情况,我需要使用Application Server(Weblogic)安全上下文进行身份验证,但需要使用Spring Security进行授权。我正在使用Spring Boot来创建我的应用程序。

如何添加如下的安全约束(通常包含在web.xml中):

<security-constraint>
        <web-resource-collection>
            <web-resource-name>portal</web-resource-name>
            <description>This is the protected area of the application.</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description>Requires users to be authenticated but does not require them to be authorized.</description>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description>Encryption is not required for this area.</description>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
</security-constraint>

请注意,我需要从我的Weblogic服务器和 Spring Security

处理此问题

2 个答案:

答案 0 :(得分:2)

您可以使用安全性约束在WEB-INF中添加web.xml。这将与spring boot java配置一起使用。

@ComponentScan   
@SpringBootApplication
public class Application extends SpringBootServletInitializer implements WebApplicationInitializer {

   public static void main(String[] args) {
      SpringApplication.run(Application.class, args);
   }

   @Override
   protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
      return builder.sources(Application.class);
   }
}

<强>的web.xml: 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         metadata-complete="false" version="3.0">

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>portal</web-resource-name>
            <description>This is the protected area of the application.</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description>Requires users to be authenticated but does not require them to be authorized.</description>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description>Encryption is not required for this area.</description>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

</web-app>

答案 1 :(得分:0)

您应按如下所示扩展WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {    
        http.requiresChannel().anyRequest().requiresSecure();
    }
}
相关问题
最新问题