增加春天petclinic的安全性 [英] adding security to spring petclinic
问题描述
我正在尝试学习Spring安全性,并且我想为spring petclinic示例应用程序添加安全功能(代码为在此链接)。但是,网上的样品存在问题。
I am trying to learn Spring security, and I want to add security functionality to the spring petclinic sample application (the code for which is at this link). However, there are problems with the samples on the web.
例如,我想使用这个例子,但它在init文件夹中使用.java文件(你可以查看在这个链接)做我认为petclinic应用程序使用xml文件执行的任务(你可以查看在此链接)。
For example, I would like to use this example, but it uses .java files in an init folder (which you can view at this link) to do tasks which I think the petclinic application does using xml files (which you can view at this link).
我想坚持使用xml方法因为我花了好几个月使用xml配置,但我不明白使用xml配置和java配置之间的区别。
I want to stick with the xml approach because I have spent many months using xml configuration, but I do not understand the difference between using the xml configuration and java configuration.
有人可以帮助我了解我必须对这个例子是为了让它与spring petclinic app中的xml配置一起使用?
Can someone help me understand what changes I would have to make to this example in order to get it to work with the xml configuration in the spring petclinic app?
或者,如果您可以快速简便地在spring petclinic应用程序上启动并运行安全性,以便我可以通过修改工作代码来开始学习,那也没关系。
Alternatively, if you can show a quick and easy way to get working security up and running on the spring petclinic app so that I can start learning by tinkering with working code, that would be OK also.
我开始使用spring教程为petclinic应用添加安全性(在这个链接),但它不可用,因为它已经很多年了,并使用了过时版本的spring。
I started using the spring tutorial for adding security to the petclinic app (at this link), but it is not usable because it is many years old and uses an obsolete version of spring.
根据JHadesDev的建议,我创建了一个名为 org.springframework.security.samples.petclinic.config 的新包,并将以下两个文件放入其中:
Based on JHadesDev's suggestion, I created a new package called org.springframework.security.samples.petclinic.config and placed the following two files in it:
SecurityConfig.java:
SecurityConfig.java:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void registerGlobalAuthentication(
AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
MessageSecurityWebApplicationInitializer.java
MessageSecurityWebApplicationInitializer.java
@Order(2)
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}
尝试运行该应用程序然后导致错误,指示Tomcat无法启动,因为需要识别 SpringSecurityFilterChain ,所以我接着修改了我的 web.xml 以包含它。您可以通过点击阅读我的整个 web.xml 在这个链接。
Trying to run the app then caused an error indicating that Tomcat would not start because a SpringSecurityFilterChain needed to be identified, so I then altered my web.xml to include it. You can read my entire web.xml by clicking on this link.
但现在 web.xml 中的更改导致错误,表明Tomcat无法启动因为定义 SpringSecurityFilterChain 是多余的。我已经在文件共享网站上发布了整个堆栈跟踪,您可以通过点击此链接阅读。
But now the changes in web.xml are causing an error indicating that Tomcat will not start because the definition of SpringSecurityFilterChain is redundant. I have posted the entire stack trace on a file sharing site that you can read by clicking on this link.
如何摆脱此错误以便tomcat启动,以便为应用启用登录功能?
How can I get rid of this error so that tomcat will start, and so that login functionality will be enabled for the app?
推荐答案
将此java配置放在其他 @Config 文件旁边:
put this java configuration next to other @Config files:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
此配置可确保所有网址在应用程序中受到保护,并生成默认登录页面。这将是一个很好的起点,另见教程使用Java配置(而不是XML)进行Spring安全设置。
This configuration ensures that all urls are secured in the application, and that a default login page is generated. This would be a good starting point, see also this tutorial that goes through Spring security setup using Java config (instead of XML).
这篇关于增加春天petclinic的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
