使用 Spring Security 3.2.2 和 Spring Framework 3.2.8 的以下 Java Config 配置,即使我使用“.eraseCredentials(false)”,用户密码也会被删除,并且它无法使用 < em="">authentication.getCredentials()。
@Configuration
@EnableWebSecurity
@Order( 1 )
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean( name = "authenticationEntryPoint" )
public LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
return new XhrAwareAuthenticationEntryPoint( "/home?noAuthenticated=expired" );
}
@Bean( name = "acessDeniedHandler" )
public AccessDeniedHandler acessDeniedHandler() {
XhrAwareAccessDeniedHandlerImpl xhrAwareAccessDeniedHandler = new XhrAwareAccessDeniedHandlerImpl();
xhrAwareAccessDeniedHandler.setErrorPage( "/denied" );
return xhrAwareAccessDeniedHandler;
}
@Bean( name = "atlasAuthenticationSuccessHandler" )
public AtlasAuthenticationSuccessHandler atlasAuthenticationSuccessHandler() {
return new AtlasAuthenticationSuccessHandler( "/views/hub" );
}
@Bean( name = "atlasAuthenticationFailureHandler" )
public AtlasAuthenticationFailureHandler atlasAuthenticationFailureHandler() {
return new AtlasAuthenticationFailureHandler( "/home?loginError=error" );
}
@Bean( name = "atlasLogoutSuccessHandler" )
public AtlasLogoutSuccessHandler atlasLogoutSuccessHandler() {
AtlasLogoutSuccessHandler atlasLogoutSuccessHandler = new AtlasLogoutSuccessHandler();
atlasLogoutSuccessHandler.setDefaultTargetUrl( "/home?logoff=disconnect" );
return atlasLogoutSuccessHandler;
}
@Override
public void configure( WebSecurity web ) throws Exception {
web.ignoring().antMatchers( "/resources/**" );
}
@Override
protected void configure( HttpSecurity http ) throws Exception {
http.csrf().disable()
.httpBasic()
.authenticationEntryPoint( this.authenticationEntryPoint() )
.and()
.exceptionHandling()
.accessDeniedHandler( this.acessDeniedHandler() )
.and()
.formLogin()
.usernameParameter( "j_username" )
.passwordParameter( "j_password" )
.loginPage( "/home" )
.loginProcessingUrl( "/login" )
.failureHandler( this.atlasAuthenticationFailureHandler() )
.successHandler( this.atlasAuthenticationSuccessHandler() )
.permitAll()
.and()
.logout()
.logoutUrl( "/logout" )
.logoutSuccessHandler( this.atlasLogoutSuccessHandler() )
.invalidateHttpSession( true )
.permitAll()
.and()
.authorizeRequests()
.antMatchers(
ViewsConstants.VIEWS_URI + "/**",
RssController.RSS_URI + "/**",
ProxySolrController.SEARCH_URI + "/**" )
.authenticated()
.antMatchers( ConfigurationProperties.ADMIN_URI + "/**" ).hasAnyRole( Role.ADMIN )
.antMatchers( "/**" ).permitAll();
}
@Configuration
@Profile( "DES" )
public static class AuthenticacioInMemoryConfig {
@Autowired
public void configureGlobal( AuthenticationManagerBuilder auth ) throws Exception {
auth.eraseCredentials( false ).inMemoryAuthentication()
.withUser( "user" ).password( "atlas" ).authorities( "ROLE_USER" ).and()
.withUser( "admin" ).password( "atlas" ).authorities( "ROLE_ADMIN" );
}
}
@Configuration
@Profile( "PRO" )
@PropertySource( "file:${config.env}/config_env.properties" )
public static class AuthenticacionLdapConfig {
@Value( "${ldap.host}" )
private String host;
@Value( "${ldap.port}" )
private String port;
@Value( "${ldap.basedn}" )
private String baseDn;
@Value( "${ldap.userdn}" )
private String userDn;
@Value( "${ldap.passw}" )
private String password;
@Bean
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
@Bean( name = "contextSource" )
public DefaultSpringSecurityContextSource contextSource() {
DefaultSpringSecurityContextSource contextSource =
new DefaultSpringSecurityContextSource( "ldap://" + this.host + ":" + this.port );
contextSource.setUserDn( this.userDn );
contextSource.setPassword( this.password );
return contextSource;
}
@Bean( name = "userSearch" )
public FilterBasedLdapUserSearch userSearch() {
return new FilterBasedLdapUserSearch( this.baseDn, "(bsalias={0})", this.contextSource() );
}
@Bean( name = "ldapAuthenticator" )
public LdapAuthenticator ldapAuthenticator() {
BindAuthenticator authenticator = new BindAuthenticator( this.contextSource() );
