- 浏览: 115296 次
- 性别:
- 来自: 深圳
文章分类
最新评论
-
distinys:
<div class="quote_title ...
springsecurity3.0.5应用 -
Qkxh320:
<div class="quote_title ...
springsecurity3.0.5应用 -
dafa1892:
非常感谢,把我的问题解决了。
maven编译文件路径设置 -
xumen:
我的后台传回来的Json是{"key":& ...
json时间格式转为ext -
xumen:
我的怎么没效果啊?ext3.4 gridpanel中..... ...
json时间格式转为ext
花了一些时间了解了一下springsecurity
SS配置主要包括如下:
*web.xml和spring中进行相应配置
*UserDetails
*创建过滤器
*用户权限获取
*资源权限获取
*决策类(依据上面两集合进行判断)
applicationContext-security.xml其中Bean的配置主要是应用注释,ss的spring配置都此文件中。
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd" default-lazy-init="true"> <!-- 国际化资源引入 --> <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <property name="basename" value="classpath:i18nResources_zh_CN.properties" /> </bean> <!-- 设置登录页面为login.jsp且不拦截页面login.jsp后面的*防止带了参数 --> <s:http auto-config="true" access-denied-page="/denied.jsp"> <s:form-login login-page="/login.jsp" default-target-url="/index.jsp" authentication-failure-url="/login.jsp"/> <s:intercept-url pattern="/login.jsp*" filters="none" /> <!-- session失效 --> <s:session-management invalid-session-url="/invalid.jsp" /> <!-- 自定义过滤器 --> <s:custom-filter ref="customFilter" before="FILTER_SECURITY_INTERCEPTOR"/> </s:http> <bean id="customFilter" class="com.sc.ss.security.CustomFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource" ref="securityMetadataSource"/> </bean> <!-- 认证md5加密密码(原密码加盐值进行加密) --> <s:authentication-manager alias="authenticationManager"> <s:authentication-provider user-service-ref="userDetailManager"> <s:password-encoder hash="md5"> <s:salt-source user-property="username"/> </s:password-encoder> </s:authentication-provider> </s:authentication-manager> </beans>
applicationContext.xml配置:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <!-- 当使用<context:component-scan base-package="com.cc" />时, 就无需使用<context:annotation-config />, 因为<context:component-scan base-package="com.cc" /> 会开始<context:annotation-config />里面包含的处理器 --> <context:annotation-config /> <!-- 自动查找配置的bean --> <context:component-scan base-package="com.sc.ss" /> <!-- **********引入hibernate的配置属性文件************ --> <bean id="extendedPropertyPlaceholderConfigurer" class="com.scommon.util.properties.ExtendedPropertyPlaceholderConfigurer"> <property name="locations"> <list> <value>classpath:hibernate.properties</value> <value>classpath:global.properties</value> </list> </property> </bean> <!-- ****************************************数据源*************************************************************** --> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close"> <!-- 指定连接数据库的驱动 --> <property name="driverClass" value="${driver_class}" /> <!-- 指定连接数据库的URL --> <!-- &zeroDateTimeBehavior=convertToNull是为了避免因数据库中为date类型的数据为0000-00-00, 若为此值hibernate会报错‘Cannot convert value '0000-00-00 00:00:00' from column 1 to TIMESTAMP’ --> <property name="jdbcUrl" value="${url}" /> <!-- 指定连接数据库的用户名 --> <property name="user" value="${username}" /> <!-- 指定连接数据库的密码 --> <property name="password" value="${password}" /> <!-- 指定连接数据库连接池的最大连接数 --> <property name="maxPoolSize" value="${maxPoolSize}" /> <!-- 指定连接数据库连接池的最小连接数 --> <property name="minPoolSize" value="${minPoolSize}" /> <!-- 指定连接数据库连接池的初始化连接数 --> <property name="initialPoolSize" value="${initialPoolSize}" /> <!-- 指定连接数据库连接池的连接的最大空闲时间 --> <property name="maxIdleTime" value="${maxIdleTime}" /> <property name="idleConnectionTestPeriod" value="${idleConnectionTestPeriod}" /> </bean> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean"> <property name="dataSource"> <ref bean="dataSource" /> </property> <!-- 自动搜索包里面的实体类 --> <property name="packagesToScan"> <list> <value>com.sc.ss.model</value> </list> </property> <property name="hibernateProperties"> <props> <prop key="hibernate.dialect">${dialect}</prop> <prop key="hibernate.show_sql">${show_sql}</prop> <prop key="hibernate.format_sql">${format_sql}</prop> <prop key="hibernate.hbm2ddl.auto">${auto}</prop> </props> </property> </bean> <!