在谷歌应用引擎上实现弹簧安全 [英] Implement spring security on google app engine
问题描述
我试图在谷歌应用引擎上整合春季安全。但它不能正常工作。我想在用户访问 index 页面时对用户进行身份验证,并将其重定向到 login 页面。但现在我可以直接访问索引页面。
我遵循 spring.io 网站教程和 mkyong 教程。
这里是我的pom.xml依赖关系的一部分
< dependency>
< groupId> org.springframework< / groupId>
< artifactId> spring-context< / artifactId>
< version> 4.1.5.RELEASE< / version>
< /依赖关系>
< dependency>
< groupId> org.springframework.webflow< / groupId>
< artifactId> spring-webflow< / artifactId>
< version> 2.4.0.RELEASE< / version>
< /依赖关系>
< dependency>
< groupId> org.springframework.security< / groupId>
< artifactId> spring-security-web< / artifactId>
< version> 3.2.6.RELEASE< / version>
< /依赖关系>
< dependency>
< groupId> org.springframework.security< / groupId>
< artifactId> spring-security-config< / artifactId>
< version> 3.2.6.RELEASE< / version>
< /依赖关系>
< dependency>
< groupId> jstl< / groupId>
< artifactId> jstl< / artifactId>
< version> 1.2< / version>
< /依赖关系>
AppConfig class
@EnableWebMvc
@Configuration
// @ ComponentScan({com.example.web。*})
@ComponentScan({com.example.web})
@Import({SecurityConfig.class})
public class AppConfig {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix(/ WEB-INF / jsp /);
viewResolver.setSuffix(。jsp);
返回viewResolver;
code $
$ b $ p $ SecurityConfig
$ b $ @ $ Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication()。withUser(user)。password(password)
.roles(USER);
$ b @Override
protected void configure(HttpSecurity http)抛出Exception {
http.authorizeRequests()。anyRequest()。authenticated()。和() .formLogin()
.loginPage(/ account / login);
SecurityWebApplicationInitializer $ b
public class SecurityWebApplicationInitializer extends
AbstractSecurityWebApplicationInitializer {
}
$ b pre>public class WebApplicationInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?> [] getRootConfigClasses(){
return new Class [] {AppConfig.class};
}
@Override
protected Class<?> [] getServletConfigClasses(){
return null;
}
@Override
protected String [] getServletMappings(){
return new String [] {/};
code
$ b $ p $ c $ AccountController
@Controller
@RequestMapping(/ account)
public class AccountController {
@RequestMapping(value =/ login,method = RequestMethod.GET)
public String Index(Model model){
returnlogin;
HomeController
@Controller
@RequestMapping(/)
公共类HomeController {@RequestMapping(method = RequestMethod.GET)
public String Index(模型模型){
model.addAttribute(x ,1);
model.addAttribute(y,2);
model.addAttribute(z,3);
返回index;
index.jsppage<%@ taglib prefix =curi =http://java.sun.com/jsp/ JSTL /芯%>
<%@ page session =true%>
<!DOCTYPE html>
.....
