logo标签列表

如何在JSF中使用Spring Security Facelets标签库

springjsfjakarta-eespring-security
12

我想使用Spring Security Facelets标签库来保护我的JSF 2页面中的UI组件。

我有以下依赖项,用于Spring Security版本3.0.5:

<dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring-security.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring-security.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring-security.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>${spring-security.version}</version>
        </dependency>

我配置了 applicationSecurity.xml 以实现使用 UserDetailsService 进行 Spring Security 登录,它可以正常工作。但是当我尝试添加安全定义时:

<html xmlns="http://www.w3.org/1999/xhtml"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:f="http://java.sun.com/jsf/core"
    xmlns:ice="http://www.icesoft.com/icefaces/component"
    xmlns:pretty="http://ocpsoft.com/prettyfaces" 
    xmlns:sec="http://www.springframework.org/security/tags">

在运行应用程序时,我遇到了以下错误:

Warning: This page calls for XML namespace http://www.springframework.org/security/tags declared with prefix sec but no taglibrary exists for that namespace.

参考: http://static.springsource.org/spring-security/site/petclinic-tutorial.html

请给予建议。

3个回答
14

成功实现:

除了您正常使用的Spring Security依赖项外,您还需要以下两个额外的Maven依赖项。

        <dependency>
           <groupId>org.springframework.webflow</groupId>
           <artifactId>spring-faces</artifactId>
           <version>2.4.1.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>

在你的POM文件中。

对于JSF 2,请将以下内容保存为/WEB-INF/springsecurity.taglib.xml。

<?xml version="1.0"?>
<!DOCTYPE facelet-taglib PUBLIC
  "-//Sun Microsystems, Inc.//DTD Facelet Taglib 1.0//EN"
  "http://java.sun.com/dtd/facelet-taglib_1_0.dtd">
<facelet-taglib>
    <namespace>http://www.springframework.org/security/tags</namespace>
    <tag>
        <tag-name>authorize</tag-name>
        <handler-class>org.springframework.faces.security.FaceletsAuthorizeTagHandler</handler-class>
    </tag>
    <function>
        <function-name>areAllGranted</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean areAllGranted(java.lang.String)</function-signature>
    </function>
    <function>
        <function-name>areAnyGranted</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean areAnyGranted(java.lang.String)</function-signature>
    </function>
    <function>
        <function-name>areNotGranted</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean areNotGranted(java.lang.String)</function-signature>
    </function>
    <function>
        <function-name>isAllowed</function-name>
        <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
        <function-signature>boolean isAllowed(java.lang.String, java.lang.String)</function-signature>
    </function>
</facelet-taglib>

在web.xml中注册上述文件:

<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>

它将解决无标签库存在的警告,现在您可以在视图中使用该标签库。 您可以使用授权标记有条件地包含嵌套内容:

<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
    xmlns:ui="http://java.sun.com/jsf/facelets"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:sec="http://www.springframework.org/security/tags">

    <sec:authorize ifAllGranted="ROLE_FOO, ROLE_BAR">
        Lorem ipsum dolor sit amet
    </sec:authorize>

    <sec:authorize ifNotGranted="ROLE_FOO, ROLE_BAR">
        Lorem ipsum dolor sit amet
    </sec:authorize>

    <sec:authorize ifAnyGranted="ROLE_FOO, ROLE_BAR">
        Lorem ipsum dolor sit amet
    </sec:authorize>

</ui:composition>

参考:https://docs.spring.io/spring-webflow/docs/2.3.x/reference/html/spring-faces.html#spring-faces-security-taglib

12
你需要先按照这里提到的,添加springsecurity.taglib.xml标签库:http://docs.spring.io/autorepo/docs/webflow/2.3.x/reference/html/spring-faces.html#spring-faces-security-taglib 并且在classpath中应该有org.springframework.faces jar文件才能使用它。 然后按照以下方式使用安全标签:
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional/<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
    xmlns:ui="http://java.sun.com/jsf/facelets"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:sec="http://www.springframework.org/security/tags">

参考资料

我正在开发JSF页面,其扩展名为.xhtml。 - fresh_dev
当我尝试将上述标签添加到头部时,我会收到以下错误:元素的内容必须包含格式良好的字符数据或标记 - fresh_dev
有什么想法可以使用springsecurity.taglib.xml所需的JAR包? - fresh_dev
在遵循facelets文档链接http://static.springsource.org/spring-webflow/docs/2.2.x/reference/html/ch13s09.html后,它可以正常工作,我还必须使用以下依赖项: org.springframework.webflow org.springframework.faces 2.2.1.RELEASE - fresh_dev
请更新答案,删除JSP包含并添加依赖项,以便我可以将其标记为正确答案。 - fresh_dev
2
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接