-- 配置事务 begin --> <bean id="txManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory" ref="sessionFactory" /> </bean> <bean id="txJDBCManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource" /> </bean> <tx:advice id="txAdvice" transaction-manager="txManager"> <tx:attributes> <tx:method name="*" propagation="REQUIRED" /> </tx:attributes> </tx:advice> <tx:advice id="txJDBCAdvice" transaction-manager="txJDBCManager"> <tx:attributes> <tx:method name="*" propagation="REQUIRED" /> </tx:attributes> </tx:advice> <aop:config> <aop:pointcut id="bussinessService" expression="execution(public * com.sc.ss.service.*.*(..))" /> <aop:advisor pointcut-ref="bussinessService" advice-ref="txAdvice" /> </aop:config> <aop:config> <aop:pointcut expression="execution(public * com.sc.ss.security.*.*(..))" id="jdbcBussinessService" /> <aop:advisor pointcut-ref="jdbcBussinessService" advice-ref="txJDBCAdvice" /> </aop:config> <!-- 配置事务 end --> </beans>
web.xml文件:
<!-- ss3过滤器链 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern> /* </url-pattern> </filter-mapping>
sql文件:
DROP TABLE IF EXISTS `authorities`; CREATE TABLE `authorities` ( `id` varchar(32) COLLATE utf8_bin NOT NULL, `name` varchar(20) COLLATE utf8_bin NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; /*Data for the table `authorities` */ insert into `authorities`(`id`,`name`) values ('1312869365835e2baaac768e4c079c14','发贴'),('13128693bb8a5e2baaac768e4c057d23','进入系统'),('13128693bb8a5e2baaac768e4c079c14','删帖'); /*Table structure for table `authorities_resources` */ DROP TABLE IF EXISTS `authorities_resources`; CREATE TABLE `authorities_resources` ( `id` varchar(32) COLLATE utf8_bin NOT NULL, `authorities` varchar(32) COLLATE utf8_bin DEFAULT NULL, `resource` varchar(32) COLLATE utf8_bin DEFAULT NULL, PRIMARY KEY (`id`), KEY `FK401C1687DEFE40` (`authorities`), KEY `FK401C168771EB41B1` (`resource`), CONSTRAINT `FK401C168771EB41B1` FOREIGN KEY (`resource`) REFERENCES `resources` (`id`), CONSTRAINT `FK401C1687DEFE40` FOREIGN KEY (`authorities`) REFERENCES `authorities` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; /*Data for the table `authorities_resources` */ insert into `authorities_resources`(`id`,`authorities`,`resource`) values ('1312869365835e2baabbaaeeec079c14','1312869365835e2baaac768e4c079c14','1312869365835e2baaacaaae4c079c14'),('13128693bb8b3e2bacdc768e4c057d23','13128693bb8a5e2baaac768e4c057d23','13128abcbb8bbe55abac768e4c079c14'),('13128abcbb8aaa2daaac768e4c079c14','13128693bb8a5e2baaac768e4c079c14','13128abcbb8a5e23aaac768e4c079c14'); /*Table structure for table `resources` */ DROP TABLE IF EXISTS `resources`; CREATE TABLE `resources` ( `id` varchar(32) COLLATE utf8_bin NOT NULL, `describle` varchar(255) COLLATE utf8_bin DEFAULT NULL, `enabled` int(11) DEFAULT NULL, `name` varchar(32) COLLATE utf8_bin NOT NULL, `url` varchar(20) COLLATE utf8_bin NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; /*Data for the table `resources` */ insert into `resources`(`id`,`describle`,`enabled`,`name`,`url`) values ('1312869365835e2baaacaaae4c079c14',NULL,1,'发贴','/post.action'),('13128abcbb8a5e23aaac768e4c079c14',NULL,1,'删帖','/delete.action'),('13128abcbb8bbe55abac768e4c079c14',NULL,1,'进入系统','/index.jsp'); /*Table structure for table `role_authorities` */ DROP TABLE IF EXISTS `role_authorities`; CREATE TABLE `role_authorities` ( `id` varchar(32) COLLATE utf8_bin NOT NULL, `authorities` varchar(32) COLLATE utf8_bin DEFAULT NULL, `role` varchar(32) COLLATE utf8_bin DEFAULT NULL, PRIMARY KEY (`id`), KEY `FKD255F0D8DEFE40` (`authorities`), KEY `FKD255F0D8A8FA3DB1` (`role`), CONSTRAINT `FKD255F0D8A8FA3DB1` FOREIGN KEY (`role`) REFERENCES `roles` (`id`), CONSTRAINT `FKD255F0D8DEFE40` FOREIGN KEY (`authorities`) REFERENCES `authorities` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; /*Data for the table `role_authorities` */ insert into `role_authorities`(`id`,`authorities`,`role`) values ('13128633253bbaab9c3c768e4c079c14','1312869365835e2baaac768e4c079c14','1312863325335e1b9c3c768e4c079c14'),('1312869363835e2babcd768e4c079c14','13128693bb8a5e2baaac768e4c079c14','1312863325335e1b9c3c768e4c079c14'),('1312869365835e2b4cab76834c079c45','1312869365835e2baaac768e4c079c14','1312869365835e2b4c3c768e4c079c14'),('13128693bb8a5e2baaac768ejcab7d23','13128693bb8a5e2baaac768e4c057d23','1312869365835e2b4c3c768e4c079c14'),('13128693ew8a5e2maaac768e4c057d23','13128693bb8a5e2baaac768e4c057d23','1312863325335e1b9c3c768e4c079c14'); /*Table structure for table `roles` */ DROP TABLE IF EXISTS `roles`; CREATE TABLE `roles` ( `id` varchar(32) COLLATE utf8_bin NOT NULL, `name` varchar(30) COLLATE utf8_bin NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; /*Data for the table `roles` */ insert into `roles`(`id`,`name`) values ('1312863325335e1b9c3c768e4c079c14','管理员'),('1312869365835e2b4c3c768e4c079c14','普通用户'); /*Table structure for table `user_roles` */ DROP TABLE IF EXISTS `user_roles`; CREATE TABLE `user_roles` ( `id` varchar(32) COLLATE utf8_bin NOT NULL, `role` varchar(32) COLLATE utf8_bin DEFAULT NULL, `user` varchar(32) COLLATE utf8_bin DEFAULT NULL, PRIMARY KEY (`id`), KEY `FK73429949A8FA3DB1` (`role`), KEY `FK73429949A927A851` (`user`), CONSTRAINT `FK73429949A927A851` FOREIGN KEY (`user`) REFERENCES `users` (`id`), CONSTRAINT `FK73429949A8FA3DB1` FOREIGN KEY (`role`) REFERENCES `roles` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; /*Data for the table `user_roles` */ insert into `user_roles`(`id`,`role`,`user`) values ('1312863323335a1b9b3c768s4c079c14','1312869365835e2b4c3c768e4c079c14','1312869365235e1b9c4c768e4c079c15'),('1312869365835e2b4c3c263e4a079c22','1312863325335e1b9c3c768e4c079c14','1312869365235e1b9c3c768e4c079c14'); /*Table structure for table `users` */ DROP TABLE IF EXISTS `users`; CREATE TABLE `users` ( `id` varchar(32) COLLATE utf8_bin NOT NULL, `enabled` int(11) NOT NULL, `password` varchar(50) COLLATE utf8_bin NOT NULL, `username` varchar(20) COLLATE utf8_bin NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; /*Data for the table `users` */ insert into `users`(`id`,`enabled`,`password`,`username`) values ('1312869365235e1b9c3c768e4c079c14',1,'ceb4f32325eda6142bd65215f4c0f371','admin'),('1312869365235e1b9c4c768e4c079c15',1,'47a733d60998c719cf3526ae7d106d13','user');
/* ClassName:AccessDecisionManager * Function: 决策类 * 当请求访问时,判断用户是否具有访问所需的所有权限 * @author sux * @version 1.0, 2011-8-17 * @since ss31.0 */ @Component("accessDecisionManager") public class AccessDecisionManager implements org.springframework.security.access.AccessDecisionManager{ org.apache.commons.logging.Log log = LogFactory.getLog(AccessDecisionManager.class); /** * authentication用户认证后 存有用户的所有权限 * configAttributes访问所需要的权限 * 若无权则抛出异常 */ public void decide(Authentication authentication, Object arg1, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { if(null == configAttributes){ return; } for(ConfigAttribute configAttribute : configAttributes){ for(GrantedAuthority gAuthority : authentication.getAuthorities()){ log.info("conf="+configAttribute.getAttribute()+" auth="+gAuthority.getAuthority()); if(configAttribute.getAttribute().trim().equals(gAuthority.getAuthority().trim())){ return; } } } //无权限抛出拒绝异常 throw new AccessDeniedException(""); } public boolean supports(ConfigAttribute arg0) { return true; } public boolean supports(Class<?> arg0) { return true; } }
/** * ClassName:CustomFilter * Function: TODO ADD FUNCTION * * @author sux * @version 1.0, 2011-8-16 * @since ss31.0 */ public class CustomFilter extends AbstractSecurityInterceptor implements Filter{ private FilterInvocationSecurityMetadataSource securityMetadataSource; @Override public Class<? extends Object> getSecureObjectClass() { return FilterInvocation.class; } @Override public SecurityMetadataSource obtainSecurityMetadataSource() { return this.securityMetadataSource; } public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); InterceptorStatusToken token = super.beforeInvocation(fi); try{ fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); }finally{ super.afterInvocation(token, null); } } public void init(FilterConfig arg0) throws ServletException { } public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() { return securityMetadataSource; } public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource securityMetadataSource) { this.securityMetadataSource = securityMetadataSource; } }
/**
* ClassName:SecurityMetadataSource * Function: 资源与权限建立管理 * 在服务器启动时就加载所有访问URL所需的权限,存入resourceMap集合中。 * Spring在设置完一个bean所有的合作者后,会检查bean是否实现了InitializingBean接口, * 如果实现就调用bean的afterPropertiesSet方法。 但这样便造成bean和spring的耦合, * 最好用init-method * @author sux * @version 1.0, 2011-8-17 * @since ss31.0 */ @Component("securityMetadataSource") public class SecurityMetadataSource implements FilterInvocationSecurityMetadataSource, InitializingBean{ org.apache.commons.logging.Log log = LogFactory.getLog(SecurityMetadataSource.class); private UrlMatcher urlMatcher = new AntUrlPathMatcher(); private Map<String, Collection<ConfigAttribute>> resourceMap = null; private AuthoritiesDao authoritiesDao; private ResourcesDao resourcesDao; /** * 构造方法中建立请求url(key)与权限(value)的关系集合 */ public void afterPropertiesSet() throws Exception { //查询出所有资源 List<String> urls = resourcesDao.findAllUrl(); Collection<ConfigAttribute> cAttributes = null; resourceMap = new HashMap<String, Collection<ConfigAttribute>>(); for(String url : urls){ List<String> auths = authoritiesDao.findNameByUrl(url); if(resourceMap.containsKey(url)){ cAttributes = resourceMap.get(url); }else{ cAttributes = new ArrayList<ConfigAttribute>(); } for(String auth : auths){ ConfigAttribute ca = new SecurityConfig(auth); cAttributes.add(ca); } resourceMap.put(url, cAttributes); } log.info(resourceMap); } public Collection<ConfigAttribute> getAllConfigAttributes() { return null; } /** * 根据请求的url从集合中查询出所需权限 */ public Collection<ConfigAttribute> getAttributes(Object arg0) throws IllegalArgumentException { String url = ((FilterInvocation) arg0).getRequestUrl(); log.info("request url is "+url); int position = url.indexOf("?"); if(-1 != position){ url = url.substring(0, position); } Iterator<String> it = resourceMap.keySet().iterator(); while(it.hasNext()){ //判断两地址是否相同 if(urlMatcher.pathMatchesUrl(url, it.next())){ log.info(resourceMap.get(url)); return resourceMap.get(url); } } return null; } /** * 返回false则报错 * SecurityMetadataSource does not support secure object class: * class org.springframework.security.web.FilterInvocation */ public boolean supports(Class<?> arg0) { return true; } public AuthoritiesDao getAuthoritiesDao() { return authoritiesDao; } @Resource public void setAuthoritiesDao(AuthoritiesDao authoritiesDao) { this.authoritiesDao = authoritiesDao; } public ResourcesDao getResourcesDao() { return resourcesDao; } @Resource public void setResourcesDao(ResourcesDao resourcesDao) { this.resourcesDao = resourcesDao; } }
/**