authenticator.setUserSearch( this.userSearch() );
return authenticator;
}
@Bean( name = "atlasAuthoritiesPopulator" )
public AtlasAuthoritiesPopulator atlasAuthoritiesPopulator() {
return new AtlasAuthoritiesPopulator();
}
@Bean( name = "ldapAuthenticationProvider" )
public LdapAuthenticationProvider ldapAuthenticationProvider() {
return new LdapAuthenticationProvider( this.ldapAuthenticator(), this.atlasAuthoritiesPopulator() );
}
@Autowired
public void configureGlobal( AuthenticationManagerBuilder auth ) throws Exception {
auth.eraseCredentials( false ).authenticationProvider( this.ldapAuthenticationProvider() );
}
}
}
但是,使用同样的spring security和spring framework的xml配置运行正常,密码可用。
<context:property-placeholder location="file:${config.env:}/config_env.properties" />
<global-method-security secured-annotations="enabled"/>
<beans:bean id="authenticationEntryPoint"
class="es.isban.atlas.views.web.core.authentication.XhrAwareAuthenticationEntryPoint">
<beans:constructor-arg name="loginFormUrl" value="/home?noAuthenticated=expired"/>
</beans:bean>
<beans:bean id="accessDeniedHandler"
class="es.isban.atlas.views.web.core.authentication.XhrAwareAccessDeniedHandlerImpl">
<beans:property name="errorPage" value="/denied" />
</beans:bean>
<beans:bean id="atlasAuthenticationSuccessHandler"
class="es.isban.atlas.views.web.core.authentication.AtlasAuthenticationSuccessHandler">
<beans:constructor-arg name="defaultTargetUrl" value="/views/hub"/>
</beans:bean>
<beans:bean id="atlasAuthenticationFailureHandler"
class="es.isban.atlas.views.web.core.authentication.AtlasAuthenticationFailureHandler">
<beans:constructor-arg name="defaultFailureUrl" value="/home?loginError=error"/>
</beans:bean>
<beans:bean id="atlasLogoutSuccessHandler"
class="es.isban.atlas.views.web.core.authentication.AtlasLogoutSuccessHandler">
<beans:property name="defaultTargetUrl" value="/home?logoff=disconnect" />
</beans:bean>
<!-- This is where we configure Spring-Security -->
<http use-expressions="true"
entry-point-ref="authenticationEntryPoint">
<access-denied-handler ref="accessDeniedHandler" />
<intercept-url pattern="/*" access="permitAll()"/>
<intercept-url pattern="/views/**" access="isAuthenticated()" />
<intercept-url pattern="/rss/**" access="isAuthenticated()" />
<intercept-url pattern="/search/**" access="isAuthenticated()" />
<intercept-url pattern="/admin/**" access="hasAnyRole('ROLE_ADMIN')" />
<form-login login-page="/home"
login-processing-url="/login"
authentication-success-handler-ref="atlasAuthenticationSuccessHandler"
authentication-failure-handler-ref="atlasAuthenticationFailureHandler" />
<!-- authentication-failure-url="/home?loginError=error"
default-target-url="/views/hub" -->
<logout logout-url="/logout"
invalidate-session="true"
success-handler-ref="atlasLogoutSuccessHandler" />
<!-- logout-success-url="/home"
delete-cookies="true" -->
</http>
<beans:beans profile="PRO">
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://${ldap.host}:${ldap.port}"/>
<beans:property name="userDn" value="${ldap.userdn}"/>
<beans:property name="password" value="${ldap.passw}"/>
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch">
<beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg value="${ldap.basedn}"/>
<beans:constructor-arg value="(bsalias={0})"/>
<beans:constructor-arg ref="contextSource"/>
</beans:bean>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="es.isban.atlas.views.web.core.authorization.AtlasAuthoritiesPopulator" />
</beans:constructor-arg>
</beans:bean>
<authentication-manager erase-credentials="false">
<authentication-provider ref="ldapAuthProvider" />
</authentication-manager>
</beans:beans>
<beans:beans profile="DES">
<authentication-manager erase-credentials="false">
<authentication-provider>
<user-service>
<user name="user" password="atlas" authorities="ROLE_USER" />
<user name="admin" password="atlas" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
你有什么线索吗?我该如何解决?
