Java Spring Security从何处获得其默认http配置?
我正在使用SpringSecurity3.2.4,并试图确定它从何处获得默认配置。例如,使用以下配置时:Java Spring Security从何处获得其默认http配置?,java,spring,spring-security,Java,Spring,Spring Security,我正在使用SpringSecurity3.2.4,并试图确定它从何处获得默认配置。例如,使用以下配置时: <http use-expressions="true"> <intercept-url pattern="/secure/login" access="permitAll" /> <intercept-url pattern="/secure/logout" access="permitAll" /> <intercept
<http use-expressions="true">
<intercept-url pattern="/secure/login" access="permitAll" />
<intercept-url pattern="/secure/logout" access="permitAll" />
<intercept-url pattern="/secure/denied" access="permitAll" />
<session-management session-fixation-protection="migrateSession" session-authentication-error-url="/login.jsp?authFailed=true">
<concurrency-control max-sessions="10" error-if-maximum-exceeded="true" expired-url="/login.html" session-registry-alias="sessionRegistry"/>
</session-management>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/secure/login" default-target-url="/" authentication-failure-url="/secure/denied" />
<logout logout-url="/secure/logout" logout-success-url="/" />
<expression-handler ref="defaultWebSecurityExpressionHandler" />
</http>
Spring配置中的某个地方告诉Spring实例化LoginRuThenticationEntryPoint
,并将登录页面设置为“/secure/login”,等等。我意识到正是表单登录
标记为我发挥了这一魔力,但是在Spring中,表单login
标记在哪里被翻译成LoginUrlAuthenticationEntryPoint,等等
类似地,默认情况下,Spring将实例化一个名为org.springframework.security.filterChains
的过滤器链,但找不到该bean的定义位置。我假定它在一个Spring安全jar中的xml配置文件中,但我在任何地方都找不到它
所有这些默认设置都在哪里配置?请检查并从那里开始工作。如您所见,它位于SpringSecurity配置工件中,位于包
org.springframework.security.config
中,谢谢。我在spring-security-config
工件中找到了它。在META-INF/spring.handlers中,存在SecurityNamespaceHandler的defn。然后,我能够在org.springframework.security.config
中找到不同的配置类,如您所示。示例:org.springframework.security.config.http.FormLoginBeanDefinitionParser.class