Spring Security（三十一）：9.6 Localization（本地化）

Posted 2021-01-28 帅S俊

Spring Security supports localization of exception messages that end users are likely to see. If your application is designed for English-speaking users, you don’t need to do anything as by default all Security messages are in English. If you need to support other locales, everything you need to know is contained in this section.

Spring Security支持最终用户可能看到的异常消息的本地化。如果您的应用程序是为讲英语的用户设计的，则无需执行任何操作，因为默认情况下所有安全消息均为英语。如果您需要支持其他语言环境，则需要了解的所有内容都包含在本节中。

 

All exception messages can be localized, including messages related to authentication failures and access being denied (authorization failures). Exceptions and logging messages that are focused on developers or system deployers (including incorrect attributes, interface contract violations, using incorrect constructors, startup time validation, debug-level logging) are not localized and instead are hard-coded in English within Spring Security’s code.

可以对所有异常消息进行本地化，包括与身份验证失败和访问被拒绝相关的消息（授权失败）。专注于开发人员或系统部署人员的异常和日志消息（包括错误的属性，接口合同违规，使用错误的构造函数，启动时间验证，调试级别日志记录）不是本地化的，而是在Spring Security的代码中用英语进行硬编码。

 

Shipping in the spring-security-core-xx.jar you will find an org.springframework.security package that in turn contains a messages.properties file, as well as localized versions for some common languages. This should be referred to by your ApplicationContext, as Spring Security classes implement Spring’s MessageSourceAware interface and expect the message resolver to be dependency injected at application context startup time. Usually all you need to do is register a bean inside your application context to refer to the messages. An example is shown below:

在spring-security-core-xx.jar中发送，你会发现一个org.springframework.security包，它又包含一个messages.properties文件，以及一些常用语言的本地化版本。这应该由您的ApplicationContext引用，因为Spring Security类实现了Spring的MessageSourceAware接口，并期望消息解析器在应用程序上下文启动时被依赖注入。通常，您需要做的就是在应用程序上下文中注册bean以引用消息。一个例子如下所示：

 

<bean id="messageSource"
	class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:org/springframework/security/messages"/>
</bean>

The messages.properties is named in accordance with standard resource bundles and represents the default language supported by Spring Security messages. This default file is in English.

messages.properties根据标准资源包命名，表示Spring Security消息支持的默认语言。此默认文件为英文。

 

If you wish to customize the messages.properties file, or support other languages, you should copy the file, rename it accordingly, and register it inside the above bean definition. There are not a large number of message keys inside this file, so localization should not be considered a major initiative. If you do perform localization of this file, please consider sharing your work with the community by logging a JIRA task and attaching your appropriately-named localized version of messages.properties.

如果您希望自定义messages.properties文件或支持其他语言，您应该复制该文件，相应地重命名，并在上面的bean定义中注册它。此文件中没有大量的消息密钥，因此本地化不应被视为主要的主动。如果您确实执行了此文件的本地化，请考虑通过记录JIRA任务并附加适当命名的本地化版本的messages.properties来与社区共享您的工作。

 

Spring Security relies on Spring’s localization support in order to actually lookup the appropriate message. In order for this to work, you have to make sure that the locale from the incoming request is stored in Spring’s org.springframework.context.i18n.LocaleContextHolder. Spring MVC’s DispatcherServlet does this for your application automatically, but since Spring Security’s filters are invoked before this, the LocaleContextHolder needs to be set up to contain the correct Locale before the filters are called. You can either do this in a filter yourself (which must come before the Spring Security filters in web.xml) or you can use Spring’s RequestContextFilter. Please refer to the Spring Framework documentation for further details on using localization with Spring.

Spring Security依赖于Spring的本地化支持，以便实际查找相应的消息。为了使其工作，您必须确保传入请求中的区域设置存储在Spring的org.springframework.context.i18n.LocaleContextHolder中。 Spring MVC的DispatcherServlet会自动为您的应用程序执行此操作，但由于在此之前调用了Spring Security的过滤器，因此需要将LocaleContextHolder设置为在调用过滤器之前包含正确的Locale。您可以自己在过滤器中执行此操作（必须在web.xml中的Spring Security过滤器之前），或者您可以使用Spring的RequestContextFilter。有关在Spring中使用本地化的更多详细信息，请参阅Spring Framework文档。

 

The "contacts" sample application is set up to use localized messages.

“contacts”示例应用程序设置为使用本地化消息。