开发者

Spring Security 3.0.5 - How to specify datasource in security.xml?

开发者 https://www.devze.com 2023-04-10 21:51 出处:网络
Could somebody help me with the \"java.lang.IllegalArgumentException: No DataSource specified\" issue while defining secured URLs dynamically against AppFuse 2.1 (with Spring Security 3.0.5 and iBatis

Could somebody help me with the "java.lang.IllegalArgumentException: No DataSource specified" issue while defining secured URLs dynamically against AppFuse 2.1 (with Spring Security 3.0.5 and iBatis)??

Before I started to define secured URLs dynamically, the following namespace in security.xml was working fine.

...
<http auto-config="false" lowercase-comparisons="false">
    <intercept-url pattern="/images/**" filters="none"/>
    <intercept-url pattern="/styles/**" filters="none"/>
    <intercept-url pattern="/scripts/**" filters="none"/>
    <intercept-url pattern="/app/admin/**" access="ROLE_ADMIN,ROLE_USER"/>
    <intercept-url pattern="/app/passwordHint*"  access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
    <intercept-url pattern="/app/signup*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
    <intercept-url pattern="/app/**" access="ROLE_ADMIN,ROLE_USER"/>
    <form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check"/>
    <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userDao">
        <password-encoder ref="passwordEncoder"/>
    </authentication-provider>
</authentication-manager>
...

But after I commented out the element and add the following elements in security.xml, the "userDao" did not work due to no datasource specified.

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xsi:schemaLocation="http://www.springframework.org/schema/beans    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<beans:bean id="springSecurityFilterChain"
            class="org.springframework.security.web.FilterChainProxy">
    <filter-chain-map path-type="ant">
        <filter-chain pattern="/images/**" filters="none"/>
        <filter-chain pattern="/styles/**" filters="none"/>
        <filter-chain pattern="/scripts/**" filters="none"/>
        <filter-chain pattern="/app/**" filters="
        securityContextPersistenceFilter,
        logoutFilter,
        authenticationProcessingFilter,
        exceptionTranslationFilter,
        filterSecurityInterceptor"/>
    </filter-chain-map>
</beans:bean>

<beans:bean id="securityContextPersistenceFilter"
              class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
</beans:bean>
<beans:bean id="logoutFilter"
            class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <beans:constructor-arg value="/login"/>
    <beans:constructor-arg ref="logoutHandler">
    </beans:constructor-arg>
</beans:bean>
<beans:bean id="logoutHandler"
            class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
</beans:bean>
<beans:bean id="authenticationProcessingFilter"
            class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="authenticationSuccessHandler"
                    ref="authenticationSuccessHandler"/>
    <beans:property name="filterProcessesUrl" value="/j_security_check"/>
</beans:bean>
<beans:bean id="authenticationSuccessHandler"
            class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/app/mainMenu"/>
</beans:bean>
<beans:bean id="exceptionTranslationFilter"
            class="org.springframework.security.web.access.ExceptionTranslationFilter">
    <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
    <beans:property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</beans:bean>

<beans:bean id="authenticationEntryPoint"
            class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:property name="loginFormUrl" value="/login"/>
</beans:bean>

<beans:bean id="accessDeniedHandler"
            class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
    <beans:property name="errorPage" value="/403.jsp"/>
</beans:bean>


<beans:bean id="filterSecurityInterceptor"
            class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
    <beans:property name="securityMetadataSource" ref="myFilterInvocationSecurityMetadataSource"/>
</beans:bean>
<beans:bean id="myFilterInvocationSecurityMetadataSource"
            class="com.tangram.ebiz.webapp.authentication.MyFilterInvocationSecurityMetadataSource">
</beans:bean>


<beans:bean id="accessDecisionManager"
            class="org.springframework.security.access.vote.AffirmativeBased">
    <beans:property name="decisionVoters">
        <beans:list>
            <be开发者_如何学Goans:bean class="org.springframework.security.access.vote.RoleVoter">
                <beans:property name="rolePrefix" value="ROLE_"/>
            </beans:bean>
            <beans:bean
                    class="org.springframework.security.access.vote.AuthenticatedVoter"/>
        </beans:list>
    </beans:property>
</beans:bean>


<beans:bean id="userDao"
            class="com.tangram.ebiz.dao.ibatis.UserDaoiBatis">
    <beans:property name="sqlMapClient" ref="sqlMapClient"/>
</beans:bean>
<beans:bean id="sqlMapClient"
            class="com.ibatis.sqlmap.engine.impl.SqlMapClientImpl">
    <beans:constructor-arg ref="sqlMapExecutorDelegate"/>
</beans:bean>
<beans:bean id="sqlMapExecutorDelegate"
            class="com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate">
</beans:bean>

<beans:bean id="dataSource"
            class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <beans:property name="driverClassName" value="oracle.jdbc.OracleDriver"/>
    <beans:property name="url" value="jdbc:oracle:thin:@localhost:1521:XE"/>
    <beans:property name="username" value="ebiz"/>
    <beans:property name="password" value="ebiz"/>
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref local="daoAuthenticationProvider"/>
            <beans:ref local="anonymousAuthenticationProvider"/>
        </beans:list>
    </beans:property>
</beans:bean>

<beans:bean id="daoAuthenticationProvider"
            class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDao"/>
    <beans:property name="passwordEncoder" ref="passwordEncoder"/>
</beans:bean>
<beans:bean id="anonymousAuthenticationProvider"
            class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
    <beans:property name="key" value="doesNotMatter"/>
</beans:bean>
<!-- Override the default password-encoder (SHA) by uncommenting the following and changing the class -->
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>

<global-method-security>
    <protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>
    <protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
</global-method-security>
</beans:beans>


If you are using a custom user service, you need to ref that:

<security:authentication-manager>
    <security:authentication-provider user-service-ref="myUserDetailsService">
        <security:password-encoder ref="md5" />
    </security:authentication-provider>
</security:authentication-manager>

If you are using JDBC and just going against a set of tables, you just ref the datasource:

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="my-ds"/>
        <security:password-encoder hash="md5"/>
    </security:authentication-provider>
</security:authentication-manager>
0

精彩评论

暂无评论...
验证码 换一张
取 消