Reputation: 20063
Adding spring security to my current springmvc
Sorry I'm rather new to Spring Security. I've got the following applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<!-- Activates various annotations to be detected in bean classes -->
<context:annotation-config />
<!-- Scans the classpath for annotated components that will be auto-registered as Spring beans.
For example @Controller and @Service. Make sure to set the correct base-package-->
<context:component-scan base-package="org.assessme.com" />
<!-- Configures the annotation-driven Spring MVC Controller programming model.
Note that, with Spring 3.0, this tag works in Servlet MVC only! -->
<mvc:annotation-driven />
</beans>
I'm following the tutorial on...
http://static.springsource.org/spring-security/site/tutorial.html
my question is, should I add to my existing applicationContext.xml or make a seperate XML file?
My web.xml is as follows...
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
I'm a little bit confused as in the tutorial, it specifies the context-param of the xml but I already have one declared, can I have more that one context-param? If someone could give me an idea of the best way to use springmvc and spring security together that would be great as at the moment I'm finding it hard to "merge" the xml files.
Thanks,
Upvotes: 2
Views: 6745
Answers (2)
Reputation: 8574
You can have your security configuration in a separate file or combine with your existing application Context. If you want to use existing application context. You keep the default namespace as beans like this:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
...
</beans>
and you have to prefix all security elements with security.
But if you define in separate files. The advantage is you can have security as the default namespace and omit the security prefix like this:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
...
</beans:beans>
The common way is to define file names like this:
1)applicationContext.xml
2)applicationContext-security.xml
and in your web.xml like this:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
or as a comma or space separated list also like below:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml /WEB-INF/applicationContext-security.xml</param-value>
</context-param>
Documentation: namespace config
Upvotes: 7
Reputation: 10039
In the tutorial that you're following, it also uses:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext-business.xml
/WEB-INF/security-app-context.xml
</param-value>
</context-param>
in which applicationContext-business.xml is like your root-context.xml. So, you need to add the path to your Spring security configuration file. And, remember to also include the security filter mentioned in your web.xml.
Upvotes: 0
Related Questions
- Adding spring security to an existing Spring MVC
- Initialize Spring-Security with SpringMVC
- Adding Spring Security to an existing Spring Web App (using JavaConfig)
- Spring Security basic configuration
- Problems setting up Spring security in existing MVC project
- Spring MVC enabling Spring Security 4
- can't get Spring Security to work
- Spring Security Java configuration
- Spring Security 3.1
- spring-security & spring-mvc configuration