1. 首頁
  2. 問答
  3. Spring Security Java配置。規則不適用

Spring Security Java配置。規則不適用

2016-02-10 66 views
0

我開始使用Spring Security。我一直在實現自己的安全。所以這對我來說是新的。我遵循了幾個教程。我甚至讀過Pro Spring Security Book(不幸的是,每一個想法都是用xml配置的)。Spring Security Java配置。規則不適用

我想基於Spring和Spring Security編寫Rest Api。我將不得不主要路線到我的api。首先是匿名用戶,這正好爲: http://localhost:8080/cms/services/anonymous/**

第二個URL路徑是身份驗證的用戶: http://localhost:8080/cms/services/authenticated/**

當我打的網址是這樣的: http://localhost:8080/cms/services/authenticated/testService/getInfo 我應該得到的HTTP應答401 Unauthorized。但在我目前的項目中,我得到了200 Ok。我做錯了什麼?

這裏是我的配置:

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; 

public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { 
    @Override 
    protected Class<?>[] getRootConfigClasses() { 
    return new Class[] { AppConfig.class }; 
    } 

    @Override 
    protected Class<?>[] getServletConfigClasses() { 
    return null; 
    } 

    @Override 
    protected String[] getServletMappings() { 
    return new String[] { "/" }; 
    } 
} 

@EnableWebMvc 
@Configuration 
@ComponentScan("pl.korbeldaniel.cms.server") 
@Import({ SecurityConfig.class }) 
public class AppConfig extends WebMvcConfigurerAdapter { 

    @Override 
    public void addResourceHandlers(ResourceHandlerRegistry registry) { 
    registry.addResourceHandler("/resources/**").addResourceLocations("/resources/"); 
    } 

    @Override 
    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { 
    configurer.enable(); 
    } 

    @Bean(name = "messageSource") 
    public ReloadableResourceBundleMessageSource getMessageSource() { 
    ReloadableResourceBundleMessageSource resource = new ReloadableResourceBundleMessageSource(); 
    resource.setBasename("classpath:messages"); 
    resource.setDefaultEncoding("UTF-8"); 
    return resource; 
    } 

    @Override 
    public void configureMessageConverters(final List<HttpMessageConverter<?>> converters) { 
    super.configureMessageConverters(converters); 
    converters.add(new MappingJackson2HttpMessageConverter()); 
    } 
} 

@Configuration 
@ComponentScan("pl.korbeldaniel.cms.server") 
@EnableWebSecurity 
// @EnableGlobalMethodSecurity(prePostEnabled = true) 
@EnableGlobalMethodSecurity(securedEnabled = true) 
@PropertySource("classpath:jdbc.properties") 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Autowired 
    Environment env; 

    @Bean 
    @Override 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
    return super.authenticationManagerBean(); 
    } 
    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
    auth.inMemoryAuthentication().withUser("temporary").password("temporary").roles("ADMIN").and().withUser("user").password("userPass").roles("USER"); 
    } 


    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
    http.httpBasic().and().authorizeRequests().// 
     antMatchers("/cms/services/authenticated/**").authenticated().// 
     antMatchers("/cms/services/anonymous/**").anonymous().and().// 
     csrf().disable(); 
    } 

    @Bean 
    public DataSource getDataSource() { 
    BasicDataSource dataSource = new BasicDataSource(); 
    dataSource.setDriverClassName(env.getProperty("jdbc.driverClassName")); 
    dataSource.setUrl(env.getProperty("jdbc.url")); 
    dataSource.setUsername(env.getProperty("jdbc.username")); 
    dataSource.setPassword(env.getProperty("jdbc.password")); 
    return dataSource; 
    } 
} 

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; 

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer { 
} 

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    version="2.5"> 
    <!-- Name the application --> 
    <display-name>Rest GWT</display-name> 
    <description>This is web-project for cms</description> 
    <servlet> 
     <servlet-name>Spring MVC Dispatcher Servlet</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <init-param> 
      <param-name>contextConfigLocation</param-name> 
      <param-value>/WEB-INF/classes/action-servlet.xml</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>Spring MVC Dispatcher Servlet</servlet-name> 
     <url-pattern>/services/*</url-pattern> 
    </servlet-mapping> 
    <welcome-file-list> 
     <welcome-file>cms.html</welcome-file> 
    </welcome-file-list> 
</web-app> 

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xmlns:mvc="http://www.springframework.org/schema/mvc" 
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd 
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> 
    <!-- Scans the classpath of this application for @Components to deploy as 
     beans --> 
    <context:component-scan base-package="pl.korbeldaniel.cms" /> 
    <!-- Configures the @Controller programming model --> 
    <mvc:annotation-driven /> 
    <bean 
     class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"> 
     <property name="messageConverters"> 
      <list> 
       <!-- <bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter" /> --> 
       <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"></bean> 
      </list> 
     </property> 
    </bean> 
</beans> 

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:context="http://www.springframework.org/schema/context" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> 
<!-- registers all of Spring's standard post-processors for annotation-based configuration --> 
<context:annotation-config /> 
</beans>

請幫助。

來源

2016-02-10 masterdany88

+0

你加了''AbstractSecurityWebApplicationInitializer? –

+0

是的。我將在一秒內更新帖子... – masterdany88

+1

你在'AbstractAnnotationConfigDispatcherServletInitializer'中註冊了這個配置嗎? –

回答

1

你應該註冊您的SecurityConfigAbstractAnnotationConfigDispatcherServletInitializer,像以下:

public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { 
    @Override 
    protected Class<?>[] getRootConfigClasses() { 
    return new Class[] { SecurityConfig.class }; 
    } 

    @Override 
    protected Class<?>[] getServletConfigClasses() { 
    return new Class[] { AppConfig.class }; 
    } 

    @Override 
    protected String[] getServletMappings() { 
    return new String[] { "/" }; 
    } 
}

來源

2016-02-10 09:16:09

+0

我遵循你的指示,仍然是一樣的:'200 OK'答案。通過'SecurityConfig.class'你的意思是我的配置類?我已經導入:'pl.korbeldaniel.cms.server.config.security.SecurityConfig;' – masterdany88

+0

刪除你的xml配置 –

+0

全部?或混凝土? – masterdany88

相關問題

 相關問題