如何整合Spring Security和GWT? [英] How to integrate Spring Security and GWT?
问题描述
我试图整合Spring Security和GWT。我也在使用gwt-incubator-security。我按照wiki页面上的描述配置了所有内容。
我设法通过使用拦截url来获得安全工作,但是我无法使用注释工作。任何想法是什么问题?
我使用Spring 2.5.6,Spring Security 2.0.5和gwt-incubator-security 1.0.1。欢迎任何有用的链接和评论。
以下是我的配置文件
applicationContext .xml
<?xml version =1.0编码= UTF-8 >?;
jsr250-annotations =disabled/>
< http auto-config =true>
<! - < intercept-url pattern =/ ** / *。rpcaccess =ROLE_USER/> - >
< intercept-url pattern =/ gwt / **access =ROLE_USER/>
< intercept-url pattern =/ **access =IS_AUTHENTICATED_ANONYMOUSLY/>
< / http>
< authentication-provider>
< user-service>
< user name =rodpassword =koala
authorities =ROLE_SUPERVISOR,ROLE_USER,ROLE_TELLER/>
< user name =diannepassword =emuauthorities =ROLE_USER,ROLE_TELLER/>
< user name =scottpassword =wombatauthorities =ROLE_USER/>
< user name =peterpassword =opalauthorities =ROLE_USER/>
< / user-service>
< / authentication-provider>
< beans:bean id =greetServiceclass =com.ct.test.server.GreetingServiceImpl/>
web.xml
<?xml version =1.0 encoding =UTF-8?>
< web-app>
<! - 要投放的默认页面 - >
< welcome-file-list>
< welcome-file> Spring_test.html< / welcome-file>
< / welcome-file-list>
<! - 春季相关配置 - >
< listener>
< listener-class>
org.springframework.web.context.ContextLoaderListener
< / listener-class>
< / listener>
<! - 初始化Spring MVC DispatcherServlet - >
< servlet>
< servlet-name> spring< / servlet-name>
< servlet-class> org.springframework.web.servlet.DispatcherServlet< / servlet-class>
1< / load-on-startup>
< / servlet>
<! - 映射DispatcherServlet只拦截RPC请求 - >
< servlet-mapping>
< servlet-name> spring< / servlet-name>
< url-pattern> /spring_test/greet.rpc< / url-pattern>
<! -
< url-pattern> /org.example.gwtwisdom.GwtWisdom/services / *< / url-pattern>
- >
< / servlet-mapping>
< servlet>
< servlet-name> greetServlet< / servlet-name>
< servlet-class> com.ct.test.server.GreetingServiceImpl< / servlet-class>
< / servlet>
< servlet-mapping>
< servlet-name> greetServlet< / servlet-name>
< url-pattern> /spring_test/greet.rpc< / url-pattern>
< / servlet-mapping>
<! - Spring安全性 - >
< filter>
< filter-name> springSecurityFilterChain< / filter-name>
< filter-class> org.springframework.web.filter.DelegatingFilterProxy< / filter-class>
< / filter>
< filter-mapping>
< filter-name> springSecurityFilterChain< / filter-name>
< url-pattern> / *< / url-pattern>
< / filter-mapping>
spring-servlet.xml
$ b
<?xml version = 1.0encoding =UTF-8?>
<! - DispatcherServlet的应用程序上下文定义 - >
< bean id =urlMappingclass =com.gwtincubator.security.server.GWTSecuredHandler>
< property name =mappings>
< map>
< entry key =/ spring_test / greet.rpcvalue-ref =greetService/>
< / map>
< / property>
< / bean>
这是我的示例项目我试图与Spring Security集成: http://www.filedropper.com/springtest_1
我使用GWT + Spring安全性。
我在您的配置中发现,存在一些误解。事实上,有一种非常简单的方式可以让弹簧安全与gwt协同工作,无论 gwt-incubator-security 。你只需要在你的web.xml中声明你的应用程序上下文。
< context-param>
< param-name> contextConfigLocation< / param-name>
< param-value> /WEB-INF/applicationContext-security.xml< / param-value>
< / context-param>
< filter>
< filter-name> springSecurityFilterChain< / filter-name>
< filter-class> org.springframework.web.filter.DelegatingFilterProxy< / filter-class>
< / filter>
< filter-mapping>
