使用spring security 3 </intercept-url>动态创建<intercept-url pattern =“”>

时间:2011-07-29 15:11:29

标签: spring spring-security

您好我是Spring安全3的新手,但在此网站的帮助下,我成功开发了身份验证和授权。现在我想从context-security.xml中删除intercept-url模式。我希望获取特定用户表单数据库的权限并动态创建。我在这里......

security.xml

中的

<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
            <custom-filter before="FIRST" ref="requestMappings"/>
            <beans:property name="authenticationManager" ref="authenticationManager" />
            <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
            <beans:property name="objectDefinitionSource" ref="requestMappings" />
        </beans:bean>

        <beans:bean id="requestMappings" class="com.nmmc.common.security.repository.RequestMappingFactoryBean" />

    <http auto-config="true" once-per-request="false">

        <!-- Restrict URLs based on role -->
        <intercept-url pattern="/login.works" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/login/validate.works" access="IS_AUTHENTICATED_ANONYMOUSLY" />     
        <intercept-url pattern="/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 

        <form-login login-page="/login.works" login-processing-url="/j_spring_security_check"
            default-target-url="/login/validate.works"
            authentication-failure-url="/login.works" />
        <logout logout-url="/j_spring_security_logout"
            logout-success-url="/login.works" invalidate-session="true" />

        <session-management invalid-session-url="/login.works"
            session-fixation-protection="none">
            <concurrency-control max-sessions="50"
                error-if-maximum-exceeded="true" />
        </session-management>
    </http>

    <authentication-manager>
        <authentication-provider ref="customAuthenticationProvider"></authentication-provider>
    </authentication-manager>

    <beans:bean id="customAuthenticationProvider"
        class="com.nmmc.common.security.repository.CustomAuthenticationProvider"></beans:bean>

在RequestMappingFactoryBean 

import org.springframework.beans.factory.FactoryBean;

public class RequestMappingFactoryBean implements FactoryBean{
    private final static String EOL = System.getProperty("line.separator"); 
    public Object getObject() throws Exception
    {
        StringBuffer sb = new StringBuffer();
        sb.append("CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON");
        sb.append(EOL);
        sb.append("PATTERN_TYPE_APACHE_ANT");
        sb.append(EOL);
        sb.append("/**login.works=IS_AUTHENTICATED_ANONYMOUSLY");
        sb.append(EOL);
        sb.append("/user/**=ROLE_ADMIN");
        return sb.toString();    
    }    
    public Class getObjectType()
    {       
        return String.class;
    }
    public boolean isSingleton()
    {       
        return true;
    }   
}

当我从

中删除ref时 
<custom-filter before="FIRST" ref="requestMappings"/>

然后它给出错误,必须定义ref,如果我定义它并运行我的应用程序它会给出错误,如

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Security namespace does not support decoration of element [custom-filter]

这就是为什么我定义为给定。 我的代码是否有任何变化来运行它?

1 个答案:

答案 0 :(得分:1)

阅读How to dynamically decide <intercept-url> access attribute value in Spring Security?

的第一个答案

它概述了解决方案。

相关问题
最新问题