问题:
从xml到基于Java的配置问题的转变
长孙沈义
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-5.4.xsd">
<security:http auto-config="true" disable-url-rewriting="true"
use-expressions="true">
<security:form-login login-page="/signin"
authentication-failure-url="/signinAjax?error=1" authentication-details-source-ref="customWebAuthenticationDetailsSource" authentication-success-forward-url="/logged"/>
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/isAutenticated" access="permitAll" />
<security:intercept-url pattern="/resources/images/favicon.png"
access="permitAll" />
<security:intercept-url pattern="/resources/webfonts/**"
access="permitAll" />
<security:intercept-url pattern="/resources/**"
access="permitAll" />
<security:intercept-url pattern="/signin"
access="permitAll" />
<security:intercept-url pattern="/signinAjax"
access="permitAll" />
<security:intercept-url pattern="/userList"
access="isAuthenticated()" />
<security:intercept-url pattern="/imgages/**"
access="permitAll" />
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
</security:http>
<security:global-method-security
secured-annotations="enabled" />
<security:authentication-manager
erase-credentials="true">
<security:authentication-provider
ref="ldapActiveDirectoryAuthProvider" />
</security:authentication-manager>
<bean id="ldapActiveDirectoryAuthProvider"
class="org.springframework.security.ldap.authentication.ad.CustomActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="XXXX" />
<constructor-arg value="ldap://XXX:389" />
<property name="convertSubErrorCodesToExceptions" value="true" />
<property name="searchFilter"
value="(&(objectClass=user)(sAMAccountName={0}))" />
<property name="useAuthenticationRequestCredentials" value="true" />
<property name="userDetailsContextMapper" ref="tdrUserDetailsContextMapper" />
</bean>
<bean id="tdrUserDetailsContextMapper"
class="it.xxx.account.CustomUserDetailsContextMapper" />
<bean id="customWebAuthenticationDetailsSource"
class="it.xxx.config.security.CustomWebAuthenticationDetailsSource"/>
</beans>
@Configuration
@EnableWebSecurity
//@EnableGlobalMethodSecurity(securedEnabled=true)
//@ImportResource(value = "classpath:spring-security-context.xml")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public CustomWebAuthenticationDetailsSource customWebAuthenticationDetailsSource() {
return new CustomWebAuthenticationDetailsSource();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/isAutenticated").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/signin").permitAll()
.antMatchers("/signinAjax").permitAll()
.antMatchers("/userList").permitAll()
.antMatchers("/images/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/signin")
.authenticationDetailsSource(customWebAuthenticationDetailsSource())
.successForwardUrl("/logged")
.failureForwardUrl("/signinAjax?error=1");
}
@Bean
public CustomActiveDirectoryLdapAuthenticationProvider ldapActiveDirectoryAuthProvider() {
CustomActiveDirectoryLdapAuthenticationProvider provider = new CustomActiveDirectoryLdapAuthenticationProvider("xxx.local","ldap://xxx:389");
provider.setConvertSubErrorCodesToExceptions(true);
provider.setSearchFilter("(&(objectClass=user)(sAMAccountName={0}))");
provider.setUseAuthenticationRequestCredentials(true);
provider.setUserDetailsContextMapper(tdrUserDetailsContextMapper());
return provider;
}
@Bean
public LoggerListener loggerListener() {
return new LoggerListener();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(true);
auth.authenticationProvider(ldapActiveDirectoryAuthProvider());
}
@Bean
public CustomUserDetailsContextMapper tdrUserDetailsContextMapper() {
return new CustomUserDetailsContextMapper();
}
}
org.springframework.security.access.event.LoggerListener.onAuthorizationFailureEvent Security authorization failed due to: org.springframework.security.access.AccessDeniedException: Access is denied; authenticated principal: AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=19C02E6245BF011635B6ADC374ED4EA4], Granted Authorities=[ROLE_ANONYMOUS]]; secure object: filter invocation [POST /login]; configuration attributes: [authenticated]
共有1个答案
金烨华
我发现了问题:
从xml到java的错误(&)
provider.setSearchFilter("(&(objectClass=user)(sAMAccountName={0}))");
已更改的loginPage
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/isAutenticated").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/signin").permitAll()
.antMatchers("/signinAjax").permitAll()
.antMatchers("/userList").permitAll()
.antMatchers("/images/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.authenticationDetailsSource(customWebAuthenticationDetailsSource())
.successForwardUrl("/logged")
.failureForwardUrl("/signinAjax?error=1");
}
类似资料:
-
问题内容: 我尝试不使用任何xml。 像这样一个:转换为@Bean 问题在这里。 尝试将“ com.cloudlb.domain.User”转换为Class []无效。 错误:投放问题。 先感谢您。 问题答案:
-
在Spring security 2.0.4中,声明如下所示,过滤器的位置也在各个bean声明中声明..... 旧的security.xml Spring Security:如何排除某些资源? https://www.baeldung.com/security-none-filters-non-access-permitall null
-
困惑: 对我来说没有代码段工作,每次我面对404,我想我错过了什么?
-
我是Spring的新手,尝试将基于xml的配置转换为注释basic。我读了这个教程。它与基于xml的配置完美结合。MVCSpring积垢教程 现在我将所有基于xml的配置转换为注释,但我有一个问题。我几乎把我读到的东西都读了一遍,但我没有解决这个问题。 组织。springframework。豆。工厂BeanCreationException:创建名为“personController”的bean时
-
问题内容: 是否可以在应用程序中同时具有MyBatis的基于XML +注释的配置。 我之所以这样问,是因为在我的应用程序中,我使用的是基于注释的方法。但是在一种情况下,我需要使用IN子句,可以使用 基于XML的配置。 但是,当我启动应用程序时,它似乎无法识别基于注释的映射器,并给了我一个例外。 因此,我想知道是否可以在应用程序中同时具有MyBatis的基于XML + Annotation的配置。请
-
问题内容: 在最近我从事的一些大型项目中,选择其中一种(XML或注释)似乎变得越来越重要。随着项目的发展,一致性对于可维护性非常重要。 我的问题是:与基于注释的配置相比,基于XML的配置有哪些优势?与基于XML的配置相比,基于注释的配置有哪些优势? 问题答案: 注释有其用途,但它们不是杀死XML配置的灵丹妙药。我建议将两者混合! 例如,如果使用Spring,则将XML用于应用程序的依赖注入部分是完