< filter-name> springSecurityFilterChain< / filter-name>
< url-pattern> / *< / url-pattern>
< / filter-mapping>
< listener>
< listener-class> org.springframework.web.context.ContextLoaderListener< / listener-class>
< / listener>
您不要在这里声明您的MVC dispatcherServlet!然后,因为Spring Security框架机制,一切正常。
但是这种配置方式没有声明DispatcherServlet,很简单,但是如果你需要一些安全funcionality那需要DispatcherServlet,是一个拼图。正如我见过的那样。
然后如果你坚持使用gwt-incubator-security。我用法语读了一个非常好的解决方案,但它没有选中。 http://hugo.developpez.com/ tutoriels / java / gwt / utilization-gwt-avec-spring-et-hibernate /
- 将Spring集成到应用程序中GWT-SL:
事实上,对于Spring和hibernate的集成,问题在于如何正确配置servlet。一个人应该知道, Spring有它自己的ServletDispatcherServlet,所以gwt和它的gwt servlet。
通常, GWT RPC,gwt-servlet在 web-xml 中声明,如
< servlet>
< servlet-name> appService< / servlet-name>
< servlet-class> com.google.gwt.app.example.server.AppServiceImpl< / servlet-class>
< / servlet>
< servlet-mapping>
< servlet-name> appService< / servlet-name>
< url-pattern> / app / appService< / url-pattern>
< / servlet-mapping>
如果您非常喜欢Spring,并且您想使用DispatcherServlet发送请求,然后GWT处理程序可以帮助你摆脱这个问题。
首先,您可以在 web.xml 中加载应用程序上下文,如下所示:
< ;的context-param>
< param-name> contextConfigLocation< / param-name>
< param-value> classpath:applicationContext_GWT.xml< / param-value>
< / context-param>
< listener>
< listener-class> org.springframework.web.context.ContextLoaderListener
< / listener-class>
< / listener>
然后你可以在Spring上下文中声明你的rpc服务:
applicationContext_GWT.xml
< bean id =appService
class =com.google.gwt.app .example.server.AppServiceImpl>
< / bean>
但是,您不应忘记在应用程序上下文中添加GWTHandler声明文件applicationContext_GWT.xml
最后一件事是在web.xml中声明Spring servlet:DispatcherServlet。注意这个事实,这是春天适合的servlet而不是GWT-SL的。
web.xml
< servlet>
< servlet-name>处理程序< / servlet-name>
< servlet-class> org.springframework.web.servlet.DispatcherServlet< / servlet-class>
1< / load-on-startup>
< / servlet>
< servlet-mapping>
< servlet-name>处理程序< / servlet-name>
< url-pattern> *。rpc< / url-pattern>
< / servlet-mapping>
Servlet名称很重要,因为DispatcherServlet将搜索由* -servlet.xml命名的spring上下文文件。由于servlet名称是处理程序,它将搜索spring上下文handler-servlet.xml。因此,在这里我们将解决这样的问题,我们将与DispatcherServlet独立的应用程序上下文放在applicationContext_GWT.xml中,然后将依赖于-servlet.xml中的DispatcherServlet的应用程序上下文作为servlet name是handler,那么我们应该有handler-servlet.xml,然后将以下配置的GWT_SL从applicationContext_GWT.xml放入handler-servlet.xml中。
Handler-servlet.xml
< bean id =urlProjectMappingclass =org.gwtwidgets.server.spring.GWTHandler>
<! - 提供URL和服务之间的映射。服务必须实现RemoteService接口,但不受其他限制.-->
< property name =mappings>
< map>
<! - 其他映射可以跟随 - >
< entry key =/ app / appService.rpcvalue-ref =appService/>
< / map>
< / property>
< / bean>
然后在web.xml dans la declaration de servlet中添加以下配置。
< init-param>
< param-name> contextConfigLocation< / param-name>
< param-value> /WEB-INF/handler-servlet.xml< / param-value>
< / init-param>
过滤器模式仅涉及带有后缀.rpc
的RPC调用(我没有' )
完成上述所有配置后,您就可以在应用程序中创建filtreprocessentrypoint了上下文文件。
希望这能帮助你!
I'm trying to integrate Spring Security and GWT. I'm also using gwt-incubator-security. I configured everything as it was described on their wiki pages. I managed to get security working by using intercept-url, but I can't get it working using annotations. Any ideas about what the problem is?
P.S. I'm using Spring 2.5.6, Spring Security 2.0.5 and gwt-incubator-security 1.0.1. Any useful links and comments are welcome.
