How to integrate Spring Security and GWT?

2019-03-18 02:52发布

I'm trying to integrate Spring Security and GWT. I'm also using gwt-incubator-security. I configured everything as it was described on their wiki pages. I managed to get security working by using intercept-url, but I can't get it working using annotations. Any ideas about what the problem is?

P.S. I'm using Spring 2.5.6, Spring Security 2.0.5 and gwt-incubator-security 1.0.1. Any useful links and comments are welcome.

Here are my config files

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<global-method-security secured-annotations="enabled"
    jsr250-annotations="disabled" />
<http auto-config="true">
    <!-- <intercept-url pattern="/**/*.rpc" access="ROLE_USER" /> -->
    <intercept-url pattern="/gwt/**" access="ROLE_USER" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>
<authentication-provider>
    <user-service>
        <user name="rod" password="koala"
            authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
        <user name="dianne" password="emu" authorities="ROLE_USER,ROLE_TELLER" />
        <user name="scott" password="wombat" authorities="ROLE_USER" />
        <user name="peter" password="opal" authorities="ROLE_USER" />
    </user-service>
</authentication-provider>
<beans:bean id="greetService" class="com.ct.test.server.GreetingServiceImpl" />

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<!-- Default page to serve -->
<welcome-file-list>
    <welcome-file>Spring_test.html</welcome-file>
</welcome-file-list>
<!--  Spring related configuration  -->
<listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>
<!-- Initialise the Spring MVC DispatcherServlet -->
<servlet>
    <servlet-name>spring</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<!-- Map the DispatcherServlet to only intercept RPC requests -->
<servlet-mapping>
    <servlet-name>spring</servlet-name>
    <url-pattern>/spring_test/greet.rpc</url-pattern>
    <!--
        <url-pattern>/org.example.gwtwisdom.GwtWisdom/services/*</url-pattern>
    -->
</servlet-mapping>
<servlet>
    <servlet-name>greetServlet</servlet-name>
    <servlet-class>com.ct.test.server.GreetingServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>greetServlet</servlet-name>
    <url-pattern>/spring_test/greet.rpc</url-pattern>
</servlet-mapping>
<!-- Spring security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

spring-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- The application context definition for the DispatcherServlet -->
<bean id="urlMapping" class="com.gwtincubator.security.server.GWTSecuredHandler">
    <property name="mappings">
        <map>
            <entry key="/spring_test/greet.rpc" value-ref="greetService" />
        </map>
    </property>
</bean>

Here is my sample project that i tried to integrate with Spring Security: http://www.filedropper.com/springtest_1

7条回答
2楼-- · 2019-03-18 03:02

You could use Putnami Web Toolkit (PWT) framework, here a tutorial to integrate Spring Framework and another for Spring Security.

查看更多
等我变得足够好
3楼-- · 2019-03-18 03:11

The Acris framework also uses Spring Security. They have a description of this at their wiki http://code.google.com/p/acris/wiki/SecurityServer

查看更多
孤傲高冷的网名
4楼-- · 2019-03-18 03:15

I'am using GWT+Spring security. I find in your configuration, there is some misunderstanding. In fact, there is a very simple way that can let spring security work with your gwt regardless the gwt-incubator-security. You just need to declare your application context in you web.xml.

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext-security.xml</param-value>
  </context-param>

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener> 

You don't declare here your MVC dispatcherServlet ! Then everything works because of the Spring Security framework mechanism.

But This way of configuration doesn't declare DispatcherServlet, it is simple, but in case that you need some security funcionality that need DispatcherServlet, is is a "piege". So as i've met.

Then if you insist to use gwt-incubator-security. I've read a very good solution in french, but it rest uncheck. http://hugo.developpez.com/tutoriels/java/gwt/utilisation-gwt-avec-spring-et-hibernate/

  1. Integrate Spring in the application with GWT-SL: In fact, for the integration of Spring and hibernate, the problem is how to configure correctly the servlet. One should be aware that the Spring has its own servlet “DispatcherServlet” so as the gwt with its “gwt servlet”. Normally, in the tutorial for the GWT RPC, the gwt-servlet is declared in the web-xml, like
 <servlet>
    <servlet-name>appService</servlet-name>
    <servlet-class>com.google.gwt.app.example.server.AppServiceImpl</servlet-class>
  </servlet>
  <servlet-mapping>
     <servlet-name>appService</servlet-name>
     <url-pattern>/app/appService</url-pattern>
   </servlet-mapping>

If you like very much Spring, and you want to use DispatcherServlet to dispatch the request, then GWT-handler can help you to get rid of the problem. Firstly, you load application context in the web.xml as below:

<context-param>
<param-name> contextConfigLocation </param-name>
    <param-value> classpath:applicationContext_GWT.xml </param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>

Then you can declare your rpc service in Spring context: applicationContext_GWT.xml

<bean id=" appService " 
         class=" com.google.gwt.app.example.server.AppServiceImpl">
</bean>

But you should not forget to add the GWTHandler declaration in the application context file applicationContext_GWT.xml
The last thing is to declare the spring servlet: DispatcherServlet in the web.xml. Pay attention to the fact that this is the spring’s proper servlet not the GWT-SL’s. web.xml

<servlet>  
    <servlet-name>handler</servlet-name>
    <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class>
       <load-on-startup>1</load-on-startup>
</servlet>  
<servlet-mapping>
<servlet-name>handler</servlet-name>
<url-pattern>*.rpc</url-pattern>
</servlet-mapping>

Servlet name is important because DispatcherServlet will search for the spring context file named by “*-servlet.xml”. As the servlet name is handler, it will search for the spring context “handler-servlet.xml”. So here we will solve the problem like this, we put the application context which is independent with the DispatcherServlet in the “applicationContext_GWT.xml”, then the one that is dependent with the DispatcherServlet in the “-servlet.xml”, as the servlet name is “handler”, then we should have “handler-servlet.xml”, then put the following configuration of GWT_SL from applicationContext_GWT.xml into handler-servlet.xml Handler-servlet.xml

<bean id="urlProjectMapping" class="org.gwtwidgets.server.spring.GWTHandler">
        <!-- Supply here mappings between URLs and services. Services must implement the RemoteService interface but are not otherwise restricted.-->
        <property name="mappings">
             <map>
    <!-- Other mappings could follow -->
    <entry key="/app/appService.rpc" value-ref="appService" />
             </map>
         </property>
</bean> 

Then add the following configuration in the web.xml dans la declaration de servlet.

<init-param>
               <param-name>contextConfigLocation</param-name>
    <param-value> /WEB-INF/handler-servlet.xml </param-value>
</init-param>

The filter pattern concerns just the RPC call with a suffix .rpc (I didn’t use the GWT-SL, so the method above for integration has not been checked.)

After you have all the above configuration, then you create your filtreprocessentrypoint in your applicationi context file.

Hope this can help you!

查看更多
Evening l夕情丶
5楼-- · 2019-03-18 03:16

It seems that you are missing namespace configuration in your applicationContext.xml.

It should look like this:

<?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
          xmlns:sec="http://www.springframework.org/schema/security"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
查看更多
仙女界的扛把子
6楼-- · 2019-03-18 03:22

I'm guessing that you need to have the schema in applicationContext.xml, and enable annotations:

<context:annotation-config />
<context:component-scan base-package="my.package" />

Reference: http://weblogs.java.net/blog/seemarich/archive/2007/11/annotation_base.html

查看更多
登录 后发表回答