トップ 差分 一覧 ソース 検索 ヘルプ RSS ログイン

Spring

このエントリーをはてなブックマークに追加

[Java]

Spring

  Spring4

実はわたしにとってSpringは不思議だ。コーディングというよりXMLを編纂する作業に近い。いろいり調べたことを書く。

p-namespaceの利用方法
propertypで省略できる記法
Using multiple property files (via PropertyPlaceholderConfigurer) in multiple projects/modules
context:property-placeholder はプロパティファイルを読み込むが、デフォルトでは1つのプロパティファイルしか読めない、ワイルドカード指定したほうがいいかもしれない

  Spring-Security4

FilterSecurityInterceptorとsecurityMetadataSource
ROLE_SUPERVISOR, ROlE_USERはSpring-security4組み込みのロール権限だと思う(WebExpressionVoterを設定しておく必要がある)

ROLE の詳しい仕様は Expression-Based Access Control

  • Spring4ベースのコンフィグ
    <b:bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
    	<b:constructor-arg>
    		<util:list id="decisionVoters">
    			<b:bean class="org.springframework.security.access.vote.RoleVoter">
                    <b:property name="rolePrefix" value="ROLE_" />
                </b:bean>
                <b:bean class="org.springframework.security.web.access.expression.WebExpressionVoter" />
    		</util:list>
	    </b:constructor-arg>    
    </b:bean>

   <b:bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <b:property name="authenticationManager" ref="authenticationManager"/>
        <b:property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
        <b:property name="securityMetadataSource">
            <sec:filter-security-metadata-source use-expressions="true">
                <sec:intercept-url pattern="/secure/extreme/**" access="hasAnyRole('ROLE_SUPERVISOR')"/>
                <sec:intercept-url pattern="/secure/**" access="hasAnyRole('ROLE_USER')" />
                <sec:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')"/>
            </sec:filter-security-metadata-source>
        </b:property>
    </b:bean>

  トラブルシューティング

I know your pain, I had a hell of a time figuring out Spring Security. Really debating whether it was worth it. But you probably need to add the SecurityContextPersistenceFilter. This will automatically add your Credentials to the SecurityContext using the HttpSession from the JSessionID typically. I have a custom authentication handler so there is some extra parts to my code that are not relevant but I think this should probably get you pointed in the right direction.

org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:378)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:222)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1484)
	at ch.qos.logback.access.servlet.TeeFilter.doFilter(TeeFilter.java:57)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1476)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
	at org.eclipse.jetty.server.Server.handle(Server.java:370)
	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)
	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
	at java.lang.Thread.run(Thread.java:745)
お名前: コメント: