更新时间:2023-12-04 23:20:52
请记住,这个春季安全XML命名空间是组织你的XML只是一种巧妙的方法。你可以达到正好与普通的&LT相同的解决方案;豆>
配置。这样,你就可以使用ID,一如往常。 本博客文章可能对你有帮助
My web app has multiple authentication managers (one for API one for WEB access). The api should have a basic auth service only - configured via the spring security markup as seen below:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:authentication-manager alias="apiAuthenticationManager">
<security:authentication-provider ref="apiAuthenticationProvider" />
</security:authentication-manager>
<security:authentication-provider >
<security:user-service>
<security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
<security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
</security:user-service>
</security:authentication-provider>
...
i can not inline the authentication-provider since i want it to be overrideable by child-bean configs.
my problem is that i can not define an alias/id on the security:authentication-provider element to reference it in the authentication-manager. Is there an easy workaround for this?
Solution:
i finally figured out how to do it using the namespace-way without diving into plain bean config :)
<security:user-service id="apiUserDetailsService">
<security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
<security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
</security:user-service>
<security:authentication-manager alias="apiAuthenticationManager">
<security:authentication-provider user-service-ref="apiUserDetailsService"/>
</security:authentication-manager>
Please keep in mind that this Spring Security XML namespace is just a neat way of organizing your XML. You could achieve exactly the same solution with plain <bean>
config. That way you will be able to use ID, as usual. This blog post might be helpful for you.