7

我是 vaadin 和 spring 安全的新手,我想知道是否有人有一个完整的项目示例,说明 vaadin 7.1 + spring-security 集成在 tomcat 服务器(而不是码头)中运行。

4

4 回答 4

7

Vaadin 7 与 Spring Security 轻松集成。您应该只配置 2 个文件。第一个 - web.xml 和第二个 spring-security.xml(用户凭据和安全设置)。这是如何使用基本形式进行身份验证的小例子。

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Vaadin7SpringSecurity</display-name>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring/spring-security.xml
    </param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- filter declaration for Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

弹簧安全.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config='true'>
  <intercept-url pattern="/*" access="ROLE_USER" />
</http>

<authentication-manager>
  <authentication-provider>
    <user-service>
      <user name="user" password="password" authorities="ROLE_USER" />
    </user-service>
  </authentication-provider>
</authentication-manager>  

</beans:beans>

有关更多详细信息,您可以使用Spring 资源如何扩展spring-security.xml配置。

于 2013-11-23T22:14:43.470 回答
2

你应该看看这个GitHub 项目。这是一个Vaadin 7.1 + Spring 3.1.2.RELEASE + Spring-Vaadin 集成 2.0.1项目。里面还有一个 Jetty 插件,但是你也可以在 tomcat 中运行/部署它而不会出现问题。

于 2013-09-04T07:37:23.850 回答
0

是一个集成 Vaadin 和 Spring Security 的小项目。它是在 Scala 中完成的,但显然也适用于 Java。代码在这里

于 2013-09-15T10:15:38.990 回答
0

对于使用最新的spring-security引用上面的例子,我遇到了以下错误并提供我的灵魂:

错误1

Context initialization failed
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or spring-security-3.1.xsd schema or spring-security-3.2.xsd schema with Spring Security 4.0. Please update your schema declarations to the 4.0 schema.

您应该检查您的 spring-* 版本并更新spring-security.xml的标头标签。例如:我使用spring-beans-4.1.6.RELEASEspring-security-4.0.2.RELEASE。所以我将其更新为:

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-4.0.xsd">

错误2

HTTP Status 500 - Failed to evaluate expression 'ROLE_USER'
...
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Property or field 'ROLE_USER' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' - maybe not public?
...

根据这个资源的提示,你应该修改intercept-url标签如下:

<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

错误3

HTTP Status 403 - Expected CSRF token not found. Has your session expired?

这是因为 spring-security 默认启用 CSRF 保护,这与 Vaadin 冲突。您应该在http中添加一个新标签:

<csrf disabled="true" />

这是我完整的spring-security.xml供参考:

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <http auto-config='true'>
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
        <csrf disabled="true" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="yourUsername" password="yourPassoword" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>
于 2015-09-14T02:04:18.777 回答