1. 首页
  2. 问答
  3. Spring Security 3.1拦截url不拦截任何网址

Spring Security 3.1拦截url不拦截任何网址

2013-04-30 989 views
0

我有Spring Security 3.1在直接访问登录页面时连接并验证用户,但是当用户未通过身份验证时没有发生重定向。Spring Security 3.1拦截url不拦截任何网址

以下是我为Spring Security添加或更新的配置文件。我已经阅读了大部分(如果不是全部)关于这个命令的拦截URL的帖子。适当的EL,访问权限等,我肯定在这里错过了一些东西。

我结束了在我的应用程序中使用不存在的角色进行故障排除的方法,但是仍然没有取得任何成功。 @PreFilters也被忽略,所以我认为它在某个地方的配置中,但根本没有看到它。

环境 的Tomcat 7.0.22,钻嘴鱼科2.1.21,春季安全3.1,Java7

启动服务器时

没有错误。

感谢您的帮助!

问候,

迈克

的security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<bean:beans xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.1.xsd"  
    xmlns="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:bean="http://www.springframework.org/schema/beans"> 
<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"/> 
<http pattern="/resources/**" security="none" /> 
<http pattern="/images/**" security="none"/> 
<http pattern="/templates/**" security="none"/> 
<http pattern="/security/**" security="none"/> 
<http use-expressions="true" auto-config="true" access-denied-page="/error/access-denied.xhtml"> 
<intercept-url pattern="/home/**" access="hasRole('ROLE_BLAH')"/> 
<form-login default-target-url="/login.xhtml" authentication-failure-url="/login.xhtml" /> 
<logout logout-success-url="/login.xhtml" logout-url="/logout.xhtml" invalidate-session="true"/> 
<session-management> 
    <concurrency-control max-sessions="1" /> 
</session-management> 
</http> 
<authentication-manager alias="authenticationManager"> 
<authentication-provider ref="consummateUserAuthenticationProvider"> 
</authentication-provider> 
</authentication-manager> 
</bean:beans>

的services.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:jdbc="http://www.springframework.org/schema/jdbc" 
    xmlns:tx="http://www.springframework.org/schema/tx" 
    xmlns:p="http://www.springframework.org/schema/p" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/jdbc  
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd 
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
http://www.springframework.org/schema/context  
http://www.springframework.org/schema/context/spring-context-3.1.xsd 
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd"> 
<context:component-scan base-package="com.comanche.authentication"> 
</context:component-scan> 
</beans>

web.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
version="3.0"> 
<filter> 
<filter-name>springSecurityFilterChain</filter-name> 
<filter-class> 
    org.springframework.web.filter.DelegatingFilterProxy 
</filter-class> 
    </filter> 
    <filter-mapping> 
<filter-name>springSecurityFilterChain</filter-name> 
<url-pattern>/*</url-pattern> 
    </filter-mapping> 
<servlet> 
    <servlet-name>Faces Servlet</servlet-name> 
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
    <servlet-name>Faces Servlet</servlet-name> 
    <url-pattern>/faces/*</url-pattern> 
</servlet-mapping> 

<filter> 
    <filter-name>PrimeFaces FileUpload Filter</filter-name> 
    <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class> 
    <init-param> 
     <param-name>thresholdSize</param-name> 
     <param-value>51200</param-value> 
    </init-param> 
    <init-param> 
     <param-name>uploadDirectory</param-name> 
     <param-value>/home/provider/temp-fu</param-value> 
    </init-param> 

</filter> 
<filter-mapping> 
    <filter-name>PrimeFaces FileUpload Filter</filter-name> 
    <servlet-name>Faces Servlet</servlet-name> 
</filter-mapping> 
<filter> 
    <filter-name>Custom Page Filter</filter-name> 
    <filter-class>com.comanche.web.filter.CustomPageFilter</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>Custom Page Filter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<context-param> 
    <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description> 
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name> 
    <param-value>server</param-value> 
</context-param> 
<context-param> 
    <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name> 
    <param-value>resources.application</param-value> 
</context-param> 
<context-param> 
    <param-name>com.sun.faces.expressionFactory</param-name> 
    <param-value>com.sun.el.ExpressionFactoryImpl</param-value> 
</context-param> 
<context-param> 
    <param-name>com.sun.faces.enableMissingResourceLibraryDetection</param-name> 
    <param-value>true</param-value> 
</context-param> 
<context-param> 
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name> 
    <param-value>/WEB-INF/custom.taglib.xml</param-value> 
</context-param> 
<context-param> 
    <param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name> 
    <param-value>true</param-value> 
</context-param> 
<listener> 
    <listener-class>com.sun.faces.config.ConfigureListener</listener-class> 
</listener> 
<session-config> 
    <session-timeout>120</session-timeout> 
</session-config> 
<error-page> 
    <error-code>500</error-code> 
    <location>/faces/content/error/error.xhtml</location> 
</error-page> 
<error-page> 
    <error-code>404</error-code> 
    <location>/faces/content/error/error.xhtml</location> 
</error-page> 
<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/classes/application-context.xml 
     /WEB-INF/spring/security.xml 
     /WEB-INF/spring/services.xml 
    </param-value> 
</context-param> 
<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener>

来源

2013-04-30 MikeR

回答

0

要允许访问,你需要在拦截的URL指定访问= “permitAll” 匿名用户。

除此之外,

您可能需要您的形式登录元素改变这样的事情:

<form-login login-page='/login.xhtml' default-target-url='/home/index.xhtml' 
     always-use-default-target='true' />

为默认目标网址是用户身份验证后重定向到一个或者如果你不需要它,那么删除它,也是永远使用的默认目标标志。

另外你在web.xml中缺少RequestContextListener,这些Spring监听器应该是第一个监听器。

并使用

<access-denied-handler error-page="/error/access-denied.xhtml" />

如禁止访问的页面属性是不鼓励。

来源

2013-04-30 19:14:13 Ravi

+0

感谢您的回复。我现在不在寻找匿名访问。发生的问题是,没有通过身份验证时没有任何内容被重定向到登录页面。当我将拦截url更改为pattern =“/ **”并删除所有其他http模式时,它开始重定向到另一个页面(尽管它是一个无效的URL)。 – MikeR 2013-04-30 20:08:23

+0

所以你试图重定向到不同页面的登录页面?你是使用超链接来做这件事,还是你正在从服务器代码进行转发/重定向? – Ravi 2013-04-30 20:52:05

+0

我试图让它重定向到昨晚我终于能够完成的登录页面,但也遇到了很多奇怪的行为(如果通过在/ faces/content/home/*中添加正确的路径) *验证主体不再有效)从简单的更改到我的security.xml文件。我认为现在需要转移到一个新的问题,因为它不再仅适用于拦截url – MikeR 2013-05-01 13:42:45

相关问题

 相关问题