关于Spring.io官网Spring Session Restful example的问题
来源:互联网 发布:黄金时时彩软件 编辑:程序博客网 时间:2024/06/07 00:34
问题描述
当使用SpringBoot提供Restful接口服务时,可以非常方便快速地通过SpringBoot来发布。然而需要考虑的问题:
- 使用安全机制
- 使用外在数据库保存session
针对安全机制,官网提供了一个demo:
官网demo地址为:http://docs.spring.io/spring-session/docs/current/reference/html5/guides/rest.html
然而该demo,还是存在两个问题:
- 每次authentication都不能正常验证
- 该demo使用而是嵌入式的redis server数据库
解决方案
添加外在Redis数据库
在src/main/resources/application.properties 添加如下配置内容:
# REDIS (RedisProperties)spring.redis.host=10.10.2.176spring.redis.port=6379spring.redis.pool.max-idle=8spring.redis.pool.min-idle=0spring.redis.pool.max-active=8spring.redis.pool.max-wait=-1
这样就可以在代码中设置Redis Server的地址和端口了。
代码结构如下:
具体代码如下,我对HttpSessionConfig.java获取Redis Server的部分进行了更改,从而可以使用external redis server。此外对我build.gradle的security依赖部分进行了改动,如下所示:
// security related compile('org.springframework.boot:spring-boot-starter-security:1.2.2.RELEASE') //compile('org.springframework.security:spring-security-config:3.2.6.RELEASE') //compile('org.springframework.security:spring-security-web:3.2.6.RELEASE')
HttpSessionConfig.java
package org.wshare.wsdc.config.session;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.ApplicationContext;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;import org.springframework.session.Session;import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;import org.springframework.session.web.http.HeaderHttpSessionStrategy;import org.springframework.session.web.http.HttpSessionStrategy;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * org.wshare.wsdc.config * Created by shun * 2015/3/19. */@Configuration@EnableRedisHttpSessionpublic class HttpSessionConfig { @Autowired ApplicationContext applicationContext; @Bean public JedisConnectionFactory connectionFactory() { JedisConnectionFactory jedisConnectionFactory = new JedisConnectionFactory(); String redisHost = applicationContext.getEnvironment().getProperty("spring.redis.host"); String redisPort = applicationContext.getEnvironment().getProperty("spring.redis.port"); jedisConnectionFactory.setHostName(redisHost); jedisConnectionFactory.setPort(Integer.parseInt(redisPort)); return jedisConnectionFactory; } @Bean public HttpSessionStrategy httpSessionStrategy() { return new HeaderHttpSessionStrategy(); }}
HttpSessionInitializer.java
package org.wshare.wsdc.config.session;import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;import org.wshare.wsdc.config.session.HttpSessionConfig;/** * org.wshare.wsdc.config * Created by shun * 2015/3/19. */public class HttpSessionInitializer extends AbstractHttpSessionApplicationInitializer { // this will help initialize and load HttpSessionConfig class, this ensures that out // servlet container (ie. tomcat) uses the springSessionRepositoryFilter for every // request public HttpSessionInitializer() { super(HttpSessionConfig.class); }}
SecurityConfig.java
/* * Copyright 2002-2014 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */package org.wshare.wsdc.config.session;/** * @author Rob Winch */import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .anyRequest().authenticated() .and() .httpBasic(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); }}
SecurityInitializer.java
/* * Copyright 2002-2014 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */package org.wshare.wsdc.config.session;import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;/** * @author Rob Winch */public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {}
mvc/MvcConfig.java
/* * Copyright 2002-2014 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */package org.wshare.wsdc.config.session.mvc;import org.springframework.context.annotation.ComponentScan;import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.EnableWebMvc;/** * @author Rob Winch */@Configuration@EnableWebMvc@ComponentScanpublic class MvcConfig {}
mvc/MvcInitializer.java
/* * Copyright 2002-2014 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */package org.wshare.wsdc.config.session.mvc;import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;import org.wshare.wsdc.config.session.HttpSessionConfig;import org.wshare.wsdc.config.session.SecurityConfig;/** * @author Rob Winch */public class MvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { // tag::config[] @Override protected Class<?>[] getRootConfigClasses() { return new Class[] {SecurityConfig.class, HttpSessionConfig.class}; } // end::config[] @Override protected Class<?>[] getServletConfigClasses() { return new Class[] { MvcConfig.class }; } @Override protected String[] getServletMappings() { return new String[] { "/" }; }}
0 0
- 关于Spring.io官网Spring Session Restful example的问题
- spring restful + spring session redis
- 关于spring restful使用中遇到的一个性能问题
- Spring RESTFul Client – RestTemplate Example
- 关于 spring RestTemplate restful
- 关于Spring与Velocity结合的问题(获得request,session)
- spring+hibernate的session问题
- spring+hibernate的session问题
- Spring+hibernate的session问题
- 5、Spring Session-HttpSession & RESTful APIs
- RESTful Web Services Example in Java with Jersey, Spring
- Spring MVC 4 RESTFul Web Services CRUD Example+RestTemplate
- spring example
- spring整合hibernate关于session的管理
- spring整合hibernate关于session的管理
- Spring中关于hibernate的session
- spring整合hibernate关于session的管理
- spring整合hibernate关于session的管理
- 【转载】理解MySQL——索引与优化
- 【转载】涉及民族关系的中英文词汇的再认识
- 胎儿、初生儿和成人的心脏器官与循环
- git的使用
- UIWebView的三种加载方式
- 关于Spring.io官网Spring Session Restful example的问题
- 我是如何向别人提问题的?
- 4412开发板/4412核心板一次性通过FCC和CE等国际EMC认证
- 用JS动态改变表单form里的action值属性的方法
- 黑马程序员------UITableView数据的展示
- hw机试题目
- 谈谈Qt on Android
- iOS开发系列--通知与消息机制
- Java 游戏中实现全屏和自由切换