首页 > 其他分享 >Spring MVC Integration,Spring Security

Spring MVC Integration,Spring Security

时间:2022-12-19 15:01:47浏览次数:64  
标签:use database Spring create will MVC spring Security

​ http://docs.spring.io/spring-security/site/docs/4.2.0.RELEASE/reference/htmlsingle/#authorize-requests​

37.5 Spring MVC and CSRF Integration

37.5.1 Automatic Token Inclusion

Spring Security will automatically ​​include the CSRF Token​​​ within forms that use the ​​Spring MVC form tag​​. For example, the following JSP:

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:form="http://www.springframework.org/tags/form" version="2.0">
<jsp:directive.page language="java" contentType="text/html" />
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<!-- ... -->

<c:url var="logoutUrl" value="/logout"/>
<form:form action="${logoutUrl}"
method="post">
<input type="submit"
value="Log out" />
<input type="hidden"
name="${_csrf.parameterName}"
value="${_csrf.token}"/>
</form:form>

<!-- ... -->
</html>
</jsp:root>

Will output HTML that is similar to the following:

<!-- ... -->

<form action="/context/logout" method="post">
<input type="submit" value="Log out"/>
<input type="hidden" name="_csrf" value="f81d4fae-7dec-11d0-a765-00a0c91e6bf6"/>
</form>

<!-- ... -->

37.5.2 Resolving the CsrfToken

Spring Security provides ​​CsrfTokenArgumentResolver​​​ which can automatically resolve the current ​​CsrfToken​​​ for Spring MVC arguments. By using ​​@EnableWebSecurity​​ you will automatically have this added to your Spring MVC configuration. If you use XML based configuraiton, you must add this yourself.

Once ​​CsrfTokenArgumentResolver​​​ is properly configured, you can expose the ​​CsrfToken​​ to your static HTML based application.

@RestController
public class CsrfController {

@RequestMapping("/csrf")
public CsrfToken csrf(CsrfToken token) {
return token;
}
}

It is important to keep the ​​CsrfToken​​​ a secret from other domains. This means if you are using ​​Cross Origin Sharing (CORS)​​, you should NOT expose the ​​CsrfToken​​to any external domains.

 

@EnableWebMvcSecurity


As of Spring Security 4.0, ​​@EnableWebMvcSecurity​​​ is deprecated. The replacement is ​​@EnableWebSecurity​​ which will determine adding the Spring MVC features based upon the classpath.

 

​http://docs.spring.io/spring-security/site/docs/current/reference/html/mvc.html​

75.2 Initialize a database using Hibernate

You can set ​​spring.jpa.hibernate.ddl-auto​​​ explicitly and the standard Hibernate property values are ​​none​​​, ​​validate​​​, ​​update​​​, ​​create​​​, ​​create-drop​​​. Spring Boot chooses a default value for you based on whether it thinks your database is embedded (default ​​create-drop​​​) or not (default ​​none​​​). An embedded database is detected by looking at the ​​Connection​​​ type: ​​hsqldb​​​, ​​h2​​​ and ​​derby​​​ are embedded, the rest are not. Be careful when switching from in-memory to a ‘real’ database that you don’t make assumptions about the existence of the tables and data in the new platform. You either have to set ​​ddl-auto​​ explicitly, or use one of the other mechanisms to initialize the database.


You can output the schema creation by enabling the ​​org.hibernate.SQL​​​ logger. This is done for you automatically if you enable the ​​debug mode​​.

In addition, a file named import.sql​ in the root of the classpath will be executed on startup if Hibernate creates the schema from scratch (that is if the ddl-auto​property is set to create or ​create-drop​). This can be useful for demos and for testing if you are careful, but probably not something you want to be on the classpath in production. It is a Hibernate feature

75.3 Initialize a database using Spring JDBC

Spring JDBC has a ​​DataSource​​ initializer feature. Spring Boot enables it by default and loads SQL from the standard locations schema.sql and ​data.sql​ (in the root of the classpath). In addition Spring Boot will load the ​​schema-${platform}.sql​​​ and ​​data-${platform}.sql​​​ files (if present), where ​​platform​​​ is the value of ​​spring.datasource.platform​​​, e.g. you might choose to set it to the vendor name of the database (​​hsqldb​​​, ​​h2​​​, ​​oracle​​​, ​​mysql​​​, ​​postgresql​​​ etc.). Spring Boot enables the fail-fast feature of the Spring JDBC initializer by default, so if the scripts cause exceptions the application will fail to start. The script locations can be changed by setting ​​spring.datasource.schema​​​ and ​​spring.datasource.data​​​, and neither location will be processed if ​​spring.datasource.initialize=false​​.

To disable the fail-fast you can set ​​spring.datasource.continue-on-error=true​​. This can be useful once an application has matured and been deployed a few times, since the scripts can act as ‘poor man’s migrations’ — inserts that fail mean that the data is already there, so there would be no need to prevent the application from running, for instance.

