XML中的Spring Security 3配置

Question

我試過通過XML配置Spring Security一段時間了，但我似乎無法讓它工作。以下是我迄今爲止：

我發現

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:context="http://www.springframework.org/schema/context" 
     xmlns:mvc="http://www.springframework.org/schema/mvc" 
     xmlns:security="http://www.springframework.org/schema/security" 
     xsi:schemaLocation="http://www.springframework.org/schema/mvc 
          http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd 
          http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
          http://www.springframework.org/schema/context 
          http://www.springframework.org/schema/context/spring-context-3.0.xsd 
          http://www.springframework.org/schema/security 
          http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

    [...] 

    <security:http auto-config="true"> 
     <security:intercept-url pattern="/**" access="ROLE_USER" /> 
     <security:http-basic /> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider> 
      [???] <!-- What goes here? --> 
     </security:authentication-provider> 
    </security:authentication-manager> 

</beans> 

所有教程似乎要我把<user-service>的佔位符，而NetBeans將不會自動完成該元素。類似這個元素的唯一的東西是any-user-service，據我所知，它是一個「抽象」元素。

我只想配置內存中的用戶和密碼列表。我如何在Spring Security 3中做到這一點？

Answer 1

<security:authentication-manager> 
    <security:authentication-provider user-service-ref="userService"> 
</security:authentication-provider> 

<bean id="userService" class="path.to.your.implementation.of.UserDetailsService" /> 

，或者您可以在內存中身份驗證的基礎（而不是，以及）：

<security:authentication-manager> 
    <security:authentication-provider user-service-ref="userService"> 
    </security:authentication-provider> 
    <security:authentication-provider user-service-ref="customAdmin">   
    </security:authentication-provider> 
</security:authentication-manager> 

<security:user-service id="customAdmin"> 
<security:user name="yourUserName" password="yourPassword" authorities="ROLE_USER, ROLE_ADMIN" /> 
<security:user name="yourOtherUserName" password="yourOtherPassword" authorities="ROLE_USER, ROLE_ADMIN" /> 
</security:user-service> 

的官方文檔春天總是best place to read，恕我直言。

Answer 2

自己寫的org.springframework.security.authentication.AuthenticationProvider，創建bean和你的認證管理器提供了一個參考：

<authentication-manager> 
    <authentication-provider ref="com.example.CustomAuthenticationProvider"/> 
</authentication-manager> 

或者你可以只提供用戶名和密碼與他們有關當局（嘲諷，當我用這個）

<authentication-manager> 
    <authentication-provider> 
     <user-service> 
      <user name="test" password="test" authorities="ROLE_AUTHENTICATED" /> 
     </user-service> 
    </authentication-provider> 
</authentication-manager>