login.jsppage<%@ page session =false%>
<!DOCTYPE html>
现在我想实现的是将未经身份验证的用户重定向到登录页面。
但是现在它不起作用,我可以直接访问主页。
解决方案
WebApplicationInitializer需要Servlet 3.0,但Appengine只支持Servlet 2.5。所以你必须使用简单的基于XML的配置,至少是初始化。并手动在web.xml中配置Spring filter / servlet。
您需要将
web.xml:< context-param>
< param-name> contextConfigLocation< / param-name>
< param-value> /WEB-INF/spring-security.xml< / param-value>
< / context-param>
< listener>
< listener-class> org.springframework.web.context.ContextLoaderListener< / listener-class>
< / listener>
< filter>
< filter-name> springSecurityFilterChain< / filter-name>
< filter-class> org.springframework.web.filter.DelegatingFilterProxy< / filter-class>
< / filter>
< filter-mapping>
< filter-name> springSecurityFilterChain< / filter-name>
< url-pattern> / *< / url-pattern>
< / filter-mapping>
< servlet>
< servlet-name> spring-dispatcher< / servlet-name>
< servlet-class> org.springframework.web.servlet.DispatcherServlet< / servlet-class>
1< / load-on-startup>
< init-param>
< param-name> contextClass< / param-name>
< param-value> org.springframework.web.context.support.AnnotationConfigWebApplicationContext< / param-value>
< / init-param>
< init-param>
< param-name> contextConfigLocation< / param-name>
< param-value> path.to.AppConfig< / param-value>
< / init-param>
< / servlet>
< servlet-mapping>
< servlet-name> spring-dispatcher< / servlet-name>
< url-pattern> / *< / url-pattern>
< / servlet-mapping>
并放入
spring-security.xml:
< context:annotation-config />
< beans:bean class =path.to.SecurityConfig/>
基本上它都是servlet 3.0以前的标准版本,您可以使用任何教程docs)基于servlet 2.4或2.5,它可以在Appengine上运行。
PS你也可以在 https://code.google.com/p/googleappengine/issues/detail?id=3091
I'm trying to integrate the spring security on google app engine. But it doesn't work properly. I wang to authenticate user when they try to access
indexpage, and redirect them tologinpage. But now I can visit theindexpage directly.I followed spring.io website tutorial and mkyong tutorial.
here are part of my pom.xml dependencies
<dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>4.1.5.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.webflow</groupId> <artifactId>spring-webflow</artifactId> <version>2.4.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>3.2.6.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>3.2.6.RELEASE</version> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency>
AppConfigclass@EnableWebMvc @Configuration //@ComponentScan({ "com.example.web.*" }) @ComponentScan({ "com.example.web" }) @Import({ SecurityConfig.class }) public class AppConfig { @Bean public InternalResourceViewResolver viewResolver() { InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); viewResolver.setViewClass(JstlView.class); viewResolver.setPrefix("/WEB-INF/jsp/"); viewResolver.setSuffix(".jsp"); return viewResolver; } }
SecurityConfigclass@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("user").password("password") .roles("USER"); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated().and().formLogin() .loginPage("/account/login"); } }
SecurityWebApplicationInitializerclasspublic class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
WebApplicationInitializerclasspublic class WebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return new Class[] { AppConfig.class }; } @Override protected Class<?>[] getServletConfigClasses() { return null; } @Override protected String[] getServletMappings() { return new String[] { "/" }; } }
AccountControllerclass@Controller @RequestMapping("/account") public class AccountController { @RequestMapping(value = "/login", method = RequestMethod.GET) public String Index(Model model) { return "login"; } }
HomeControllerclass@Controller @RequestMapping("/") public class HomeController {
@RequestMapping(method = RequestMethod.GET) public String Index(Model model) { model.addAttribute("x", 1); model.addAttribute("y", 2); model.addAttribute("z", 3); return "index"; }
index.jsppage<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@page session="true"%> <!DOCTYPE html> .....
login.jsppage<%@page session="false"%> <!DOCTYPE html>What I want to achieve now is to redirect unauthenticated user to login page. But now it does not work, I can visit home page directly.
解决方案
WebApplicationInitializerrequires Servlet 3.0, but Appengine supports only Servlet 2.5. So you have to use plain XML based config, at least for initialization. And configure Spring filter/servlet inweb.xmlmanually.You need to put into
web.xml:<context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring-security.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>spring-dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> <init-param> <param-name>contextClass</param-name> <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value> </init-param> <init-param> <param-name>contextConfigLocation</param-name> <param-value>path.to.AppConfig</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>spring-dispatcher</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping>and into
spring-security.xml:<context:annotation-config/> <beans:bean class="path.to.SecurityConfig"/>Basically it's all standard stuff from pre-servlet 3.0 time, and you could use any tutorial (or old docs) based on servlet 2.4 or 2.5, it will work on Appengine.
PS also you could vote for Servlet 3.0 support at https://code.google.com/p/googleappengine/issues/detail?id=3091
这篇关于在谷歌应用引擎上实现弹簧安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
