我正在将我的春季安全性从3.1.4迁移到4.1.5。我在安全性配置中使用了RequestMatcher来过滤掉网址。我已按照迁移文档中org.springframework.security.web.util.matcher.RequestMatcher的建议将RequestMatcher更新为正确的包。
我指向request-matcher-ref来指向实现RequestMatcher的自定义类。但是我在Intellij中遇到以下错误-无法解析所需的基类'org.springframework.security.web.util.RequestMatcher'。 如何解决此问题。
security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd">
<security:debug/>
<bean id="preflightRequestMatcher" class="com.genesyslab.rcs.security.RequestMethodMatcher">
<constructor-arg index="0" value="OPTIONS"/>
<constructor-arg index="1" value="true"/>
</bean>
<bean id="regularRequestMatcher" class="com.genesyslab.rcs.security.RequestMethodMatcher">
<constructor-arg index="0" value="OPTIONS"/>
<constructor-arg index="1" value="false"/>
</bean>
<security:http auto-config="false" create-session="never" request-matcher-ref="preflightRequestMatcher" >
<security:intercept-url pattern="/**" access="ROLE_ANONYMOUS, IS_AUTHENTICATED_FULLY"/>
<security:http-basic />
</security:http>
<security:http pattern="/contact-centers/*/user-recordings/*/play/**" security="none" auto-config="false" create-session="always"/>
<security:http pattern="/contact-centers/*/user-screen-recordings/*/play/**" security="none" auto-config="false" create-session="always"/>
<security:http auto-config="false" create-session="always" request-matcher-ref="regularRequestMatcher">
<security:intercept-url pattern="/loginsession" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/logoutsession" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/keepalivesession" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/recordings/**" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/contact-centers/*/recordings/**" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/screen-recordings/**" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/certificates" access="ROLE_RECORD_KEY_READ,ROLE_DEFAULT_USER" />
<security:intercept-url pattern="/certificatepems" access="ROLE_RECORD_KEY_READ,ROLE_DEFAULT_USER" />
<security:intercept-url pattern="/checkcertificate" access="ROLE_RECORD_KEY_UPLOAD,ROLE_DEFAULT_USER" />
<security:intercept-url pattern="/checkkey" access="ROLE_RECORD_KEY_UPLOAD,ROLE_DEFAULT_USER" />
<security:intercept-url pattern="/addcertificateandkey" access="ROLE_RECORD_KEY_UPLOAD,ROLE_DEFAULT_USER" />
<security:intercept-url pattern="/removecertificateandkey" access="ROLE_RECORD_KEY_UPLOAD,ROLE_DEFAULT_USER" />
<security:intercept-url pattern="/version" access="ROLE_ANONYMOUS, IS_AUTHENTICATED_FULLY" />
<!-- All URLs should be covered above, it's error if we match this one -->
<security:intercept-url pattern="/**" access="ROLE_NOMATCH" />
<security:session-management>
<security:concurrency-control max-sessions="999999" error-if-maximum-exceeded="false"/>
</security:session-management>
<security:http-basic />
</security:http>
<security:authentication-manager>
<security:authentication-provider ref='rcsAuthenticationProvider'/>
</security:authentication-manager>
RequestMethodMatcher.java
import lombok.AllArgsConstructor;
import org.springframework.security.web.util.matcher.RequestMatcher;
import javax.servlet.http.HttpServletRequest;
@AllArgsConstructor
public class RequestMethodMatcher implements RequestMatcher
{
final private String method;
final private boolean matchIfEqual;
@Override
public boolean matches(HttpServletRequest request) {
return method.equalsIgnoreCase(request.getMethod()) == matchIfEqual;
}
}