1. 首页
  2. 问答
  3. 在Spring Boot中使用web.xml安全约束

在Spring Boot中使用web.xml安全约束

2017-02-16 41 views
1

我有一个特殊情况,我需要使用Application Server(Weblogic)安全上下文进行身份验证,但Spring Security进行授权。我正在使用Spring Boot来创建我的应用程序。在Spring Boot中使用web.xml安全约束

我如何添加一个安全约束类似如下(这通常会在web.xml包含):

<security-constraint> 
     <web-resource-collection> 
      <web-resource-name>portal</web-resource-name> 
      <description>This is the protected area of the application.</description> 
      <url-pattern>/*</url-pattern> 
     </web-resource-collection> 
     <auth-constraint> 
      <description>Requires users to be authenticated but does not require them to be authorized.</description> 
      <role-name>*</role-name> 
     </auth-constraint> 
     <user-data-constraint> 
      <description>Encryption is not required for this area.</description> 
      <transport-guarantee>NONE</transport-guarantee> 
     </user-data-constraint> 
</security-constraint>

请记住,我需要这是从我的Weblogic服务器处理和Spring Security

来源

2017-02-16 ChrisGeo

回答

1

您可以使用您的安全约束在WEB-INF中添加web.xml。这将与spring启动java配置一起工作。

@ComponentScan 
@SpringBootApplication 
public class Application extends SpringBootServletInitializer implements WebApplicationInitializer { 

    public static void main(String[] args) { 
     SpringApplication.run(Application.class, args); 
    } 

    @Override 
    protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) { 
     return builder.sources(Application.class); 
    } 
}

web.xml中:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
     metadata-complete="false" version="3.0"> 

    <security-constraint> 
     <web-resource-collection> 
      <web-resource-name>portal</web-resource-name> 
      <description>This is the protected area of the application.</description> 
      <url-pattern>/*</url-pattern> 
     </web-resource-collection> 
     <auth-constraint> 
      <description>Requires users to be authenticated but does not require them to be authorized.</description> 
      <role-name>*</role-name> 
     </auth-constraint> 
     <user-data-constraint> 
      <description>Encryption is not required for this area.</description> 
      <transport-guarantee>NONE</transport-guarantee> 
     </user-data-constraint> 
    </security-constraint> 

</web-app>

来源

2017-02-16 22:26:20 mhshimul

相关问题

 相关问题