If you want to use the ​​schema.sql​​​ initialization in a JPA app (with Hibernate) then ​​ddl-auto=create-drop​​​ will lead to errors if Hibernate tries to create the same tables. To avoid those errors set ​​ddl-auto​​​ explicitly to "" (preferable) or "none". Whether or not you use ​​ddl-auto=create-drop​​​ you can always use ​​data.sql​​ to initialize new data.

​https://docs.spring.io/spring-boot/docs/current/reference/html/howto-database-initialization.html#howto-execute-flyway-database-migrations-on-startup​

75.5.1 Execute Flyway database migrations on startup

To automatically run Flyway database migrations on startup, add the ​​org.flywaydb:flyway-core​​ to your classpath.

The migrations are scripts in the form ​​V<VERSION>__<NAME>.sql​​​ (with ​​<VERSION>​​​ an underscore-separated version, e.g. ‘1’ or ‘2_1’). By default they live in a folder​​classpath:db/migration​​​ but you can modify that using ​​flyway.locations​​​ (a list). See the Flyway class from flyway-core for details of available settings like schemas etc. In addition Spring Boot provides a small set of properties in ​​FlywayProperties​​​ that can be used to disable the migrations, or switch off the location checking. Spring Boot will call ​​Flyway.migrate()​​​ to perform the database migration. If you would like more control, provide a ​​@Bean​​​ that implements​​FlywayMigrationStrategy​​.


If you want to make use of ​​Flyway callbacks​​​, those scripts should also live in the ​​classpath:db/migration​​ folder.

By default Flyway will autowire the (​​@Primary​​​) ​​DataSource​​​ in your context and use that for migrations. If you like to use a different ​​DataSource​​​ you can create one and mark its ​​@Bean​​​ as ​​@FlywayDataSource​​​ - if you do that remember to create another one and mark it as ​​@Primary​​​ if you want two data sources. Or you can use Flyway’s native ​​DataSource​​​ by setting ​​flyway.[url,user,password]​​ in external properties.

There is a ​​Flyway sample​​ so you can see how to set things up.

​https://docs.spring.io/spring-boot/docs/current/reference/html/howto-database-initialization.html#howto-execute-flyway-database-migrations-on-startup​

 



标签:use,database,Spring,create,will,MVC,spring,Security
From: https://blog.51cto.com/u_15147537/5952666

相关文章

  • JAG Spring Contest 2012 G PLAY in BASIC 题解
    提交链接其实就是个大模拟。首先对输入的串进行处理,把所有的命令分开,并把连续的停顿合并。为了方便,定义一个时间单位为全音符的\(\frac1{128}\),这样所有命令的持续时间都......
  • docker-compose入门以及部署SpringBoot+Vue+Redis+Mysql(前后端分离项目)以若依前后端
    场景若依前后端分离版手把手教你本地搭建环境并运行项目:https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/details/108465662上面在搭建起来前后端分离版的项目后。......
  • Springboot整合Apache Dubbo
    ​​Springboot​​​整合​​ApacheDubbo​​一、通过​​Docker​​​安装​​Zookeeper​​​​docker-compose​​​的​​yaml​​文件version:'3'services:zoo......
  • spring事务
    spring事务Spring事务概述事务是一个不可分割的逻辑工作单元,具备ACID特性,实际工作中可借助Spring进行事务管理,Spring提供了两种事务管理方式,编程式事务和声明式事务,本......
  • Spring Cloud构建微服务架构(二)服务消费者
     NetflixRibbonisanInterProcessCommunication(IPC)cloudlibrary.Ribbonprimarilyprovidesclient-sideloadbalancingalgorithms.Apartfromtheclient-si......
  • Spring CredHub 教程学习
    SpringCredHub提供客户端支持,用于从CloudFoundry​平台中运行的CredHub服务器存储,检索和删除凭据。CredHub提供了一个HTTPAPI,用于安全地存储,生成,检索和删除各种类型的凭......
  • Spring LDAP参考
    SpringLDAP使得构建使用LightweightDirectoryAccess协议的基于Spring的应用程序变得更加容易。本文档的副本可以制作供您自己使用和分发给他人,前提是您不对此类副本......
  • Spring提取@Transactional事务注解的源码解析
    声明:本文是自己在学习spring注解事务处理源代码时所留下的笔记;难免有错误,敬请读者谅解!!!1、事务注解标签<tx:annotation-driven/>2、tx命名空间解析器 事务tx命名空间解析......
  • springboot+postgresql集成anyline试水
    anyline是什么简单讲就是一个工具可以让你抛开常规的机械性建mapper、dao、sql,用通用的语句查询和操作数据库表。目前也在初步探索中,感受还不深。官网文档:http://doc.any......
  • 5. MinIO与springboot的集成
    MinIO与springboot的集成搭建一个springboot的项目,集成MinIO实现文件的管理。一、搭建springboot环境IntelliJIDEAJDK17gradle-7.5.1springboot2.7.6项目地址:g......