* ClassName:UserDetailManager * Function: 查询出用户所具有的权限等信息并进行封装得到UserDetails * * @author sux * @version 1.0, 2011-8-16 * @since ss31.0 */ @Component("userDetailManager") public class UserDetailManager implements UserDetailsService { org.apache.commons.logging.Log log = LogFactory.getLog(UserDetailManager.class); private UsersDao usersDao; private AuthoritiesDao authoritiesDao; /** * 根据用户名取得及权限等信息 */ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { Users user = usersDao.findByUsername(username); List<String> authoritiesNames = authoritiesDao.findNameByUsername(username); log.info(authoritiesNames); List<GrantedAuthority> gAuthoritys = new ArrayList<GrantedAuthority>(); for (String authoritiesName : authoritiesNames) { GrantedAuthorityImpl gai = new GrantedAuthorityImpl(authoritiesName); gAuthoritys.add(gai); } return new CustomUserDetails(user.getPassword(), user.getUsername(), true, true, true, true, gAuthoritys); } public UsersDao getUsersDao() { return usersDao; } @Resource public void setUsersDao(UsersDao usersDao) { this.usersDao = usersDao; } public AuthoritiesDao getAuthoritiesDao() { return authoritiesDao; } @Resource public void setAuthoritiesDao(AuthoritiesDao authoritiesDao) { this.authoritiesDao = authoritiesDao; } }
/**
* ClassName:UserDetails * Function:创建UserDetails的实现类,本质为用户详细信息的一个载体 * 在实现类中可以进一步扩展属性 * * @author sux * @version 1.0, 2011-8-16 * @since ss31.0 */ public class CustomUserDetails implements UserDetails { private Collection<GrantedAuthority> authorities; private String password; private String username; private boolean accountNonExpired; private boolean accountNonLocked; private boolean credentialsNonExpired; private boolean enabled; public CustomUserDetails(String password, String username, boolean accountNonExpired, boolean accountNonLocked, boolean credentialsNonExpired, boolean enabled, List<GrantedAuthority> gAuthoritys) { this.password = password; this.username = username; this.accountNonExpired = accountNonExpired; this.accountNonLocked = accountNonLocked; this.credentialsNonExpired = credentialsNonExpired; this.enabled = enabled; this.authorities = gAuthoritys; } public Collection<GrantedAuthority> getAuthorities() { return this.authorities; } public String getPassword() { return this.password; } public String getUsername() { return this.username; } public boolean isAccountNonExpired() { return this.accountNonExpired; } public boolean isAccountNonLocked() { return this.accountNonLocked; } public boolean isCredentialsNonExpired() { return this.credentialsNonExpired; } public boolean isEnabled() { return this.enabled; } }
DaoClass:
@Repository("authoritiesDao") public class AuthoritiesDaoImpl extends BaseDao<Authorities> implements AuthoritiesDao { public List<String> findNameByUsername(String username) { String sql = "SELECT a.name FROM users u, user_roles ur, roles r, role_authorities ra, authorities a WHERE u.username = ? AND u.id = ur.user AND r.id = ur.role AND r.id = ra.role AND a.id = ra.authorities"; List<String> authoritiesNames = super.findBySQL(sql, username); return authoritiesNames; } public List<String> findNameByUrl(String url) { String sql = "select a.name from authorities a, authorities_resources ar, resources r " + "where r.url = ? and r.id = ar.resource and a.id = ar.authorities"; return super.findBySQL(sql, url); } }
login.jsp:
<html> <head> <base href="<%=basePath%>"> <title>login</title> </head> 其中name和action都是固定的 <body> ${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message } <form method="post" action="j_spring_security_check"> username: <input type="text" name="j_username"/><br/> password: <input type="password" name="j_password"/><br/> <input type="submit" value="submit"/> </form> </body> </html>
index.jsp:
<body> index.jsp <a href="post.action">post</a> <a href="delete.action">delete</a> </body>
编辑器中不知道为什么不能输入中文了?