提前致谢。
最佳答案
这是影响全局身份验证选项的 Spring Security Java 配置中的错误。参见 SEC-2533了解详情。没有真正简单的解决此问题的方法,但该错误已修复,将在未来几天内发布。
关于java - 使用 Java Config 的 Spring Security 无法使用 eraseCredentials 方法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22633668/
我正在学习如何使用Nokogiri,根据这段代码我遇到了一些问题:require'rubygems'require'mechanize'post_agent=WWW::Mechanize.newpost_page=post_agent.get('http://www.vbulletin.org/forum/showthread.php?t=230708')puts"\nabsolutepathwithtbodygivesnil"putspost_page.parser.xpath('/html/body/div/div/div/div/div/table/tbody/tr/td/div
总的来说,我对ruby还比较陌生,我正在为我正在创建的对象编写一些rspec测试用例。许多测试用例都非常基础,我只是想确保正确填充和返回值。我想知道是否有办法使用循环结构来执行此操作。不必为我要测试的每个方法都设置一个assertEquals。例如:describeitem,"TestingtheItem"doit"willhaveanullvaluetostart"doitem=Item.new#HereIcoulddotheitem.name.shouldbe_nil#thenIcoulddoitem.category.shouldbe_nilendend但我想要一些方法来使用
我有一个Ruby程序,它使用rubyzip压缩XML文件的目录树。gem。我的问题是文件开始变得很重,我想提高压缩级别,因为压缩时间不是问题。我在rubyzipdocumentation中找不到一种为创建的ZIP文件指定压缩级别的方法。有人知道如何更改此设置吗?是否有另一个允许指定压缩级别的Ruby库? 最佳答案 这是我通过查看rubyzip内部创建的代码。level=Zlib::BEST_COMPRESSIONZip::ZipOutputStream.open(zip_file)do|zip|Dir.glob("**/*")d
类classAprivatedeffooputs:fooendpublicdefbarputs:barendprivatedefzimputs:zimendprotecteddefdibputs:dibendendA的实例a=A.new测试a.foorescueputs:faila.barrescueputs:faila.zimrescueputs:faila.dibrescueputs:faila.gazrescueputs:fail测试输出failbarfailfailfail.发送测试[:foo,:bar,:zim,:dib,:gaz].each{|m|a.send(m)resc
很好奇,就使用rubyonrails自动化单元测试而言,你们正在做什么?您是否创建了一个脚本来在cron中运行rake作业并将结果邮寄给您?git中的预提交Hook?只是手动调用?我完全理解测试,但想知道在错误发生之前捕获错误的最佳实践是什么。让我们理所当然地认为测试本身是完美无缺的,并且可以正常工作。下一步是什么以确保他们在正确的时间将可能有害的结果传达给您? 最佳答案 不确定您到底想听什么,但是有几个级别的自动代码库控制:在处理某项功能时,您可以使用类似autotest的内容获得关于哪些有效,哪些无效的即时反馈。要确保您的提
假设我做了一个模块如下:m=Module.newdoclassCendend三个问题:除了对m的引用之外,还有什么方法可以访问C和m中的其他内容?我可以在创建匿名模块后为其命名吗(就像我输入“module...”一样)?如何在使用完匿名模块后将其删除,使其定义的常量不再存在? 最佳答案 三个答案:是的,使用ObjectSpace.此代码使c引用你的类(class)C不引用m:c=nilObjectSpace.each_object{|obj|c=objif(Class===objandobj.name=~/::C$/)}当然这取决于
我正在尝试使用ruby和Savon来使用网络服务。测试服务为http://www.webservicex.net/WS/WSDetails.aspx?WSID=9&CATID=2require'rubygems'require'savon'client=Savon::Client.new"http://www.webservicex.net/stockquote.asmx?WSDL"client.get_quotedo|soap|soap.body={:symbol=>"AAPL"}end返回SOAP异常。检查soap信封,在我看来soap请求没有正确的命名空间。任何人都可以建议我
我正在尝试设置一个puppet节点,但rubygems似乎不正常。如果我通过它自己的二进制文件(/usr/lib/ruby/gems/1.8/gems/facter-1.5.8/bin/facter)在cli上运行facter,它工作正常,但如果我通过由rubygems(/usr/bin/facter)安装的二进制文件,它抛出:/usr/lib/ruby/1.8/facter/uptime.rb:11:undefinedmethod`get_uptime'forFacter::Util::Uptime:Module(NoMethodError)from/usr/lib/ruby
关闭。这个问题是opinion-based.它目前不接受答案。想要改进这个问题?更新问题,以便editingthispost可以用事实和引用来回答它.关闭4年前。Improvethisquestion我想在固定时间创建一系列低音和高音调的哔哔声。例如:在150毫秒时发出高音调的蜂鸣声在151毫秒时发出低音调的蜂鸣声200毫秒时发出低音调的蜂鸣声250毫秒的高音调蜂鸣声有没有办法在Ruby或Python中做到这一点?我真的不在乎输出编码是什么(.wav、.mp3、.ogg等等),但我确实想创建一个输出文件。
我在从html页面生成PDF时遇到问题。我正在使用PDFkit。在安装它的过程中,我注意到我需要wkhtmltopdf。所以我也安装了它。我做了PDFkit的文档所说的一切......现在我在尝试加载PDF时遇到了这个错误。这里是错误:commandfailed:"/usr/local/bin/wkhtmltopdf""--margin-right""0.75in""--page-size""Letter""--margin-top""0.75in""--margin-bottom""0.75in""--encoding""UTF-8""--margin-left""0.75in""-