spring-security-config:脱机也能运行带spring-security的web程序。

这是spring xml
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:task="http://www.springframework.org/schema/task"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/util 
       http://www.springframework.org/schema/util/spring-util-3.0.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-3.0.xsd
       http://www.springframework.org/schema/task
       http://www.springframework.org/schema/task/spring-task-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.0.xsd"
	>


把带有这个的web程序放到Tomcat上,每次启动,就会上springframework.org去下载那些.xsd。真的?我想spring没那么笨吧。全世界有多少spring用户,这样下去自己会先被自己的框架slashdot掉。

实际上,这些xsd文件,在各自spring组件的jar包里都有一份。所以,既然本地有xsd,为何要上网去下载呢?

你看,我添加了spring security以及它的命名空间声明,还有两个jar:spring-security-core.jar, spring-security-web.jar。每次tomcat启动,就死在下载的步骤。它可不知道,教育网上国外网站可不像美国那么随意。

根据种种迹象,我推测,它会先检查META-INF/spring.schemas文件。

这是spring-beans-3.0.5.RELEASE.jar里面的META-INF/spring.schemas:
http\://www.springframework.org/schema/beans/spring-beans-2.0.xsd=org/springframework/beans/factory/xml/spring-beans-2.0.xsd
http\://www.springframework.org/schema/beans/spring-beans-2.5.xsd=org/springframework/beans/factory/xml/spring-beans-2.5.xsd
http\://www.springframework.org/schema/beans/spring-beans-3.0.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd
http\://www.springframework.org/schema/beans/spring-beans.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd
http\://www.springframework.org/schema/tool/spring-tool-2.0.xsd=org/springframework/beans/factory/xml/spring-tool-2.0.xsd
http\://www.springframework.org/schema/tool/spring-tool-2.5.xsd=org/springframework/beans/factory/xml/spring-tool-2.5.xsd
http\://www.springframework.org/schema/tool/spring-tool-3.0.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd
http\://www.springframework.org/schema/tool/spring-tool.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd
http\://www.springframework.org/schema/util/spring-util-2.0.xsd=org/springframework/beans/factory/xml/spring-util-2.0.xsd
http\://www.springframework.org/schema/util/spring-util-2.5.xsd=org/springframework/beans/factory/xml/spring-util-2.5.xsd
http\://www.springframework.org/schema/util/spring-util-3.0.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd
http\://www.springframework.org/schema/util/spring-util.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd


给每个URL对应了本地位置(就是jar里面的路径)。

但是,spring-security的这个spring.schemas并不在core和web里,而是在另外一个spring-security-config.jar里。少了这个包,就找不到spring.schemas文件,于是就上网下载了。

给maven加上spring-security-config的依赖,这个私自偷偷上网下载xsd的问题解决了。

这个问题没有完全解决,因为,spring的reference(appendix C)写道:
引用

The 'xsi:schemaLocation' fragment is not actually required, but can be included to reference a local copy of a schema (which can be useful during development).


说明,这些位置本不应该是必须的,只是为了调试而存在。

疑问就来了:
- 我虽然用了eclipse,但是tomcat并没有以debug模式运行,它怎么知道我在调试?
- 启动服务器的时候不能验证xml的合法性,就报错(或者警告)多好?为何要上网下载呢?谁设计的用url来代表namespace?浪费流量?其实w3c的某人也愁这个问题:( http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/ )

另一方面也反映了我读reference不认真。spring-security的reference, 2.1节,提到:
引用
To start using the security namespace in your application context, you first need to make sure that the spring-security-config jar is on your classpath. ...


你可能感兴趣的:(spring,tomcat,Web,xml,Security)