从上面的SQL脚本可知post.action和delete.action作为资源保存在资源表中,user具有post权限但没有,delete权限,而admin两者都有。在点击超链接时请求的地址就会进入创建的过滤器中,通过决策类判断用户是否有权限进行访问,无权限是跳转到denied.jsp页面。
- ss3.rar (55.3 KB)
- 下载次数: 94
- SpringSecurity3.0.pdf (1.1 MB)
- 下载次数: 69
- springsecurity3x.pdf (1.3 MB)
- 下载次数: 80
评论
8 楼
distinys
2015-08-25
Qkxh320 写道
createmyidea 写道
glorysongglory 写道
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
我也遇到了这个错误,后面发现可能和决策器里面的supports函数有关,默认返回false,改成返回true之后就能启动了,哦 还有给资源授权的那个类里面的supports函数也返回true就可以了
正解,还没弄清流程,看的头大也没看出来!thanks
正解...搞定了...
7 楼
Qkxh320
2014-04-29
createmyidea 写道
glorysongglory 写道
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
我也遇到了这个错误,后面发现可能和决策器里面的supports函数有关,默认返回false,改成返回true之后就能启动了,哦 还有给资源授权的那个类里面的supports函数也返回true就可以了
正解,还没弄清流程,看的头大也没看出来!thanks
6 楼
socialfist
2013-03-19
在学习中,感谢楼主分享
5 楼
createmyidea
2012-08-08
glorysongglory 写道
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
我也遇到了这个错误,后面发现可能和决策器里面的supports函数有关,默认返回false,改成返回true之后就能启动了,哦 还有给资源授权的那个类里面的supports函数也返回true就可以了
4 楼
orochijk
2012-07-20
感谢楼主分享 最近正在加紧时间学这个呢 呵呵
3 楼
1586810868
2012-07-03
感谢楼主
2 楼
glorysongglory
2012-06-02
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
1 楼
低低D
2011-10-21
不错~~~资料我收下了~~谢谢
发表评论
-
adfasdf
2014-06-18 12:19 0阿斯蒂芬 -
sh配置lob
2012-03-08 21:22 1087spring+hibernate中配置对oracle的 ... -
spring源码学习
2011-07-21 21:56 1047Jar包org.springframewrork.bea ... -
ss整合问题
2010-06-06 12:25 985ss整合问题 初次弄这个就弄了半天。。。。。以下是问题的一些 ... -
struts2.0上传拦截器不起作用
2010-10-22 20:01 1310刚在实用了struts2.0的上传,发现其上传成功,但发现虽然 ... -
EL小数保留位数
2010-10-26 20:59 1649<%@tagliburi="http: ... -
log4j相对路径的配置
2010-10-26 23:36 1279对于下面的方法3没有细看,我用的是listener,设置 ... -
Line: 209 - com/opensymphony/xwork2/spring/SpringO
2011-01-09 22:21 1371启动服务器时出现异常:警告: Failed startu ... -
No result defined for action and result
2011-01-09 23:00 1175No result defined for action an ... -
hibernate方法
2011-01-16 17:01 865clear() 清除Session中缓存的所有对象,并 ... -
SSH三大框架整合需要的JAR包简介
2011-05-11 12:54 1468转:http://www.blogjava.net/weish ... -
基于Ext+S2SH的企业人力资源管理系统
2011-06-18 23:46 1892前些时间写的一个简单的企业人力资源管理系统,前台用到ExtJs ...
相关推荐
标题中的"Spring Framework 3.0.5+Spring Security 3.0.5+ mybatis 3.0.5+ Struts 2.2.3整合代码"涉及到四个关键的Java开发框架,它们分别是Spring Framework、Spring Security、MyBatis和Struts 2。这四个框架在...
《Spring Security 3.0.5.RELEASE:深入理解与应用》 Spring Security是Java领域中广泛使用的安全框架,主要用于实现Web应用的安全控制,包括身份验证、授权等核心功能。在Spring Security 3.0.5.RELEASE版本中,...
