Spring MVC Integration,Spring Security
http://docs.spring.io/spring-security/site/docs/4.2.0.RELEASE/reference/htmlsingle/#authorize-requests
37.5 Spring MVC and CSRF Integration
37.5.1 Automatic Token Inclusion
Spring Security will automatically include the CSRF Token within forms that use the Spring MVC form tag. For example, the following JSP:
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:form="http://www.springframework.org/tags/form" version="2.0">
<jsp:directive.page language="java" contentType="text/html" />
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<!-- ... --> <c:url var="logoutUrl" value="/logout"/>
<form:form action="${logoutUrl}"
method="post">
<input type="submit"
value="Log out" />
<input type="hidden"
name="${_csrf.parameterName}"
value="${_csrf.token}"/>
</form:form> <!-- ... -->
</html>
</jsp:root>
Will output HTML that is similar to the following:
<!-- ... --> <form action="/context/logout" method="post">
<input type="submit" value="Log out"/>
<input type="hidden" name="_csrf" value="f81d4fae-7dec-11d0-a765-00a0c91e6bf6"/>
</form> <!-- ... -->
37.5.2 Resolving the CsrfToken
Spring Security provides CsrfTokenArgumentResolver
which can automatically resolve the current CsrfToken
for Spring MVC arguments. By using @EnableWebSecurity you will automatically have this added to your Spring MVC configuration. If you use XML based configuraiton, you must add this yourself.
Once CsrfTokenArgumentResolver
is properly configured, you can expose the CsrfToken
to your static HTML based application.
@RestController
public class CsrfController { @RequestMapping("/csrf")
public CsrfToken csrf(CsrfToken token) {
return token;
}
}
It is important to keep the CsrfToken
a secret from other domains. This means if you are using Cross Origin Sharing (CORS), you should NOT expose the CsrfToken
to any external domains.
@EnableWebMvcSecurity
![]() |
As of Spring Security 4.0, |
http://docs.spring.io/spring-security/site/docs/current/reference/html/mvc.html
75.2 Initialize a database using Hibernate
You can set spring.jpa.hibernate.ddl-auto
explicitly and the standard Hibernate property values are none
, validate
, update
, create
, create-drop
. Spring Boot chooses a default value for you based on whether it thinks your database is embedded (default create-drop
) or not (default none
). An embedded database is detected by looking at the Connection
type: hsqldb
, h2
and derby
are embedded, the rest are not. Be careful when switching from in-memory to a ‘real’ database that you don’t make assumptions about the existence of the tables and data in the new platform. You either have to set ddl-auto
explicitly, or use one of the other mechanisms to initialize the database.
![]() |
You can output the schema creation by enabling the |
In addition, a file named import.sql
in the root of the classpath will be executed on startup if Hibernate creates the schema from scratch (that is if the ddl-auto
property is set to create
or create-drop
). This can be useful for demos and for testing if you are careful, but probably not something you want to be on the classpath in production. It is a Hibernate feature (nothing to do with Spring).
75.3 Initialize a database using Spring JDBC
Spring JDBC has a DataSource
initializer feature. Spring Boot enables it by default and loads SQL from the standard locations schema.sql
and data.sql
(in the root of the classpath). In addition Spring Boot will load the schema-${platform}.sql
and data-${platform}.sql
files (if present), where platform
is the value of spring.datasource.platform
, e.g. you might choose to set it to the vendor name of the database (hsqldb
, h2
, oracle
, mysql
, postgresql
etc.). Spring Boot enables the fail-fast feature of the Spring JDBC initializer by default, so if the scripts cause exceptions the application will fail to start. The script locations can be changed by setting spring.datasource.schema
and spring.datasource.data
, and neither location will be processed if spring.datasource.initialize=false
.
To disable the fail-fast you can set spring.datasource.continue-on-error=true
. This can be useful once an application has matured and been deployed a few times, since the scripts can act as ‘poor man’s migrations’ — inserts that fail mean that the data is already there, so there would be no need to prevent the application from running, for instance.
If you want to use the schema.sql
initialization in a JPA app (with Hibernate) then ddl-auto=create-drop
will lead to errors if Hibernate tries to create the same tables. To avoid those errors set ddl-auto
explicitly to "" (preferable) or "none". Whether or not you use ddl-auto=create-drop
you can always use data.sql
to initialize new data.
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-database-initialization.html#howto-execute-flyway-database-migrations-on-startup
75.5.1 Execute Flyway database migrations on startup
To automatically run Flyway database migrations on startup, add the org.flywaydb:flyway-core
to your classpath.
The migrations are scripts in the form V<VERSION>__<NAME>.sql
(with <VERSION>
an underscore-separated version, e.g. ‘1’ or ‘2_1’). By default they live in a folderclasspath:db/migration
but you can modify that using flyway.locations
(a list). See the Flyway class from flyway-core for details of available settings like schemas etc. In addition Spring Boot provides a small set of properties in FlywayProperties
that can be used to disable the migrations, or switch off the location checking. Spring Boot will call Flyway.migrate()
to perform the database migration. If you would like more control, provide a @Bean
that implementsFlywayMigrationStrategy
.
