1
我試圖春季安全與struts1.2整合(使用LDAP)在一個簡單的應用 我必須的applicationContext-security.xml文件春季安全與支柱整合
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<s:http>
<s:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<s:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
<s:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:form-login />
<s:anonymous />
<s:logout />
</s:http>
<!-- Simple namespace-based configuration -->
<s:ldap-server ldif="classpath:users.ldif" port="33389"/>
<s:authentication-manager>
<s:ldap-authentication-provider
group-search-filter="member={0}"
group-search-base="ou=groups"
user-search-base="ou=people"
user-search-filter="uid={0}"
/>
<s:authentication-provider ref='secondLdapProvider' />
</s:authentication-manager>
<!-- Traditional Bean version of the same configuration -->
<!-- This bean points at the embedded directory server created by the ldap-server element above -->
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
</bean>
<bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="ou=people"/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=groups" />
<property name="groupSearchFilter" value="(member={0})"/>
<property name="rolePrefix" value="ROLE_"/>
<property name="searchSubtree" value="true"/>
<property name="convertToUpperCase" value="true"/>
</bean>
</constructor-arg>
</bean>
和的struts-config .XML
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.3//EN" "http://struts.apache.org/dtds/struts-config_1_3.dtd">
<struts-config>
<form-beans>
<form-bean name="helloForm" type="com.form.HelloForm"/>
</form-beans>
<action-mappings>
<action path="/helloForm" type="com.action.HelloAction" name="helloForm">
<forward name="success" path="/secure/helloForm.jsp" />
</action>
</action-mappings>
</struts-config>
和web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<display-name>Spring Security LDAP Demo Application</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
/WEB-INF/struts-config.xml
</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>ldap.root</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
在我的index.jsp
<p><a href="secure/index.jsp">Secure page</a></p>
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
所以當我嘗試訪問安全 春季安全做工精細,當我在安全/ index.jsp的 成功,但 登錄我使用<jsp:forward page="/helloForm.do"></jsp:forward>
和的HelloForm .JSP
<body>
<h1>
<bean:write name="helloForm" property="message" />
</h1>
<h2>Hello and Welcome</h2>
</body>
當我運行它
我展示
您好,歡迎光臨,但我不能得到的ActionForm的消息,我在FormAction
public class HelloAction extends Action {
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
// TODO Auto-generated method stub
HelloForm helloForm = new HelloForm();
helloForm.setMessage("Welcome this is secure page");
return mapping.findForward("success");
}
}