2

抱歉,我对 Spring Security 很陌生。我有以下 applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.0.xsd
            http://www.springframework.org/schema/mvc 
            http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

    <!-- Activates various annotations to be detected in bean classes -->
    <context:annotation-config />

    <!-- Scans the classpath for annotated components that will be auto-registered as Spring beans.
     For example @Controller and @Service. Make sure to set the correct base-package-->
    <context:component-scan base-package="org.assessme.com" />

    <!-- Configures the annotation-driven Spring MVC Controller programming model.
    Note that, with Spring 3.0, this tag works in Servlet MVC only!  -->
    <mvc:annotation-driven /> 

</beans>

我正在按照教程...

http://static.springsource.org/spring-security/site/tutorial.html

我的问题是,我应该添加到现有的 applicationContext.xml 还是制作一个单独的 XML 文件?

我的 web.xml 如下...

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring/root-context.xml</param-value>
  </context-param>
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>
</web-app>

我有点困惑,因为在教程中,它指定了 xml 的上下文参数,但我已经声明了一个,我可以有更多的上下文参数吗?如果有人能给我一个将springmvc和spring security一起使用的最佳方法的想法,那将会很棒,因为目前我发现很难“合并”xml文件。

谢谢,

4

2 回答 2

7

您可以将安全配置放在单独的文件中,也可以与现有的应用程序上下文结合使用。如果要使用现有的应用程序上下文。您将默认命名空间保留为 bean,如下所示:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd">

      <security:http auto-config="true">
         <security:intercept-url pattern="/**" access="ROLE_USER" />
      </security:http>
   ...
</beans>

并且您必须在所有安全元素前面加上安全性。

但是如果你在单独的文件中定义。优点是您可以将安全性作为默认命名空间并省略安全性前缀,如下所示:

 <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

      <http auto-config='true'>
           <intercept-url pattern="/**" access="ROLE_USER" />
      </http>
      ...
</beans:beans>

常见的方法是像这样定义文件名:

 1)applicationContext.xml
 2)applicationContext-security.xml

在你的 web.xml 中像这样:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>

或作为逗号或空格分隔的列表,如下所示:

<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/applicationContext.xml /WEB-INF/applicationContext-security.xml</param-value>
</context-param>

文档:上下文加载器

文档:命名空间配置

于 2012-07-02T23:06:57.170 回答
0

在您遵循的教程中,它还使用:

<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>
       classpath:applicationContext-business.xml
       /WEB-INF/security-app-context.xml
   </param-value>
</context-param>

其中applicationContext-business.xml就像你的root-context.xml. 因此,您需要将路径添加到 Spring 安全配置文件。并且,请记住还包括您的web.xml.

于 2012-07-02T19:52:48.243 回答