我有一个可以在本地运行的简单 spring 项目。这些网址被 spring security 拦截,但是当我将其上传到 google appengine 服务器时,安全性无法工作,而是执行关联的方法。
public class SpringSecutiryInitializer extends AbstractSecurityWebApplicationInitializer {
// Do nothing. This initializes the security chain.
}
public class SpringMvcInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class, SecurityConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
Environment env;
@Autowired
DataSource dataSource;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
String databaseName = env.getProperty("jdbc.databaseName");
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(
"select username,password,enabled from user where username=?")
.authoritiesByUsernameQuery(
"SELECT user.username, role.role FROM (" + databaseName
+ ".user_role as role JOIN " + databaseName
+ ".user as user ON"
+ " role.auth_id = user.auth_id) where user.username=?");
}
}
@Configuration
@EnableWebMvc
@EnableTransactionManagement
@ComponentScan({ "com.djw" })
public class AppConfig {
// configure different beans
}
appengine-web.xml
<?xml version="1.0" encoding="utf-8"?>
<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
<!-- Fill in the app name and version -->
<application>project-name-removed</application>
<version>1</version>
<threadsafe>true</threadsafe>
<!-- Configure serving/caching of GWT files -->
<static-files>
<include path="**" />
<!-- The following line requires App Engine 1.3.2 SDK -->
<include path="**.nocache.*" expiration="0s" />
<include path="**.cache.*" expiration="365d" />
<exclude path="**.gwt.rpc" />
</static-files>
<use-google-connector-j>true</use-google-connector-j>
<sessions-enabled>true</sessions-enabled>
<system-properties>
<property name="java.util.logging.config.file" value="WEB-INF/appengine_logging.properties"/>
<property name="spring.profiles.active" value="prod"/>
</system-properties>
</appengine-web-app>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>Archetype Created Web Application</display-name>
<!-- Declare a Spring MVC DispatcherServlet as usual -->
<servlet>
<servlet-name>web</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- Configure DispatcherServlet to use AnnotationConfigWebApplicationContext
instead of the default XmlWebApplicationContext -->
<init-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</init-param>
<!-- Again, config locations must consist of one or more comma- or space-delimited
and fully-qualified @Configuration classes -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.djw.config.AppConfig</param-value>
</init-param>
</servlet>
<!-- map all requests for / to the dispatcher servlet -->
<servlet-mapping>
<servlet-name>web</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
有了这些,我尝试打开的任何 url 都会被 spring 拦截以获取用户名和密码。但在我的服务器上,它只会让请求通过。为什么会发生这种情况?
最佳答案
我从 here 学到一件事目前 Google App Engine 支持 servlet 版本 2.5,而 AbstractAnnotationConfigDispatcherServletInitializer 需要 servlet 版本 3.0。因此,您必须使用 xml 来配置您的设置。
关于java - Spring Security 无法在服务器上运行(谷歌应用引擎),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27499100/