Конфигурация Stormpath Spring Security Java
Я перевожу настроенное приложение Spring XML на одно настроенное Spring Java. Я новичок в конфигурации Java, не нашел, как должна выглядеть конфигурация. Я смотрю на их пример приложения (Stormpath's), и это конфигурация на основе XML.
Может ли кто-нибудь помочь мне перевести свое приложение в приложение, настроенное на Java? Я могу получить его оттуда, если у меня есть база для работы.
1 ответ
Решение
Наиболее близким к отображению 1:1 будет:
servlet-context.xml Конфиг будет переведен на это:
/**
* Spring JavaConfig defining this Servlet's request-processing infrastructure
*/
@Configuration
@EnableWebMvc
@ComponentScan("com.stormpath.spring.security.example.controller")
public class ServletContextConfig {
@Bean
InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/");
viewResolver.setSuffix(".jsp");
viewResolver.setViewClass(JstlView.class);
return viewResolver;
}
}
root-context.xml было бы:
/**
* Spring JavaConfig defining shared resources visible to all other web components.
*/
@Configuration
public class RootContextConfig {
//Let's create the Stormpath client using the apiKey.properties file from the User's home folder.
@Bean
ClientFactory stormpathClient(CacheManager cacheManager) {
ClientFactory clientFactory = new ClientFactory();
clientFactory.setApiKeyFileLocation(System.getProperty("user.home") + File.separator + ".stormpath" + File.separator + "apiKey.properties");
clientFactory.setCacheManager(cacheManager);
return clientFactory;
}
//Let's instantiate the Stormpath Authentication Provider
@Bean
@Autowired
public StormpathAuthenticationProvider stormpathAuthenticationProvider(Client client, String applicationRestUrl) throws Exception {
StormpathAuthenticationProvider stormpathAuthenticationProvider = new StormpathAuthenticationProvider();
stormpathAuthenticationProvider.setClient(client);
stormpathAuthenticationProvider.setApplicationRestUrl(applicationRestUrl);
return stormpathAuthenticationProvider;
}
//Bean for CustomData Management
@Bean
CustomDataManager customDataManager() {
return new CustomDataManager();
}
@Bean
WildcardPermissionEvaluator permissionEvaluator() {
return new WildcardPermissionEvaluator();
}
@Bean
MethodSecurityExpressionHandler methodExpressionHandler(WildcardPermissionEvaluator permissionEvaluator) {
DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler = new DefaultMethodSecurityExpressionHandler();
methodSecurityExpressionHandler.setPermissionEvaluator(permissionEvaluator);
return methodSecurityExpressionHandler;
}
@Bean
DefaultWebSecurityExpressionHandler webExpressionHandler(WildcardPermissionEvaluator permissionEvaluator) {
DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
webSecurityExpressionHandler.setPermissionEvaluator(permissionEvaluator);
return webSecurityExpressionHandler;
}
@Bean
CacheManager cacheManager() {
SimpleCacheManager cacheManager = new SimpleCacheManager();
Collection<Cache> caches = new ArrayList<Cache>();
caches.add(applicationCache().getObject());
caches.add(accountCache().getObject());
caches.add(groupCache().getObject());
caches.add(customDataCache().getObject());
cacheManager.setCaches(caches);
return cacheManager;
}
@Bean
ConcurrentMapCacheFactoryBean applicationCache(){
ConcurrentMapCacheFactoryBean cacheFactoryBean = new ConcurrentMapCacheFactoryBean();
cacheFactoryBean.setName("com.stormpath.sdk.application.Application");
return cacheFactoryBean;
}
@Bean
ConcurrentMapCacheFactoryBean accountCache(){
ConcurrentMapCacheFactoryBean cacheFactoryBean = new ConcurrentMapCacheFactoryBean();
cacheFactoryBean.setName("com.stormpath.sdk.account.Account");
return cacheFactoryBean;
}
@Bean
ConcurrentMapCacheFactoryBean groupCache(){
ConcurrentMapCacheFactoryBean cacheFactoryBean = new ConcurrentMapCacheFactoryBean();
cacheFactoryBean.setName("com.stormpath.sdk.group.Group");
return cacheFactoryBean;
}
@Bean
ConcurrentMapCacheFactoryBean customDataCache(){
ConcurrentMapCacheFactoryBean cacheFactoryBean = new ConcurrentMapCacheFactoryBean();
cacheFactoryBean.setName("com.stormpath.sdk.directory.CustomData");
return cacheFactoryBean;
}
}
а также spring-security.xml было бы:
/**
* Spring JavaConfig defining Spring Security settings.
*/
@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
//The HREF to the Stormpath Application
final String applicationRestUrl = "REPLACE_ME_WITH_YOUR_STORMPATH_APP_REST_URL";
//Let's specify some role here so we can later grant it access to restricted resources
final String roleA = "REPLACE_ME_WITH_YOUR_STORMPATH_GROUP_ALLOWED_TO_ACCESS_THIS_SECURED_RESOURCE";
@Autowired
private AuthenticationProvider stormpathAuthenticationProvider;
//The access control settings are defined here
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.authorizeRequests()
.accessDecisionManager(accessDecisionManager())
.antMatchers("/account/*").hasAuthority(roleA)
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/index.jsp")
.and()
.httpBasic()
.and()
.csrf().disable();
}
@Bean
public AuthenticationManager getAuthenticationManager() throws Exception {
return this.authenticationManagerBean();
}
//Let's add the StormpathAuthenticationProvider to the AuthenticationManager
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(stormpathAuthenticationProvider);
}
//Prevents the addition of the "ROLE_" prefix in authorities
@Bean
public WebExpressionVoter webExpressionVoter() {
WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
return webExpressionVoter;
}
@Bean
public AffirmativeBased accessDecisionManager() {
AffirmativeBased affirmativeBased = new AffirmativeBased(Arrays.asList((AccessDecisionVoter) webExpressionVoter()));
affirmativeBased.setAllowIfAllAbstainDecisions(false);
return affirmativeBased;
}
@Bean
public String getApplicationRestUrl() {
return this.applicationRestUrl;
}
}
Затем в web.xml Вы должны сделать следующие изменения, чтобы новый JavaConfig был выбран.
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
в
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
и наконец:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
за это:
<context-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
com.stormpath.spring.security.example.config.ServletContextConfig,
com.stormpath.spring.security.example.config.RootContextConfig,
com.stormpath.spring.security.example.config.SpringSecurityConfig
</param-value>
</context-param>
Вам также необходимо добавить эту зависимость в ваш проект:
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
Вы можете увидеть полностью перенесенную рабочую версию в их ветке java_config: https://github.com/stormpath/stormpath-spring-security-example/tree/java_config