若使用过滤器自定义扫描 <context:component-scan base-package="xxx">
spring开发手册中这样写:
当一个组件在某个扫描过程中被自动检测到时,会根据那个扫描器的BeanNameGenerator 策略生成它的bean名称。默认情况下,任何包含 name值的Spring“典型”注解 (@Component、@Repository、 @Service和@Controller) 会把那个名字 提供给相关的bean定义。如果这个注解不包含name值或是其他检测到的组件 (比如被自定义过滤器发现的),默认bean名称生成器会返回小写开头的非限定(non-qualified)类名。
也就是说被加了注解扫描到spring容器中的bean会默认将小写开头的类名 作为bean的name,供其他地方引用.
例如:以下两个组件在spring中引用的名称分别是'customUserDetailsService '和 'detailService'
@Service
public class CustomUserDetailsService implements UserDetailsService {}
@Service("detailService")
public class CustomUserDetailsService implements UserDetailsService {}
举个实例:
在项目中 遇到这个地方做了bean引用,但是没有发现这个customUserDetailsService在xml中的定义,经查后发现CustomUserDetailsService类上做了@Service注解,所以使用customUserDetailsService可以在xml中引用到它.
<!-- 此文件用于标准登录方式 -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http security="none" pattern="/resources/**"/>
<http security="none" pattern="/lib/**"/>
<http access-decision-manager-ref="accessDecisionManager">
<csrf request-matcher-ref="csrfSecurityRequestMatcher" />
<!--<csrf disabled="true"/>-->
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/timeout" access="permitAll" />
<intercept-url pattern="/login.html" access="permitAll" />
<intercept-url pattern="/verifiCode" access="permitAll" />
<intercept-url pattern="/common/**" access="permitAll" />
<intercept-url pattern="/websocket/**" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<access-denied-handler error-page="/access-denied"/>
<session-management invalid-session-url="/timeout"/>
<form-login login-page='/login' authentication-success-handler-ref="successHandler"
authentication-failure-handler-ref="loginFailureHandler"/>
<!--authentication-failure-url="/login?error=true"/>-->
<!-- 验证码拦截器 -->
<custom-filter ref="captchaVerifierFilter" before="FORM_LOGIN_FILTER"/>
<logout logout-url="/logout" success-handler-ref="logoutHandler"/>
<headers defaults-disabled="true">
<cache-control/>
</headers>
</http>
<beans:bean id="loginFailureHandler" class="com.hand.hap.security.LoginFailureHandler"/>
<!-- 认证管理器,确定用户,角色及相应的权限 -->
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<!-- 投票器 -->
<beans:constructor-arg>
<beans:list>
<beans:bean class="com.hand.hap.security.CustomWebExpressionVoter"/>
<beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
<beans:bean class="com.hand.hap.security.PermissionVoter"/>
</beans:list>
</beans:constructor-arg>
</beans:bean>
<!--<beans:import resource="standardSecurity-LDAP.xml"/>-->
<authentication-manager>
<!--Ldap验证-->
<!-- <authentication-provider ref="ldapAuthProvider" />-->
<!--标准登录验证-->
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="passwordManager"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="captchaVerifierFilter" class="com.hand.hap.security.CaptchaVerifierFilter">
<beans:property name="captchaField" value="verifiCode"/>
</beans:bean>
<beans:bean id="successHandler" class="com.hand.hap.security.CustomAuthenticationSuccessHandler">
<!-- <beans:property name="defaultTargetUrl" value="/index"/>-->
</beans:bean>
<beans:bean id="logoutHandler" class="com.hand.hap.security.CustomLogoutSuccessHandler"></beans:bean>
<beans:bean id="csrfSecurityRequestMatcher" class="com.hand.hap.security.CsrfSecurityRequestMatcher">
<beans:property name="excludeUrls">
<beans:list>
<beans:value>/login</beans:value>
<beans:value>/websocket/**</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:beans>
这是今天遇到的一个疑惑,在这里做个记录.