![]() |
If you want to make use of Flyway callbacks, those scripts should also live in the |
By default Flyway will autowire the (@Primary
) DataSource
in your context and use that for migrations. If you like to use a different DataSource
you can create one and mark its @Bean
as @FlywayDataSource
- if you do that remember to create another one and mark it as @Primary
if you want two data sources. Or you can use Flyway’s native DataSource
by setting flyway.[url,user,password]
in external properties.
There is a Flyway sample so you can see how to set things up.
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-database-initialization.html#howto-execute-flyway-database-migrations-on-startup
Spring MVC Integration,Spring Security的更多相关文章
- Spring,Spring MVC及Spring Boot区别
什么是Spring?它解决了什么问题? 我们说到Spring,一般指代的是Spring Framework,它是一个开源的应用程序框架,提供了一个简易的开发方式,通过这种开发方式,将避免那些可能致使代 ...
- Spring MVC 到 Spring Boot 的简化之路(山东数漫江湖)
背景 从Servlet技术到Spring和Spring MVC,开发Web应用变得越来越简捷.但是Spring和Spring MVC的众多配置有时却让人望而却步,相信有过Spring MVC开发经验的 ...
- 【转】Spring,Spring MVC及Spring Boot区别
对于一个Java开发者来说,Spring可谓如雷贯耳,无论是Spring框架,还是Spring引领的IOC,AOP风格,都对后续Java开发产生的深远的影响,同时,Spring社区总能及时响应开发者的 ...
- spring、spring mvc与spring boot的区别是什么?
Spring 的功能 Spring 框架就像一个家族,有众多衍生产品例如 boot.security.jpa等等.但他们的基础都是Spring 的 ioc和 aop ioc 提供了依赖注入的容器 ao ...
- Spring,Spring MVC,Spring Boot 三者比较
Spring,Spring MVC,Spring Boot 三者比较 Spring 框架就像一个家族,有众多衍生产品例如 boot.security.jpa等等.但他们的基础都是Spring 的 io ...
- spring mvc和spring boot的区别
spring boot只是一个配置工具,整合工具,辅助工具. springmvc是框架,项目中实际运行的代码 Spring 框架就像一个家族,有众多衍生产品例如 boot.security.jpa等等 ...
- Spring MVC 到 Spring BOOT 的简化之路
背景 Spring vs Spring MVC vs Spring Boot Spring FrameWork Spring 还能解决什么问题 Spring MVC 为什么需要Spring Boot ...
- spring mvc和spring配置扫描包问题
spring mvc和spring俩配置文件,其中都要配置扫描包. <context:component-scan base-package="com.controller" ...
- Spring MVC 和 Spring 总结
1. 为什么使用Spring ? 1). 方便解耦,简化开发 通过Spring提供的IoC容器,可以将对象之间的依赖关系交由Spring进行控制,避免硬编码所造成的过度程序耦合. 2). AOP编程的 ...
随机推荐
- BZOJ4260 Codechef REBXOR 题解
题目大意: 有一个长度为n的序列,求1≤l1≤r1<l2≤r2≤n使得(⊕r1i=l1ai)+(⊕r2i=l2ai)最大,输出这个最大值. 思路: 用Trie求出前缀异或和以及后缀异或和,再求出 ...
- 洛谷 P1160 队列安排 Label:链表 数据结构
题目描述 一个学校里老师要将班上N个同学排成一列,同学被编号为1-N,他采取如下的方法: 1.先将1号同学安排进队列,这时队列中只有他一个人: 2.2-N号同学依次入列,编号为i的同学入列方式为:老师 ...
- JSP -- for循环按钮处理事件
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"% ...
- tomcat、Linux服务器
tomcat.Linux服务器 用到的命令 解压命令: tar -zxvf 文件名 配置 : vi /etc/profile 按 i 进入 ...
- memcache 缓存失效问题(转)
在大并发的场合,当cache失效时,大量并发同时取不到cache,会同一瞬间去访问db并回设cache,可能会给系统带来潜在的超负荷风险. 解决方法 方法一 在load db之前先add一个mutex ...
- return和finally的执行顺序
创建一个类,新建一个方法: public class Demo { public int get() { int x=1; try { x++; return x; }finally{ ++x; } ...
- 【腾讯云】腾讯云服务器搭建ftp服务器
一.硬件描述 1.1 云服务器:腾讯云 云主机 操作系统:Ubuntu Server 14.04.1 LTS 32位 CPU:1核 内存:1GB 系统盘:20GB(本地磁盘) 数据盘:0GB 公网带宽 ...
- Linux_JDK安装
一.下载linux版本的jdk压缩包(这里安装jdk1.7版本,子版本随意,选择*.tar.gz文件下载) 下载目录:http://www.oracle.com/technetwork/java/ja ...
- Hibernate HQL的update方法详解
虽然hibernate提供了许多方法对数据库进行更新,但是这的确不能满足开发需要.现在讲解一下用hql语句对数据进行更新. 不使用参数绑定格式String hql="update User ...
- 使用JDBC批量保存数据(JdbcDaoSupport,JdbcTemplete)
最近做的一个项目中用到了Hibernate的,然后数据库批量插入数据的时候就使用到了hibernate的批处理,但是效率比较低,看网上说还有一些限制,要禁止二级缓存,还要多一个batch_size的配 ...