1
、この方法は、Webページのセキュリティを構成するために追加されます:交換使用してXML設定は、私はJava構成クラスで春のセキュリティを構成していた過去の春のプロジェクトでは、
@Override
public void configure(WebSecurity web) throws Exception {
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setPermissionEvaluator(permissionEvaluator);
web.expressionHandler(handler);
}
設定クラスはWebSecurityConfigurerAdapterのサブクラスでした。
私の最近のプロジェクトでは、XML構成を使用していますが、XMLを使用してこの同じサブジェクトを構成する方法が見つかりませんでした。誰かがそれをする方法のヒントを与えることができますか?
PS:春のセキュリティのための私の現在のXML構成:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<security:http pattern="/" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/js/**" security="none"></security:http>
<security:http pattern="/c/**" security="none"></security:http>
<security:http pattern="/p/**" security="none"></security:http>
<security:http pattern="/page/**" security="none"></security:http>
<security:http use-expressions="true" auto-config="true">
<security:form-login login-page="/signin"
login-processing-url="/login" username-parameter="login"
password-parameter="senha" default-target-url="/"
always-use-default-target="true" />
<security:logout logout-url="/logout"
delete-cookies='JSESSIONID' logout-success-url="/" />
<security:remember-me key="remember-me"
remember-me-parameter="remember-me" remember-me-cookie="remember-me" />
<security:csrf disabled="true" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="dataSource"></property>
<property name="usersByUsernameQuery" value="select login, senha, enabled from usuario where login = ?"></property>
<property name="authoritiesByUsernameQuery" value="SELECT t1.username, t2.authority FROM (SELECT u.login as username, c.nome as credencial FROM usuario u, usuario_credencial uc, credencial c WHERE u.id = uc.usuario_id and c.id = uc.credenciais_id) as t1 INNER JOIN (SELECT c.nome as credencial, a.nome as authority FROM credencial c, credencial_autorizacao ca, autorizacao a WHERE c.id = ca.credencial_id and a.id = ca.autorizacoes_id) as t2 ON t1.credencial = t2.credencial WHERE t1.username = ?;"></property>
</bean>
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<constructor-arg name="strength" value="4"></constructor-arg></bean>
<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="permissionEvaluator"></property></bean>
<bean id="permissionEvaluator" class="org.kleber.MyPermissionEvaluator"></bean>
</beans>