I am studying for the Spring Core certification and I have some doubts about how correctly configure Spring Security.
Into the study material I found these informations that seems to me not so clear.
It say that:
Configuration in the Application Context:
- Spring configuration
- Using Spring Security's "Security" namespace
and it show the following example:
<beans>
<security:http>
<security:intercept-url pattern="/accounts/**" access="IS_AUTHENTICATED_FULLY" />
<security:form-login login-page="/login.htm"/>
<security:logout logout-success-url="/index.html"/>
</security:http>
</beans>
Then in the following slide it say:
Configuration in web.xml:
Define the single proxy filter:
- springSecurityFilterChain is a mandatory name
- Refers to an existing Spring bean with same name
and show this example:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I can't understand if, to configure Spring Security inside a Spring project, I have to use both these configuration: the first one into the Spring configuration file (where I define my bean) and the second one into the web.xml file (that defines everything about your application that a server needs to know: servlets, filters, initializaztion paramters and so on...) or if these example are 2 different alternatives to do the same things in 2 differents way?
If it is the second case when have I to use the first one and when have I to use the second one?
Aucun commentaire:
Enregistrer un commentaire