Spring Boot,Spring Security - 基于 XML 的配置
Posted
技术标签:
【中文标题】Spring Boot,Spring Security - 基于 XML 的配置【英文标题】:Spring Boot, Spring Security - XML based configuration 【发布时间】:2021-02-15 00:46:11 【问题描述】:Spring Boot 2.3.4,Spring Security,保护 REST 控制器(端点)。
我有一个使用 Java 配置类的解决方案,但现在我的任务是使用 XML 来完成。
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
public static final String USER = "USER";
public static final String ADMIN = "ADMIN";
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth
.inMemoryAuthentication()
.withUser("user")
.password("noop" + "user123")
.roles(USER)
.and()
.withUser("admin")
.password("noop" + "admin456")
.roles(ADMIN, USER);
@Override
protected void configure(HttpSecurity http) throws Exception
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/", "/login").permitAll()
.antMatchers("/path1/**").hasRole(ADMIN)
.antMatchers("/path2/**").hasRole(USER)
.antMatchers(HttpMethod.DELETE, "/path3/name").hasRole(ADMIN)
.antMatchers(HttpMethod.GET, "/path3/name").hasRole(USER)
// more antMatchers...
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.formLogin().disable();
以前从未做过基于 XML 的配置,这一定是过去经常做的事情。不管怎样,得到了用 XML 完成的任务。
不知道怎么做。 需要哪些部分,只是 XML 文件,还是仍然是 Java 配置文件(如 WebSecurityConfig.java)?
【问题讨论】:
查看baeldung.com/spring-security-login和baeldung.com/java-ee-spring-security 【参考方案1】:我尝试了以下
WebSecurityConfig.java
@Configuration
@ImportResource( "classpath:webSecurityConfig.xml" )
public class WebSecurityConfig
public WebSecurityConfig()
super();
webSecurityConfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<http create-session="stateless" use-expressions="true">
<intercept-url pattern="/" access="permitAll()"/>
<intercept-url pattern="/login" access="permitAll()"/>
<intercept-url pattern="/path1/**" access="hasAuthority('ROLE_ADMIN')"/>
<intercept-url pattern="/path2/**" access="hasAuthority('ROLE_USER')"/>
<intercept-url method="DELETE" pattern="/path3/name" access="hasAuthority('ROLE_ADMIN')"/>
<intercept-url method="GET" pattern="/path3/name" access="hasAuthority('ROLE_USER')"/>
<http-basic/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="noopuser123" authorities="ROLE_USER"/>
<user name="admin" password="noopadmin456" authorities="ROLE_USER,ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
但在启动时显示以下错误
***************************
APPLICATION FAILED TO START
***************************
Description:
Parameter 0 of method setObjectPostProcessor in org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter required a bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor' that could not be found.
Action:
Consider defining a bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor' in your configuration.
不确定有什么问题或遗漏。到目前为止,Google 的帮助不是很大。
【讨论】:
以上是关于Spring Boot,Spring Security - 基于 XML 的配置的主要内容,如果未能解决你的问题,请参考以下文章
Grails Spring Core 安全插件 - 无法解析类