我设置了一个新的Spring Web MVC应用程序,然后我用它介绍了spring-security。 这是我用于spring-security
的配置的applicationContext-security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login
login-page="/login"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="datasource"
users-by-username-query=
"select username,password, enabled from user where username=?"
/>
</authentication-provider>
</authentication-manager>
我还使用Hibernate 5来访问我的数据库
的applicationContext-db.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
<context:property-placeholder location="classpath:db/database.properties"/>
<context:component-scan base-package="com.medkhelifi.tutorials.spring.springregistration" />
<context:annotation-config />
<bean id="userDao" class="com.medkhelifi.tutorials.spring.springregistration.dao.impl.UserDaoImpl"/>
<!-- Hibernate Factory -->
<bean id="datasource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${database.driver}"/>
<property name="url" value="${database.url}"/>
<property name="username" value="${database.username}"/>
<property name="password" value="${database.password}"/>
</bean>
<bean id="hibernateFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean">
<property name="dataSource" ref="datasource"/>
<property name="annotatedClasses">
<list>
<value>com.medkhelifi.tutorials.spring.springregistration.model.User</value>
</list>
</property>
</bean>
<bean id="transcationManager" class="org.springframework.orm.hibernate5.HibernateTransactionManager">
<property name="sessionFactory" ref="hibernateFactory"/>
</bean>
<tx:annotation-driven transaction-manager="transcationManager" />
我用两个控制器创建了两个jsp页面:
当我运行我的应用程序时,我可以无限制地访问我的index.jsp和我的/jsp/hello.jsp。我不知道我是否遗漏了什么。
(抱歉我的英语不好)
答案 0 :(得分:1)
这是一个古老的问题,但我想提一下根本原因,为什么它对我不起作用:
我也使用了基于XML的配置,但是似乎根本没有调用Spring Security,因为甚至没有默认的标头。 这是由于我没有按以下说明将Spring的DelegatingFilterProxy添加到web.xml中引起的:https://docs.spring.io/spring-security/site/docs/5.0.x/reference/html/ns-config.html#ns-web-xml
添加过滤器后,Spring Security开始设置默认标题,我可以继续添加自定义要求。
亲切的问候
史蒂夫