1

我的 Web 应用程序使用 Spring Security 进行基于数据库的身份验证和授权。我的配置如下: 这是我的 web.xml 文件,我介绍了 applicationContext.xml 和 applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         id="WebApp_ID" version="2.5">

    <display-name>Struts2Example14</display-name>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/applicationContext-security.xml
        </param-value>
    </context-param>

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    </filter>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
</web-app>

这是我的 applicationContextSecurity.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
        <property name="url" value="jdbc:oracle:thin:@10.60.2.4:1521:agribase"/>
        <property name="username" value="sabka"/>
        <property name="password" value="sabka"/>
    </bean>

    <sec:http use-expressions="true">
        <sec:intercept-url pattern="/secured/**" access="ROLE_USER"/>
        <sec:intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
        <sec:form-login login-page="/jsp/homePage.jsp"
                        authentication-failure-url="/jsp/homePage.jsp"
                        default-target-url="/jsp/homePage.jsp"/>
    </sec:http>

    <sec:authentication-manager>
        <sec:authentication-provider>
            <sec:jdbc-user-service
                data-source-ref="dataSource"
                users-by-username-query="
                    SELECT username,password, enabled FROM users WHERE username=?"
                authorities-by-username-query="
                    SELECT u.username, ur.authority
                    FROM users u, user_roles ur WHERE u.user_id = ur.user_id AND u.username=?"/>
        </sec:authentication-provider>
    </sec:authentication-manager>
</beans>

当我运行它时,它会出现这个错误:

Unexpected exception parsing XML document from ServletContext resource [/WEB-    INF/applicationContext-security.xml];  

nested exception is org.springframework.beans.BeanInstantiationException:Could not instantiate bean class
[org.springframework.security.config.SecurityNamespaceHandler]:Constructor threw   exception;  

nested exception is java.lang.NoClassDefFoundError:  org/springframework/aop/config/AbstractInterceptorDrivenBeanDefinitionDecorator

这是我的类路径:

<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="src" path="WebContent/WEB-INF"/>
<classpathentry exported="true" kind="con"  path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.St andardVMType/jre6">
<attributes>
<attribute name="owner.project.facets" value="java"/>
</attributes>
</classpathentry>
<classpathentry exported="true" kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v6.0">
<attributes>
<attribute name="owner.project.facets" value="jst.web"/>
</attributes>
</classpathentry>
<classpathentry exported="true" kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
<classpathentry exported="true" kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
<classpathentry exported="true" kind="lib" path="//10.60.2.7/Sabka/lib/ojdbc14.jar"/>
<classpathentry exported="true" kind="lib" path="//10.60.2.7/Sabka/lib/ojdbc14dms.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/antlr-runtime-3.0.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-fileupload-1.2.1.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-io-1.3.2.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-logging-1.1.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/freemarker-2.3.13.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/junit-3.8.1.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/ognl-2.6.11.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.asm-3.0.0.M3.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.beans-3.0.0.M3.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.context-3.0.0.M3.jar"/>
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.core-3.0.0.M3.jar"/>

4

2 回答 2

3

此示例将演示 Spring 3.2 与 Spring Security 3.1 和 Hibernate 4.1.9 的使用。

在您的 pom.xml 中包含以下依赖项

        <!-- spring dependency-->
           <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context-support</artifactId>
            <version>${spring.framework.version}</version>
        </dependency>
         <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-orm</artifactId>
            <version>${spring.framework.version}</version>
        </dependency>
         <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.framework.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.framework.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.framework.version}</version>
        </dependency>
        <!-- START: Spring security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <!-- END: Spring security -->

在 web.xml 中

 <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/spring-security.xml</param-value>
    </context-param>

        <!-- START: Spring Security -->
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        <!-- END: Spring Security -->

弹簧安全.xml

<http auto-config="true" access-denied-page="/denied">
        <intercept-url pattern="/role1/*" access="ROLE1" />
        <intercept-url pattern="/role2/*" access="ROLE2" />
        <intercept-url pattern="/role3/*" access="ROLE3" />
         <intercept-url pattern="/home" access="ROLE1,ROLE2,ROLE3"/>        
        <form-login login-page="/login" default-target-url="/home"
            authentication-failure-url="/loginfailed" />
          <logout
            invalidate-session="true"
            delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
            logout-success-url="/index"></logout>
    </http>
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
    <authentication-manager >
    <authentication-provider ref="authProvider"></authentication-provider>  
    </authentication-manager>
<beans:bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  <beans:property name="userDetailsService" ref="userDetailsServiceImpl" />
  <beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>
<!-- For hashing and salting user passwords -->
    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

在 mvc.xml 中

    <security:global-method-security secured-annotations="enabled"/>
    <bean id="userDetailsServiceImpl" class="com.service.UserDetailsServiceImpl">
        <property name="sessionFactory" ref="sessionFactory"></property>
    </bean>

在 UserDetailsS​​erviceImpl

    @Service
@Transactional(readOnly = true)
public class UserDetailsServiceImpl implements UserDetailsService {


    UserDao userDAO = new UserDaoImpl();

    public UserDetails loadUserByUsername(String userName)
            throws UsernameNotFoundException {

        Users domainUser = userDAO.getUser(userName);
        Roles role = domainUser.getRoles();
        boolean enabled = true;
        boolean accountNonExpired = true;
        boolean credentialsNonExpired = true;
        boolean accountNonLocked = true;

        return new User(domainUser.getUsername(),
                domainUser.getUsersPassword(), enabled, accountNonExpired,
                credentialsNonExpired, accountNonLocked,
                getAuthorities(role.getRoleName()));
    }

    public Collection<? extends GrantedAuthority> getAuthorities(String role) {
        List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
        return authList;
    }

    public List<String> getRoles(String role) {

        List<String> roles = new ArrayList<String>();
        if ("ROLE1".equals(role)) {
            roles.add("ROLE1");
        } else if ("ROLE2".equals(role)) {
            roles.add("ROLE2");
        }
        else if ("ROLE3".equals(role)) {
            roles.add("ROLE3");
        }
        return roles;
    }

    public static List<GrantedAuthority> getGrantedAuthorities(
            List<String> roles) {
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

        for (String role : roles) {
            authorities.add(new SimpleGrantedAuthority(role));
        }
        return authorities;
    }

现在您需要在 dao 中创建一种方法来根据用户名获取用户 pojo。然后它会正常工作

于 2013-08-13T11:53:14.453 回答
1

您是否在类路径中包含了 spring aop jar 文件?

于 2013-03-05T07:30:08.500 回答