我想使用Spring Security Facelets标记库来保护我的JSF 2页面中的UI组件
我对Spring Security版本3.0.5具有以下依赖性:
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${spring-security.version}</version> </dependency>
我配置了applicationSecurity.xml以进行Spring安全性登录,并且它可以与UserDetailsService一起正常工作,并且在尝试添加安全性定义时:
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:ice="http://www.icesoft.com/icefaces/component" xmlns:pretty="http://ocpsoft.com/prettyfaces" xmlns:sec="http://www.springframework.org/security/tags">
当运行该应用程序时,出现以下错误:
Warning: This page calls for XML namespace http://www.springframework.org/security/tags declared with prefix sec but no taglibrary exists for that namespace.
你将需要首先添加springsecurity.taglib.xml,如下所述:
并且你应该在类路径中具有org.springframework.faces jar才能使用它。
然后使用安全标签,如下所示:
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional/<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:sec="http://www.springframework.org/security/tags">
除了正常的Spring Security依赖关系之外,你还需要以下两个Maven依赖关系
<dependency> <groupId>org.springframework.webflow</groupId> <artifactId>spring-faces</artifactId> <version>2.4.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>3.2.6.RELEASE</version> </dependency>
在你的POM文件中。
对于JSF 2,将以下内容另存为/WEB-INF/springsecurity.taglib.xml
<?xml version="1.0"?> <!DOCTYPE facelet-taglib PUBLIC "-//Sun Microsystems, Inc.//DTD Facelet Taglib 1.0//EN" "http://java.sun.com/dtd/facelet-taglib_1_0.dtd"> <facelet-taglib> <namespace>http://www.springframework.org/security/tags</namespace> <tag> <tag-name>authorize</tag-name> <handler-class>org.springframework.faces.security.FaceletsAuthorizeTagHandler</handler-class> </tag> <function> <function-name>areAllGranted</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean areAllGranted(java.lang.String)</function-signature> </function> <function> <function-name>areAnyGranted</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean areAnyGranted(java.lang.String)</function-signature> </function> <function> <function-name>areNotGranted</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean areNotGranted(java.lang.String)</function-signature> </function> <function> <function-name>isAllowed</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean isAllowed(java.lang.String, java.lang.String)</function-signature> </function> </facelet-taglib>
在web.xml中注册上述文件:
<context-param> <param-name>javax.faces.FACELETS_LIBRARIES</param-name> <param-value>/WEB-INF/springsecurity.taglib.xml</param-value> </context-param>
它将解决没有标记库存在的警告,现在你可以在视图中使用标记库了。你可以使用authorize标签有条件地包括嵌套内容:
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:sec="http://www.springframework.org/security/tags"> <sec:authorize ifAllGranted="ROLE_FOO, ROLE_BAR"> Lorem ipsum dolor sit amet </sec:authorize> <sec:authorize ifNotGranted="ROLE_FOO, ROLE_BAR"> Lorem ipsum dolor sit amet </sec:authorize> <sec:authorize ifAnyGranted="ROLE_FOO, ROLE_BAR"> Lorem ipsum dolor sit amet </sec:authorize> </ui:composition>
