我正在尝试在谷歌应用程序引擎上集成spring安全性。但它不能正常工作。当用户尝试访问index
页面时,我希望对其进行身份验证,并将其重定向到login
页面。但现在我可以直接访问index
页面。
我学习了spring.io网站教程和mkyong教程。
以下是我pom.xml依赖项的一部分
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.webflow</groupId>
<artifactId>spring-webflow</artifactId>
<version>2.4.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
AppConfig
类
@EnableWebMvc
@Configuration
//@ComponentScan({ "com.example.web.*" })
@ComponentScan({ "com.example.web" })
@Import({ SecurityConfig.class })
public class AppConfig {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
SecurityConfig
类
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin()
.loginPage("/account/login");
}
}
SecurityWebApplicationInitializer
类
public class SecurityWebApplicationInitializer extends
AbstractSecurityWebApplicationInitializer {
}
WebApplicationInitializer
类
public class WebApplicationInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
AccountController
类
@Controller
@RequestMapping("/account")
public class AccountController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String Index(Model model) {
return "login";
}
}
HomeController
类
@控制器@RequestMapping("/")公共类HomeController{
@RequestMapping(method = RequestMethod.GET)
public String Index(Model model) {
model.addAttribute("x", 1);
model.addAttribute("y", 2);
model.addAttribute("z", 3);
return "index";
}
index.jsp
页
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<!DOCTYPE html>
.....
login.jsp
页
<%@page session="false"%>
<!DOCTYPE html>
我现在想要实现的是将未经身份验证的用户重定向到登录页面。但现在它不起作用,我可以直接访问主页。
WebApplicationInitializer
需要Servlet 3.0,但Appengine只支持Servlet 2.5。因此,您必须使用简单的基于XML的配置,至少在初始化时是这样。并在web.xml
中手动配置Spring过滤器/servlet。
您需要放入web.xml
:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>path.to.AppConfig</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
并进入spring-security.xml
:
<context:annotation-config/>
<beans:bean class="path.to.SecurityConfig"/>
基本上,这都是servlet 3.0之前的标准内容,您可以使用任何基于servlet 2.4或2.5的教程(或旧文档),它将在Appengine上运行。
PS您也可以在https://code.google.com/p/googleappengine/issues/detail?id=3091