我試圖在Servlet 2.5環境中使用JavaConfig設置Spring Security 3.2。參考(http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#jc)僅涵蓋springSecurityFilterChain的Servlet 3.0+設置。Spring Security 3.2:JavaConfig在Servlet <3.0環境中設置springSecurityFilterChain
感謝提示/鏈接如何以正確的方式在Servlet 2.5環境中設置此過濾器鏈。
在Servlet 2.5環境中,Spring Security 3.2在下面的代碼中用JavaConfig配置。
的web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder registry)
throws Exception {
registry.userDetailsService(userDetailsService).passwordEncoder(
new BCryptPasswordEncoder());
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/admin.htm")
.hasAuthority("ROLE_ADMIN")
.antMatchers("/personal/myPhotos.htm")
.hasAnyAuthority("ROLE_USER", "ROLE_FAMILY", "ROLE_ADMIN")
.antMatchers("/personal/familyPhotos.htm")
.hasAnyAuthority("ROLE_FAMILY", "ROLE_ADMIN")
.antMatchers("/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.usernameParameter("j_username") // default is username
.passwordParameter("j_password") // default is password
.loginPage("/login.htm")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/login.htm?login_error=t")
.permitAll()
.and()
.logout().logoutSuccessUrl("/")
.logoutUrl("/j_spring_security_logout")
.and()
.rememberMe().key("myAppKey").tokenValiditySeconds(864000);
}
}
有一些相似性和差異在javaconfig和XML配置了在this blog
很好解釋