Here are my config files
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<global-method-security secured-annotations="enabled"
jsr250-annotations="disabled" />
<http auto-config="true">
<!-- <intercept-url pattern="/**/*.rpc" access="ROLE_USER" /> -->
<intercept-url pattern="/gwt/**" access="ROLE_USER" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>
<authentication-provider>
<user-service>
<user name="rod" password="koala"
authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="emu" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="wombat" authorities="ROLE_USER" />
<user name="peter" password="opal" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
<beans:bean id="greetService" class="com.ct.test.server.GreetingServiceImpl" />
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>Spring_test.html</welcome-file>
</welcome-file-list>
<!-- Spring related configuration -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Initialise the Spring MVC DispatcherServlet -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map the DispatcherServlet to only intercept RPC requests -->
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/spring_test/greet.rpc</url-pattern>
<!--
<url-pattern>/org.example.gwtwisdom.GwtWisdom/services/*</url-pattern>
-->
</servlet-mapping>
<servlet>
<servlet-name>greetServlet</servlet-name>
<servlet-class>com.ct.test.server.GreetingServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>greetServlet</servlet-name>
<url-pattern>/spring_test/greet.rpc</url-pattern>
</servlet-mapping>
<!-- Spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- The application context definition for the DispatcherServlet -->
<bean id="urlMapping" class="com.gwtincubator.security.server.GWTSecuredHandler">
<property name="mappings">
<map>
<entry key="/spring_test/greet.rpc" value-ref="greetService" />
</map>
</property>
</bean>
Here is my sample project that i tried to integrate with Spring Security: http://www.filedropper.com/springtest_1
I'am using GWT+Spring security. I find in your configuration, there is some misunderstanding. In fact, there is a very simple way that can let spring security work with your gwt regardless the gwt-incubator-security. You just need to declare your application context in you web.xml.
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext-security.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
You don't declare here your MVC dispatcherServlet ! Then everything works because of the Spring Security framework mechanism.
But This way of configuration doesn't declare DispatcherServlet, it is simple, but in case that you need some security funcionality that need DispatcherServlet, is is a "piege". So as i've met.
Then if you insist to use gwt-incubator-security. I've read a very good solution in french, but it rest uncheck. http://hugo.developpez.com/tutoriels/java/gwt/utilisation-gwt-avec-spring-et-hibernate/
- Integrate Spring in the application with GWT-SL: In fact, for the integration of Spring and hibernate, the problem is how to configure correctly the servlet. One should be aware that the Spring has its own servlet "DispatcherServlet" so as the gwt with its "gwt servlet". Normally, in the tutorial for the GWT RPC, the gwt-servlet is declared in the web-xml, like
<servlet> <servlet-name>appService</servlet-name> <servlet-class>com.google.gwt.app.example.server.AppServiceImpl</servlet-class> </servlet> <servlet-mapping> <servlet-name>appService</servlet-name> <url-pattern>/app/appService</url-pattern> </servlet-mapping>
If you like very much Spring, and you want to use DispatcherServlet to dispatch the request, then GWT-handler can help you to get rid of the problem. Firstly, you load application context in the web.xml as below:
<context-param>
<param-name> contextConfigLocation </param-name>
<param-value> classpath:applicationContext_GWT.xml </param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
Then you can declare your rpc service in Spring context: applicationContext_GWT.xml
<bean id=" appService "
class=" com.google.gwt.app.example.server.AppServiceImpl">
</bean>
But you should not forget to add the GWTHandler declaration in the application context file applicationContext_GWT.xml
The last thing is to declare the spring servlet: DispatcherServlet in the web.xml. Pay attention to the fact that this is the spring’s proper servlet not the GWT-SL’s.
web.xml
<servlet>
<servlet-name>handler</servlet-name>
<servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>handler</servlet-name>
<url-pattern>*.rpc</url-pattern>
</servlet-mapping>
Servlet name is important because DispatcherServlet will search for the spring context file named by "*-servlet.xml". As the servlet name is handler, it will search for the spring context "handler-servlet.xml". So here we will solve the problem like this, we put the application context which is independent with the DispatcherServlet in the "applicationContext_GWT.xml", then the one that is dependent with the DispatcherServlet in the "-servlet.xml", as the servlet name is "handler", then we should have "handler-servlet.xml", then put the following configuration of GWT_SL from applicationContext_GWT.xml into handler-servlet.xml Handler-servlet.xml
<bean id="urlProjectMapping" class="org.gwtwidgets.server.spring.GWTHandler">
<!-- Supply here mappings between URLs and services. Services must implement the RemoteService interface but are not otherwise restricted.-->
<property name="mappings">
<map>
<!-- Other mappings could follow -->
<entry key="/app/appService.rpc" value-ref="appService" />
</map>
</property>
</bean>
Then add the following configuration in the web.xml dans la declaration de servlet.
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value> /WEB-INF/handler-servlet.xml </param-value>
</init-param>
The filter pattern concerns just the RPC call with a suffix .rpc (I didn’t use the GWT-SL, so the method above for integration has not been checked.)
After you have all the above configuration, then you create your filtreprocessentrypoint in your applicationi context file.
Hope this can help you!
这篇关于如何整合Spring Security和GWT?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
