在 google 应用引擎上实现 spring 安全
Implement spring security on google app engine
我正在尝试在 google 应用引擎上集成 spring 安全性。但它不能正常工作。我希望在用户尝试访问 index 页面时对他们进行身份验证,并将他们重定向到 login 页面。但是现在我可以直接访问index页面了。
我遵循了 spring.io website tutorial and mkyong 教程。
这是我的部分 pom.xml 依赖项
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.webflow</groupId>
<artifactId>spring-webflow</artifactId>
<version>2.4.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
AppConfig class
@EnableWebMvc
@Configuration
//@ComponentScan({ "com.example.web.*" })
@ComponentScan({ "com.example.web" })
@Import({ SecurityConfig.class })
public class AppConfig {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
SecurityConfig class
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin()
.loginPage("/account/login");
}
}
SecurityWebApplicationInitializer class
public class SecurityWebApplicationInitializer extends
AbstractSecurityWebApplicationInitializer {
}
WebApplicationInitializer class
public class WebApplicationInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
AccountController class
@Controller
@RequestMapping("/account")
public class AccountController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String Index(Model model) {
return "login";
}
}
HomeController class
@控制器
@RequestMapping("/")
public class 家庭控制器 {
@RequestMapping(method = RequestMethod.GET)
public String Index(Model model) {
model.addAttribute("x", 1);
model.addAttribute("y", 2);
model.addAttribute("z", 3);
return "index";
}
index.jsp 页
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<!DOCTYPE html>
.....
login.jsp 页
<%@page session="false"%>
<!DOCTYPE html>
我现在想实现的是将未经身份验证的用户重定向到登录页面。
但是现在不行了,我可以直接访问首页
WebApplicationInitializer 需要 Servlet 3.0,但 Appengine 仅支持 Servlet 2.5。所以你必须使用普通的基于 XML 的配置,至少在初始化时是这样。并在web.xml中手动配置Springfilter/servlet。
你需要输入web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>path.to.AppConfig</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
并进入 spring-security.xml:
<context:annotation-config/>
<beans:bean class="path.to.SecurityConfig"/>
基本上都是 servlet 3.0 之前的标准内容,您可以使用任何基于 servlet 2.4 或 2.5 的教程(或旧文档),它可以在 Appengine 上运行。
PS 您也可以在 https://code.google.com/p/googleappengine/issues/detail?id=3091
投票支持 Servlet 3.0
我正在尝试在 google 应用引擎上集成 spring 安全性。但它不能正常工作。我希望在用户尝试访问 index 页面时对他们进行身份验证,并将他们重定向到 login 页面。但是现在我可以直接访问index页面了。
我遵循了 spring.io website tutorial and mkyong 教程。
这是我的部分 pom.xml 依赖项
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.webflow</groupId>
<artifactId>spring-webflow</artifactId>
<version>2.4.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
AppConfig class
@EnableWebMvc
@Configuration
//@ComponentScan({ "com.example.web.*" })
@ComponentScan({ "com.example.web" })
@Import({ SecurityConfig.class })
public class AppConfig {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
SecurityConfig class
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin()
.loginPage("/account/login");
}
}
SecurityWebApplicationInitializer class
public class SecurityWebApplicationInitializer extends
AbstractSecurityWebApplicationInitializer {
}
WebApplicationInitializer class
public class WebApplicationInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
AccountController class
@Controller
@RequestMapping("/account")
public class AccountController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String Index(Model model) {
return "login";
}
}
HomeController class
@控制器 @RequestMapping("/") public class 家庭控制器 {
@RequestMapping(method = RequestMethod.GET)
public String Index(Model model) {
model.addAttribute("x", 1);
model.addAttribute("y", 2);
model.addAttribute("z", 3);
return "index";
}
index.jsp 页
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<!DOCTYPE html>
.....
login.jsp 页
<%@page session="false"%>
<!DOCTYPE html>
我现在想实现的是将未经身份验证的用户重定向到登录页面。 但是现在不行了,我可以直接访问首页
WebApplicationInitializer 需要 Servlet 3.0,但 Appengine 仅支持 Servlet 2.5。所以你必须使用普通的基于 XML 的配置,至少在初始化时是这样。并在web.xml中手动配置Springfilter/servlet。
你需要输入web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>path.to.AppConfig</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
并进入 spring-security.xml:
<context:annotation-config/>
<beans:bean class="path.to.SecurityConfig"/>
基本上都是 servlet 3.0 之前的标准内容,您可以使用任何基于 servlet 2.4 或 2.5 的教程(或旧文档),它可以在 Appengine 上运行。
PS 您也可以在 https://code.google.com/p/googleappengine/issues/detail?id=3091
投票支持 Servlet 3.0