Spring Boot中Spring Security的XML配置
我想对SpringSecurity使用基于XML的配置。第一个想法是对用户密码使用SHA-256或任何其他哈希函数。我找不到用纯Java解决此问题的好方法,因此我开始在xml中配置内容。这就是开始变得有趣的时候了。
我的配置:
- spring-boot1.1.8.RELEASE
- spring-boot-starter- *在1.1.8
- Tomcat碧玉嵌入:8.0.8
spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd>
<http pattern="/css/**" security="none"/>
<http pattern="/login.html*" security="none"/>
<http>
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page='/login.html'/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin"
authorities="ROLE_USER, ROLE_ADMIN"/>
<user name="bob" password="bob"
authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
我将xml文件加载到public static void main可以在其中找到的类中:
@Configuration@ComponentScan
@EnableAutoConfiguration
@Order(HIGHEST_PRECEDENCE)
@ImportResource({
"/spring-security.xml"
})
public class PhrobeBootApplication extends SpringBootServletInitializer {
...
}
但是我在任何页面加载时都遇到以下异常:
[ERROR] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/].[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exceptionorg.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
...
因此,似乎resources/WEB-
INF/web.xml无法加载from的配置,如果我对文档有很好的了解,则应该在仅使用纯弹簧而没有引导的情况下使用它。(应配置过滤器)。我对吗?
为什么会发生此错误?在spring-boot中,是否有更好的方法将基于xml的配置用于spring-
security?web.xml甚至可以由tomcat加载吗?
回答:
根据 Dave Syer 在最新版的Spring Boot中的声明,配置Spring安全性的最佳方法是使用Java配置。
我需要一个SHA-256编码器,但是我没有找到任何简单而又好的实现方案。您只需要使用passwordEncoder配置jdbcAuthentication。这真的很简单:
@EnableWebSecuritypublic class SpringSecurityConfigurer extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
@Bean
public ApplicationSecurity applicationSecurity() {
return new ApplicationSecurity();
}
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private SecurityProperties security;
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated()
.and().formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
.and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login");
}
PasswordEncoder sha256PasswordEncoder = new PasswordEncoder() {
@Override
public String encode(CharSequence rawPassword) {
return Hashing.sha256().hashString(rawPassword, Charsets.UTF_8).toString();
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return encodedPassword.equals(Hashing.sha256().hashString(rawPassword, Charsets.UTF_8).toString());
}
};
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(this.dataSource)
.passwordEncoder(sha256PasswordEncoder);
}
}
}
以上是 Spring Boot中Spring Security的XML配置 的全部内容, 来源链接: utcz.com/qa/397939.html
