具有spring-security的Spring Java配置

出于某种原因(我真的不能记住为什么:))我决定只使用Java来配置Spring应用程序.另外我会尽量避免使用web.xml

我从接下来的两个java配置文件开始.
ApplicationBootstrap.java

public class ApplicationBootstrap implements WebApplicationInitializer {
    //public class Initializer 
    public void onStartup(ServletContext servletContext) throws ServletException {
        AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
        rootContext.register(ApplicationConfig.class);
        rootContext.refresh();

    // Manage the lifecycle of the root appcontext
    servletContext.addListener(new ContextLoaderListener(rootContext));
    servletContext.setInitParameter("defaultHtmlEscape", "true");
    servletContext.setInitParameter("spring.profiles.active", "Production");


     // now the config for the Dispatcher servlet
    AnnotationConfigWebApplicationContext mvcContext = new AnnotationConfigWebApplicationContext();
        mvcContext.register(ApplicationConfig.class);
        mvcContext.getEnvironment().setActiveProfiles("Production");
        mvcContext.getEnvironment().setDefaultProfiles("Production");

    ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher", new DispatcherServlet(mvcContext));
        dispatcher.setLoadOnStartup(1);
        dispatcher.addMapping("/api/*");


}

和ApplicationConfig.java

@Configuration()
@Profile({"Production", "ControllerUnitTest"})
@EnableWebMvc
@ComponentScan( basePackages = "com.consius.activework.server"  ) 
@EnableAspectJAutoProxy
public class ApplicationConfig extends WebMvcConfigurerAdapter {


}

这很有效.没有我的问题开始了.我的想法是使用spring-security,我找到了一种使用Java配置spring-security的方法.
过了一会儿我放弃了,我发现无法使用Java配置spring-security.
我决定回到XML进行安全配置.

我创建了一个包含以下内容的web.xml:

   <filter>
        <filter-name>filterChainProxy</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>filterChainProxy</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

我在ApplicationConfig.java中添加了:

 @ImportResource( { "classpath:/spring-security.xml" } )

并创建了一个名为spring-security.xml的新xml文件

<security:http auto-config='true' create-session="never" realm="Restricted Service" use-expressions="true">
    <security:intercept-url pattern="/rest/**" access="permitAll()" />               
</security:http>

根据文档,这是最小配置.

试图运行它会出现以下错误(我无法理解为什么)

SEVERE: Exception starting filter filterChainProxy
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'filterChainProxy' is defined
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:549)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1096)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:278)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:198)
    at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1121)
    at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:326)
    at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:236)
    at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:194)
    at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281)

谁能帮我?
我想我做了一些明显的错误,但我看不到它.

// LG

最佳答案
如何坚持使用Java配置?

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    // ...
}

public class WebSecurityInitializer 
        extends AbstractSecurityWebApplicationInitializer {
}

方便的是,WebSecurityInitializer将为您注册Spring Security Servlet过滤器!这是一个很好的解释,有很多细节:

http://docs.spring.io/spring-security/site/docs/3.2.x/guides/helloworld.html

顺便说一下……如果没有上述内容,也可以手动进行注册:

public class DispatcherServletInitializer 
        extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    public void onStartup(ServletContext servletContext) 
            throws ServletException {
        servletContext
            .addFilter("securityFilter", 
                       new DelegatingFilterProxy("springSecurityFilterChain"))
            .addMappingForUrlPatterns(null, false, "/*");

        super.onStartup(servletContext);
    }

    // Various other required methods...

}

这样,您就可以忘记烦人的web.xml. 🙂

转载注明原文:具有spring-security的Spring Java配置 - 代码日志