我有Spring Security 3.1在直接访问登录页面时连接并验证用户,但是当用户未通过身份验证时没有发生重定向。Spring Security 3.1拦截url不拦截任何网址
以下是我为Spring Security添加或更新的配置文件。我已经阅读了大部分(如果不是全部)关于这个命令的拦截URL的帖子。适当的EL,访问权限等,我肯定在这里错过了一些东西。
我结束了在我的应用程序中使用不存在的角色进行故障排除的方法,但是仍然没有取得任何成功。 @PreFilters也被忽略,所以我认为它在某个地方的配置中,但根本没有看到它。
环境 的Tomcat 7.0.22,钻嘴鱼科2.1.21,春季安全3.1,Java7
启动服务器时没有错误。
感谢您的帮助!
问候,
迈克
的security.xml
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd"
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:bean="http://www.springframework.org/schema/beans">
<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"/>
<http pattern="/resources/**" security="none" />
<http pattern="/images/**" security="none"/>
<http pattern="/templates/**" security="none"/>
<http pattern="/security/**" security="none"/>
<http use-expressions="true" auto-config="true" access-denied-page="/error/access-denied.xhtml">
<intercept-url pattern="/home/**" access="hasRole('ROLE_BLAH')"/>
<form-login default-target-url="/login.xhtml" authentication-failure-url="/login.xhtml" />
<logout logout-success-url="/login.xhtml" logout-url="/logout.xhtml" invalidate-session="true"/>
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="consummateUserAuthenticationProvider">
</authentication-provider>
</authentication-manager>
</bean:beans>
的services.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<context:component-scan base-package="com.comanche.authentication">
</context:component-scan>
</beans>
web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
<init-param>
<param-name>thresholdSize</param-name>
<param-value>51200</param-value>
</init-param>
<init-param>
<param-name>uploadDirectory</param-name>
<param-value>/home/provider/temp-fu</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<filter>
<filter-name>Custom Page Filter</filter-name>
<filter-class>com.comanche.web.filter.CustomPageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Custom Page Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>resources.application</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.expressionFactory</param-name>
<param-value>com.sun.el.ExpressionFactoryImpl</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.enableMissingResourceLibraryDetection</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/custom.taglib.xml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<error-page>
<error-code>500</error-code>
<location>/faces/content/error/error.xhtml</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/faces/content/error/error.xhtml</location>
</error-page>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/application-context.xml
/WEB-INF/spring/security.xml
/WEB-INF/spring/services.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
感谢您的回复。我现在不在寻找匿名访问。发生的问题是,没有通过身份验证时没有任何内容被重定向到登录页面。当我将拦截url更改为pattern =“/ **”并删除所有其他http模式时,它开始重定向到另一个页面(尽管它是一个无效的URL)。 – MikeR 2013-04-30 20:08:23
所以你试图重定向到不同页面的登录页面?你是使用超链接来做这件事,还是你正在从服务器代码进行转发/重定向? – Ravi 2013-04-30 20:52:05
我试图让它重定向到昨晚我终于能够完成的登录页面,但也遇到了很多奇怪的行为(如果通过在/ faces/content/home/*中添加正确的路径) *验证主体不再有效)从简单的更改到我的security.xml文件。我认为现在需要转移到一个新的问题,因为它不再仅适用于拦截url – MikeR 2013-05-01 13:42:45