我正在使用Spring Security 3.1进行登录但是我收到了一个不赞成的警告,我无法删除,似乎这个配置适用于3.0版
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/pages/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/**" access="permitAll"/>
<form-login login-page="/pages/login.jsf"/>
<remember-me key="jsfspring-sec" services-ref="rememberMeServices"/>
<logout
invalidate-session="true"
delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE"
logout-success-url="/pages/login.jsf"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="rememberMeAuthenticationProvider">
</authentication-provider>
<authentication-provider>
<user-service id="userDetailsService">
<user authorities="ROLE_ADMIN" name="admin" password="admin" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:property name="key" value="jsfspring-sec" />
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="alwaysRemember" value="true" />
<beans:property name="tokenValiditySeconds" value="60" />
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:property name="key" value="jsfspring-sec"/>
</beans:bean>
<beans:bean id="rememberMeFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
</beans:beans>
我无法找到如何使用Spring 3.1。有人能帮我吗?最后三个bean已被弃用,我将不胜感激。以下是GitHub中存储库的URL:https://github.com/wmanriques/spring_template
答案 0 :(得分:4)
不推荐使用默认构造函数,因为最近Spring Security已经转移到几个类中的构造函数注入。
/**
* @deprecated Use constructor injection
*/
现在需要使用constructor-arg注入所需的组件:
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
//First two with constructor - required elements
<beans:constructor-arg value="jsfspring-sec"/>
<beans:constructor-arg ref="userDetailsService"/>
//Last two with properties
<beans:property name="alwaysRemember" value="true"/>
<beans:property name="tokenValiditySeconds" value="60" />
</beans:bean>
与下两个豆相同:
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:constructor-arg value="jsfspring-sec"/>
</beans:bean>
<beans:bean id="rememberMeFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:constructor-arg ref="authenticationManager"/>
<beans:constructor-arg ref="rememberMeServices"/>
</beans:bean>