Spring Security + MVC: Questions Around Context Definition and the Bean Area

Question

Spring Security + MVC: Questions Around Context Definition and the Bean Area

I am trying to understand the recommended way to define Spring security in Spring-MVC applications, where the bean definitions are divided into several parent / child contexts.

For example, my current application is web.xmlas follows (which I think is pretty standard)

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    classpath:applicationContext.xml
    /WEB-INF/securityContext.xml
    </param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
    <servlet-name>spring-mvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>spring-mvc</servlet-name>
    <url-pattern>/app/*</url-pattern>
</servlet-mapping>

So, I have a standard ContextLoaderListenerone defined in /that loads my global configs - applicationContext.xmland securityContext.xml. I also define Spring mvc DispatcherServletin /app/, which loads native beans from spring-mvc-servlet.xml.

As I understand it, the configuration defined in spring-mvc-servlet.xmlis not displayed for the configuration defined in any of the top-level context files.

? , .

<security:http pattern="/oauth/token" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint">
    <security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
</security:http>

, /app/oauth/token .

Spring -MVC, spring-mvc-context.xml ( app URL-).

, , securityContext.xml, .

, securityContext.xml, . applicationContext.xml, spring-mvc-context.xml .

? , , , ?

, Spring -mvc , @Secured, , ?

<mvc:annotation-driven /> servlet.xml applicationContext.xml? spring-mvc-servlet.xml, Spring?

Spring -MVC, , . , Spring OAuth, , , , , , . .

+5

java spring spring-mvc spring-security

Marty Pitt 30 . '12 0:41

1

Ralph · Accepted Answer · 2012-04-30T07:45:34+0000

: beans, applicationContext.xml (ContextLoaderListener), , spring-mvc-servlet.xml (DispatcherServlet), .

:

, spring -mvc , @Secured, , ?

, , spring-mvc-servlet.xml, "" Spring, applicationContext.xml

servlet.xml applicationContext.xml?

spring -mvc-servlet.xml, Spring?

... spring -mvc-context.xml . ?

spring-mvc-context.xml , Web Stuff ( secrutiy). , spring-mvc-context.xml @Controller, (mvc:interceptors), mvc:resources, mvc:default-servlet-handler, mvc:view-controller, ReloadableResourceBundleMessageSource, CookieLocaleResolver, .SimpleMappingExceptionResolver...

BTW: , : applicationContext.xml @Service @Repository @Component ( @Controller), spring-mvc-context.xml @Controller!

@ : ContextLoaderListener ? .

Spring Security + MVC: Questions Around Context Definition and the Bean Area

More articles: