我尝试通过 Spring Security 为我的 Spring MVC 项目(最近更新为 4.2.6.RELEASE
)完成授权。所以我添加了这些依赖项:
<dependency org="org.springframework.security" name="spring-security-config" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-core" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-crypto" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-taglibs" rev="4.1.0.RELEASE" />
<dependency org="org.springframework.security" name="spring-security-web" rev="4.1.0.RELEASE" />
据我了解,我只需要创建这些类:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/home").permitAll().anyRequest().authenticated().and().formLogin()
.loginPage("/login").permitAll().and().logout().permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
}
和
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {
}
我希望对于尚未登录的用户,除了“/”、“/home”、“/login”和“/logout”之外,所有 URL 现在都会被阻止。事实上,没有任何东西被阻止,我的网络应用程序完全可以访问。所以我一定是在某个地方错了......
如果您能在这里给我一些关于我的问题可能是什么的提示,我真的很感激。谢谢!
最佳答案
我测试了你的ant匹配器,它工作得很好(一切看起来都很好),所以我认为你还没有将你的客户安全配置(SecurityConfig)注册到spring servlet,它是用@Import
完成的。
@EnableWebMvc
@Configuration
@ComponentScan({ "yourpackage" })
@Import({ SecurityConfig .class }) // See here
public class SpringServlet {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/..");
viewResolver.setSuffix("...");
return viewResolver;
}
}
关于java - Spring MVC : Spring Security 4 doesn't intercept,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37836191/