尝试将Spring Security添加到Apache Camel Web应用程序

Question

我有一个在Tomcat中运行的现有Camel Web应用程序和一个与Camel应用程序通信的Angular前端。这一切都运行正常，计划是添加Spring Security以启用身份验证和授权。

我有一个带有ContextLoaderListener的web.xml文件，如下所示： -

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
     http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>My Web Service</display-name>

<!-- location of spring xml files -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>

<!-- the listener that kick-starts Spring -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>RestletServlet</servlet-name>
    <servlet-class>org.restlet.ext.spring.SpringServerServlet</servlet-class>
    <init-param>
        <param-name>org.restlet.component</param-name>
        <param-value>restletComponent</param-value>
    </init-param>
</servlet>

<!-- define that url path for the Camel Servlet to use -->
<servlet-mapping>
    <servlet-name>RestletServlet</servlet-name>
    <url-pattern>/v1/*</url-pattern>
</servlet-mapping>

</web-app>

这引用了一个applicationContext.xml，它包含Spring对象，包括Camel路由等。

我尝试在Google上关注一些教程/示例，并添加了以下类： -

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.*;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
    }
}

和

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
    public SecurityWebApplicationInitializer() {
        super(SecurityConfig.class);
    } 
}

我遇到的问题是AbstractSecurityWebApplicationInitializer实例化ContextLoaderListener，因此有2个ContextLoaderListener，然后Tomcat无法启动。

如果从web.xml中删除ContextLoaderListener，则安全部分可以正常工作，但不再定义我的应用程序资源。

是否可以通过AbstractSecurityWebApplicationInitializer实例化ContextLoaderLister来调用我的ContextLoaderLister？

Answer 1

我设法通过在现有的applicationContext.xml中添加 SecurityConfig bean来实现此功能

...
<bean id="securityConfig" class="com.datalex.perfeng.tws.security.SecurityConfig" />
...

从SecurityConfig类中删除 @Configuration 注释，并从SecurityWebApplicationInitializer中的super调用中删除SecurityConfig.class参数

我的代码现在看起来如下：

SecurityConfig.java

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.*;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
      }
}

SecurityWebApplicationInitializer.java

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
    // Empty
}