无法将Spring Security BASIC身份验证集成到Jersey/JAX-RS和Tomcat中 [英] Cannot integrate Spring Security BASIC Authentication into Jersey/JAX-RS and Tomcat

问题描述

我正在尝试将BASIC身份验证添加到我使用Jersey/JAX-RS和Tomcat Apache 7.0创建的RESTful Web服务中.将来，我想在WebSphere上部署此Web服务，因此我选择对项目使用Spring Security(2.5.6版).

I am attempting to add BASIC authentication to a RESTful web service that I have created using Jersey/JAX-RS and Tomcat Apache 7.0. In the future I want to deploy this web service on WebSphere so I have chosen to use Spring Security (ver 2.5.6) for my project.

我的问题是这样的:尽管我相信我的各种xml文件都是正确的，并且已将spring.jar添加到我的类路径中，但是在启动服务器时出现以下错误.

My problem is this: though I believe my various xml files are correct and I have added spring.jar to my classpath I am getting the following error when starting the server.

SEVERE: Error configuring application listener of class
org.springframework.web.context.ContextLoaderListener java.lang.NoClassDefFoundError: javax/servlet/ServletContextListener
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(Unknown Source)
    ...

，依此类推.我所查看的每个资源都表明应该将spring.jar添加到我的类路径中.我是Spring的新手，所以如果我的文件设置不正确，请告诉我.这是所有相关的XML文件和设置.

and so on. Every resource that I have looked at states that I should add spring.jar to my class path, which I have. I am completely new to Spring so if any of my files are setup incorrectly please tell me. Here are all of the relevant XML files and settings.

security-applicationContext.xml:

security-applicationContext.xml:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                       http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                       http://www.springframework.org/schema/security
                       http://www.springframework.org/schema/security/spring-security-2.0.xsd">

<security:global-method-security secured-annotations="enabled"/>

<security:http>
    <security:http-basic/>
    <security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>


<security:authentication-manager alias="authenticationManager"/>


<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
    <property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
    <property name="authenticationManager" ref="authenticationManager"/>
</bean>


<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
    <!--property name="contextClass" value="org.springframework.security.context.SecurityContextImpl"/-->
    <property name="allowSessionCreation" value="false"/>
</bean>


<bean id="httpSessionContextIntegrationFilterWithASCFalse" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
    <property name="allowSessionCreation" value="false"/>
</bean>

<bean id="authenticationEntryPoint"
        class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
    <property name="realmName" value="Your realm name"/>
</bean>

<security:authentication-provider>
    <security:password-encoder hash="md5"/>
    <security:user-service>
        <security:user name="admin" password="2fa3fa1c2deff56ed33e0bf974f2e29e" authorities="ROLE_PARTNER, ROLE_USER"/>
    </security:user-service>
</security:authentication-provider>

applicationContext.xml(被告知可能为空):

applicationContext.xml (I was told it could be empty):

<beans></beans>

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee
/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>TestService</display-name>
<servlet>
   <servlet-name>Jersey REST Service</servlet-name>
   <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
 <init-param>
    <param-name>com.sun.jersey.config.property.packages</param-name>
    <param-value>TestService</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
  <servlet-name>Jersey REST Service</servlet-name>
  <url-pattern>/*</url-pattern>
</servlet-mapping>

<listener>
  <listener-class>
    org.springframework.web.context.ContextLoaderListener
  </listener-class>
</listener>

<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>
      /WEB-INF/security-applicationContext.xml,
      /WEB-INF/applicationContext.xml
  </param-value>
</context-param>

<!-- Enables Spring Security -->

<filter> 
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>
      org.springframework.web.filter.DelegatingFilterProxy
  </filter-class>
  <init-param>
      <param-name>targetBeanName</param-name>
      <param-value>springSecurityFilterChain</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

最后，我的文件结构:

和服务器的运行配置:

推荐答案

此似乎是一个类似的问题.

This looks like a similar problem.

您可能想尝试不同的Tomcat版本.

You might want to try different Tomcat versions.

您缺少依赖项.

最小的spring-security依赖性应为:

Minimal spring-security dependencies should be:

<properties>
    <spring.version>3.0.1.RELEASE</spring.version>
</properties>
<dependency>
    <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-web</artifactId>
     <version>${spring.version}</version>
</dependency>
<dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-config</artifactId>
     <version>${spring.version}</version>
</dependency>
<dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-taglibs</artifactId>
     <version>${spring.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core</artifactId>
    <version>${spring.version}</version>
</dependency>

您似乎并没有使用maven，因此此站点将帮助您找到所需的罐子.只需搜索<artifactId>，您就可以下载依赖项的.jar.

You don't seem to be using maven so this site will help you find the jars you need. Just search for the <artifactId> and you will be able to download the .jar for the dependency.

此方法可能会有所帮助您将获得最低的弹簧安全性配置.

This HOWTO might help you on a minimal spring-security configuration.

这篇关于无法将Spring Security BASIC身份验证集成到Jersey/JAX-RS和Tomcat中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！