Spring in action第四版向spring 5修正

使用WebMvcConfigurationSupport配置

原有的WebMvcConfigurerAdapter不可用

不要加@EnableWebMvc注解

否则addResourceHandlers不会运行，不能加载静态资源

properties文件

可以使用setDefaultEncoding保证UTF-8编码，防止国际化信息乱码

	@Bean
	public MessageSource messageSource() {
     
		ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
		messageSource.setBasename("file:///D:/EclipseApp/Spittr/src/messages");
		messageSource.setCacheSeconds(10);
		messageSource.setDefaultEncoding("UTF-8");
		return messageSource;
	}

标签

	@Bean
	public MessageSource validationSource() {
     
		ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
		messageSource.setBasename("file:///D:/EclipseApp/Spittr/src/ValidationMessages");
		messageSource.setCacheSeconds(10);
		messageSource.setDefaultEncoding("UTF-8");
		return messageSource;
	}

	@Bean
	public LocalValidatorFactoryBean getValidator() {
     
		LocalValidatorFactoryBean bean = new LocalValidatorFactoryBean();
		bean.setValidationMessageSource(validationSource());
		return bean;
	}

Thymeleaf的配置

使用ServletContextTemplateResolver来指定项目相对位置的模板文件，构造器参数是this.getServletContext()。

	@Bean
	public ViewResolver viewResolver(SpringTemplateEngine templateEngine) {
     
		ThymeleafViewResolver viewResolver = new ThymeleafViewResolver();
		viewResolver.setTemplateEngine(templateEngine);
		return viewResolver;
	}
	
	@Bean
	public SpringTemplateEngine templateEngine(ServletContextTemplateResolver templateResolver) {
     
		SpringTemplateEngine templateEngine = new SpringTemplateEngine();
		templateEngine.setTemplateResolver(templateResolver);
		return templateEngine;
	}
	
	@Bean
	public ServletContextTemplateResolver templateResolver() {
     
		ServletContextTemplateResolver templateResolver = new ServletContextTemplateResolver(this.getServletContext());
		templateResolver.setPrefix("/WEB-INF/templates/");
		templateResolver.setSuffix(".html");
		templateResolver.setTemplateMode("HTML5");
		return templateResolver;
	}

加入库的时候别把source和doc加进去，否则会报错。

Thymeleaf的编码

	@Bean
	public ViewResolver viewResolver(SpringTemplateEngine templateEngine) {
     
		ThymeleafViewResolver viewResolver = new ThymeleafViewResolver();
		viewResolver.setTemplateEngine(templateEngine);
		viewResolver.setCharacterEncoding(StandardCharsets.UTF_8.name());
		return viewResolver;
	}
	
	@Bean
	public SpringTemplateEngine templateEngine(ServletContextTemplateResolver templateResolver) {
     
		SpringTemplateEngine templateEngine = new SpringTemplateEngine();
		templateEngine.setTemplateResolver(templateResolver);
		return templateEngine;
	}
	
	@Bean
	public ServletContextTemplateResolver templateResolver() {
     
		ServletContextTemplateResolver templateResolver = new ServletContextTemplateResolver(this.getServletContext());
		templateResolver.setPrefix("/WEB-INF/templates/");
		templateResolver.setSuffix(".html");
		templateResolver.setTemplateMode("HTML5");
		templateResolver.setCharacterEncoding(StandardCharsets.UTF_8.name());
		return templateResolver;
	}

Spring Security相关

1. conf目录在Eclipse工程列表Servers下的容器列表中，不是在原始的安装目录。
2. server.xml文件中配置了https端口
3. server.xml中配置的从http端口到https端口的重定向不起作用，应该在Spring Security的java配置中如下配置

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
     

	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
     
		http.authorizeRequests().antMatchers(HttpMethod.POST, "/spittles").hasRole("SPITTER")
		.anyRequest().permitAll()
		.and()
		.requiresChannel()
		.antMatchers("/spitter/register").requiresSecure();
		http.portMapper().http(80).mapsTo(8443);
	}
}

4. Spring Security会自动打开CSRF防护，因此所有表单要加token，否则403！！！！！！！！！
5. 自定义的登录页面

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Spittrtitle>
head>
<body>
<h1>Welcome to Spittrh1>
<form name='f' th:action='@{/login}' method='POST'>
	<table>
		<tr><td>User:td><td><input type='text' name='username' value='' />td>tr>
		<tr><td>Password:td><td><input type='password' name='password' value='' />td>tr>
		<tr><td colspan='2'><input type='submit' name='submit' value='Login' />td>tr>
	table>
form>
body>
html>

	@Override
	protected void configure(HttpSecurity http) throws Exception {
     
//		http.csrf().disable();
		http.authorizeRequests()
		.antMatchers("/spittles").hasRole("USER")
		.anyRequest().permitAll()
//		.and()
//		.requiresChannel()
//		.antMatchers("/spitter/register").requiresSecure()
		.and().formLogin()
		.loginPage("/login").permitAll()
		;
//		http.portMapper().http(8080).mapsTo(8443);
	}

6. Chrome对csrf的支持有些奇怪。。。其它浏览器都能正常运行，chrome报403