0
在使用Spring MVC 3.2使用Spring Security 3.1嘲諷春季全球性認證管理
目標容器是JBoss的4(不要問),所以該servlet API仍然是2.4。在測試Spring安全性配置時,它使用XML編寫,並與其他一些東西一起放入web.xml中。以爲我會寫一個較小的JUnit測試平臺來嘲笑一個基本請求並調用Spring安全檢查身份驗證。 Idea在將其整合到項目的其餘部分之前將幫助其他開發人員測試安全配置。
無論如何,如果我沒有在安全XML定義的認證管理器,我得到:
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add a gobal <authentication-manager> element to your configuration (with child <authentication-provider> elements)? Alternatively you can use the authentication-manager-ref attribute on your <http> and <global-method-security> elements.
我的JUnit測試類看起來是這樣的:
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = {LdapSecurityTest.WebAppConfig.class,
LdapSecurityTest.WebSecurityConfig.class})
public class LdapSecurityTest {
@Controller
public static class DummyController {
@RequestMapping(value = "/blankettservice/admin/test", method = RequestMethod.GET)
@ResponseBody
public String hello() {
return "hello world";
}
}
@EnableWebMvc
@Configuration
@ComponentScan("se.bolagsverket.insidan.web.common")
public static class WebAppConfig {
}
@Configuration
@ImportResource({"classpath:applicationContext-security.xml"})
public static class WebSecurityConfig {
@Autowired
private List<AuthenticationProvider> providers;
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(providers);
}
}
public class SpringInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
AnnotationConfigWebApplicationContext ctx =
new AnnotationConfigWebApplicationContext();
ServletRegistration.Dynamic dispatcher =
servletContext.addServlet("dispatcher", new DispatcherServlet(
ctx));
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
servletContext.addFilter("springSecurityFilterChain",
new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/*");
}
}
@Resource
private WebApplicationContext context;
@Test
public void initialize() throws Exception {
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken("user", "password"));
MockMvc mvc = webAppContextSetup(context).build();
mvc.perform(get("/blankettservice/admin/test")).andExpect(status().isOk())
.andExpect(content().string("hello world"));
;
}
}
只是爲了清楚起見ApplicationContext的安全看起來像:
<http>
<intercept-url pattern="/**/blankettservice/admin/**"
access="ROLE_BLANKETTSERVICE_ADMIN" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<http-basic />
<anonymous />
</http>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://server:port" />
<beans:property name="userDn" value="..." />
<beans:property name="password" value="..." />
</beans:bean>
<beans:bean id="bvLdapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider>
....
</beans:bean>
創建的ProviderManager bean是populat提供者提供bvLdapAuthProvider。
如果我將名稱「org.springframework.security.authenticationManager」添加到我的AuthenticationManager bean,那麼錯誤消失。 –
永遠不會被拒絕訪問。這是現在的問題。看到我的授權提供程序正在運行,但沒有連接到HTTP攔截-URL反對「/ blankettservice/admin/test」。 –
Spring安全過濾器從不初始化。我的LDAP認證提供者也不是被調用的(初始化爲yes,但未被調用進行認證)。 –