### Spring Security 3.0.5中文详解 #### 一、Spring Security简介 Spring Security是一种基于Spring AOP和Servlet过滤器的安全框架,旨在为应用程序提供全面的安全性解决方案。该框架能够在Web请求级别和方法调用...
- springsecurity3.0.5 - commonslogging1.6.1 - oraclejdbc1.1 这些依赖包提供了Spring Security框架运行所必需的类库和驱动支持。 #### 4. 配置过滤器 为了在Spring应用中使用Spring Security,需要在web.xml...
Spring Security 是一个强大的且高度可定制的身份验证和访问控制框架,用于Java应用程序。它为Web应用程序和企业级应用提供了全面的安全解决方案。在这个源码包`spring-security-3.0.5.RELEASE`中,我们可以深入理解...
10. **OAuth支持**:尽管可能不是3.0.5.RELEASE的核心功能,但Spring Security可能已经具备了与OAuth协议集成的基础,允许第三方应用访问受保护的资源。 要深入了解Spring Security 3.0.5.RELEASE,你可以查看官方...
Spring Security为基于J2EE企业应用软件提供了全面安全服务。 特别是使用领先的J2EE解决方案-spring框架开发的企业软件项目。 如果你没有使用Spring开发企业软件,我们热情的推荐你仔细研究一下。 熟悉Spring-尤其是...
7. **Remember Me服务**:Spring Security 3.0.5提供了一种“记住我”(Remember Me)服务,允许用户在一段时间内无须再次输入凭证即可访问应用。 8. **国际化支持**:API文档中还包括了对错误消息和提示的国际化...
13. **Spring Security**:提供认证和授权功能,保护Web应用的安全,如登录、权限控制等。 14. **Spring Boot**:基于Spring框架的快速开发工具,简化了Spring应用的初始配置,提倡"约定优于配置"的原则。 15. **...
Spring Security 是一个强大的且高度可定制的身份验证和访问控制框架,用于保护基于Java的应用程序。这个框架被广泛应用于Web应用程序,提供了一套全面的安全解决方案,包括用户认证、授权、会话管理以及防止常见...
在IT行业中,Spring框架是Java企业级应用开发的首选,而CXF则是一个流行的开源服务框架,用于构建和消费Web服务。"spring 3.0.5 集成cxf"这一主题聚焦于如何将Spring 3.0.5版本与Apache CXF整合,以实现高效、灵活的...
4. **易于集成**:与其他Spring Boot组件无缝集成,如Spring Security,使得加密操作与整个应用流程更加协调。 5. **灵活的加密算法选择**:支持多种加密算法,如BasicEncryptionProvider和...
《Spring Framework 3.0.5.RELEASE:深入解析与应用》 Spring Framework,作为Java开发中的核心框架,以其强大的依赖注入(Dependency Injection,DI)和面向切面编程(Aspect-Oriented Programming,AOP)功能,极...
Spring 3.0.5是Spring框架的一个较早版本,它包含了MVC(Model-View-Controller)模块,这是Spring用于构建Web应用程序的核心组件。在本案例中,我们讨论的是如何利用Spring MVC实现一个简单的登录功能,这通常涉及...
《Spring Framework 3.0.5.RELEASE:深入解析与应用》 Spring Framework作为Java开发中的核心框架,自诞生以来就以其强大的功能和灵活的设计深受开发者喜爱。本篇将聚焦于Spring Framework 3.0.5.RELEASE版本,探讨...
在解压并合并所有部分后,用户将得到Spring 3.0.5的完整依赖集,这可能包括了各种jar文件,它们是运行Spring应用程序所必需的第三方库。这些库可能涵盖了从数据库驱动到日志工具,再到其他框架的接口,如Struts、JSF...
`org.springframework.security`包包含了一系列用于构建安全应用的组件,如`@Secured`注解、过滤器链以及权限控制模型。 总的来说,Spring框架3.0.5的源码揭示了其设计理念和实现细节,通过对这些源代码的阅读和...
Spring Framework 3.0.5 是一个里程碑式的版本,它为Java开发人员提供了一个全面的轻量级应用程序框架,涵盖了从依赖注入到AOP(面向切面编程)的广泛功能。这个版本的发布,为开发者提供了更强大的工具和更丰富的...