1. 首页
  2. 问答
  3. XML中的Spring Security 3配置

XML中的Spring Security 3配置

2011-11-17 162 views
3

我试过通过XML配置Spring Security一段时间了,但我似乎无法让它工作。以下是我迄今为止:XML中的Spring Security 3配置

我发现 
<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:context="http://www.springframework.org/schema/context" 
     xmlns:mvc="http://www.springframework.org/schema/mvc" 
     xmlns:security="http://www.springframework.org/schema/security" 
     xsi:schemaLocation="http://www.springframework.org/schema/mvc 
          http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd 
          http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
          http://www.springframework.org/schema/context 
          http://www.springframework.org/schema/context/spring-context-3.0.xsd 
          http://www.springframework.org/schema/security 
          http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

    [...] 

    <security:http auto-config="true"> 
     <security:intercept-url pattern="/**" access="ROLE_USER" /> 
     <security:http-basic /> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider> 
      [???] <!-- What goes here? --> 
     </security:authentication-provider> 
    </security:authentication-manager> 

</beans>

所有教程似乎要我把<user-service>的占位符,而NetBeans将不会自动完成该元素。类似这个元素的唯一的东西是any-user-service,据我所知,它是一个“抽象”元素。

我只想配置内存中的用户和密码列表。我如何在Spring Security 3中做到这一点?

来源

2011-11-17 damd

回答

2 
<security:authentication-manager> 
    <security:authentication-provider user-service-ref="userService"> 
</security:authentication-provider> 

<bean id="userService" class="path.to.your.implementation.of.UserDetailsService" />

,或者您可以在内存中身份验证的基础(而不是,以及):

<security:authentication-manager> 
    <security:authentication-provider user-service-ref="userService"> 
    </security:authentication-provider> 
    <security:authentication-provider user-service-ref="customAdmin">   
    </security:authentication-provider> 
</security:authentication-manager> 

<security:user-service id="customAdmin"> 
<security:user name="yourUserName" password="yourPassword" authorities="ROLE_USER, ROLE_ADMIN" /> 
<security:user name="yourOtherUserName" password="yourOtherPassword" authorities="ROLE_USER, ROLE_ADMIN" /> 
</security:user-service>

的官方文档春天总是best place to read,恕我直言。

来源

2011-11-17 13:56:36 NimChimpsky

1

自己写的org.springframework.security.authentication.AuthenticationProvider,创建bean和你的认证管理器提供了一个参考:

<authentication-manager> 
    <authentication-provider ref="com.example.CustomAuthenticationProvider"/> 
</authentication-manager>

或者你可以只提供用户名和密码与他们有关当局(嘲讽,当我用这个)

<authentication-manager> 
    <authentication-provider> 
     <user-service> 
      <user name="test" password="test" authorities="ROLE_AUTHENTICATED" /> 
     </user-service> 
    </authentication-provider> 
</authentication-manager>

来源

2011-11-17 13:57:42

+0

谢谢,但正如我在我的问题中解释的那样,“用户服务”在该位置似乎并不是一个有效的元素。我认为这可能是Spring Security的一个相对较新的变化。 – damd

相关问题

 相关问题