2

我正在创建一个 OAuth 授权服务器,它使用 Spring Security 作为我的部分 servlet 周围的安全层。其中一个重要部分是使用DelegatingFilterProxy映射到springSecurityFilterChain bean,它需要一个WebApplicationContext实例。

标准解决方案是包含一个ContextLoaderListener关联的contextConfigLocation配置。但这需要为 root 创建一个单独的配置,WebApplicationContext在我看来,这会使事情变得不必要地复杂化。

根据 Spring MVC 文档,每个DispatcherServlet都有自己的WebApplicationContext实例。更重要的是,通过阅读 的代码DelegatingFilterProxy,应该可以WebApplicationContext在构建时注入一个实例。

所以我的问题是:我可以将 DispatcherServlet WebApplicationContext 设置为 DelegatingFilterProxy 的实例吗?

这是我目前的相关配置:

网页.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="
            http://xmlns.jcp.org/xml/ns/javaee
            http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

    <!-- Enable Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet>
        <servlet-name>oauth</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>    
        <init-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>/WEB-INF/servlet.xml</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>oauth</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

servlet.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/security/oauth2
        http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <mvc:annotation-driven/>

    <!-- ... Spring MVC config ... -->

    <!-- Spring Security OAuth Config -->
    <security:global-method-security pre-post-annotations="enabled" />

    <oauth:authorization-server client-details-service-ref="clientDetails"
                                token-services-ref="tokenServices"
                                token-endpoint-url="/api/token">
        <oauth:refresh-token/>
        <oauth:client-credentials/>
    </oauth:authorization-server>

    <!-- ... loads more OAuth config ... -->

</beans>
4

1 回答 1

2

DispatcherServlet(作为 的任何子类)将使用属性名称FrameworkServlet发布其: 。WebApplicationContextServletContextorg.springframework.web.servlet.FrameworkServlet.CONTEXT.<servlet-name>

同时DelegatingFilterProxy可以通过设置其参数来告诉不要使用root WebApplicationContext,而是使用另一个存储在其中的root。ServletContextcontextAttribute

在您的情况下,所需的配置将是:

<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>contextAttribute</param-name>
        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.oauth </param-value>
    </init-param>
</filter>

查看更多关于如何在 .java 的 javadoc 中DelegatingFilterProxy查找的信息。WebApplicationContextfindWebApplicationContext()

于 2013-07-29T11:51:21.637 回答