0

使用 spring security 来保护我的 REST WebService

我有一个用途是

此类 org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler

   <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:c="http://www.springframework.org/schema/c"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/oxm      http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd
        http://www.springframework.org/schema/mvc      http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
        http://www.springframework.org/schema/security    http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
     <security:http entry-point-ref="restAuthenticationEntryPoint">
      <security:intercept-url pattern="/api/admin/**" access="ROLE_ADMIN"/>

      <security:custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/>


   </security:http>
    <bean id="mydataSource" class="org.apache.commons.dbcp.BasicDataSource">
        <property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <property name="url"
            value="jdbc:mysql://127.0.0.1:3306/VconfGwDb?autoReconnect=true" />
        <property name="username" value="***" />
        <property name="password" value="****" />
        <property name="validationQuery" value="Select 1"></property>
    </bean>

    <bean id="sessionFactory"
        class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
        <property name="dataSource" ref="mydataSource" />
        <property name="annotatedClasses">
            <list>
                <value>com.alpha.vconf.model.Participation</value>
                <value>com.alpha.vconf.model.ParticipationId</value>
                <value>com.**.**.model.***</value>
                <value>com.**.*.model.**</value>
                <value>com.***.**.model.**</value>
                <value>com.**.**.model.***</value>
            </list>
        </property>
        <property name="hibernateProperties">
            <props>
                <prop key="dialect">org.hibernate.dialect.MySQLDialect</prop>
            </props>
        </property>
    </bean>
    <bean id="transactionManager"
        class="org.springframework.orm.hibernate3.HibernateTransactionManager">
        <property name="sessionFactory" ref="sessionFactory" />
    </bean>
     <bean id="myFilter" class=
    "org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
      <property name="authenticationManager" ref="authenticationManager"/>
      <property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
   </bean>
   <bean id="mySuccessHandler"
    class="org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler"/>

   <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider>
         <security:user-service>
            <security:user name="temporary" password="temporary" authorities="****"/>
            <security:user name="***" password="***" authorities="***"/>
         </security:user-service>
      </security:authentication-provider>
   </security:authentication-manager>
    <tx:annotation-driven transaction-manager="transactionManager" />
    <context:annotation-config />
    <context:component-scan base-package="com.***.***"></context:component-scan>
</beans>

所以问题是:-找不到类'org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler'我该如何解决这个问题

4

1 回答 1

1

org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler must be either in WEB-INF/classes or in a JAR in WEB-INF/lib but I guess you know that. What's the exception you're getting? Note that there's a difference between NoClassDefFoundError and ClassNotFoundException.

EDIT

In any case your success handler must be an implementation of org.springframework.security.web.authentication.AuthenticationSuccessHandler. You either provide your own (changing the obscure com.rest.yadayada class name to the name of your class) or remove this line

<property name="authenticationSuccessHandler" ref="mySuccessHandler"/>

to use the default success handler.

于 2012-12-28T12:03:50.880 回答