1. 首页
  2. 问答
  3. 春季安全中无法允许静态资源3

春季安全中无法允许静态资源3

2013-05-10 91 views
5

春季安全中我无法允许静态资源(如js,css,images)3.Below是我的配置文件。春季安全中无法允许静态资源3

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
       http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
       http://www.springframework.org/schema/security 
       http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 



    <bean id="authenticationEntryPoint" 
     class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
     <property name="loginFormUrl" value="/login.htm" /> 
    </bean> 

    <security:http security="none" pattern="/js/ajaxScript.js"/> 
    <security:http security="none" pattern="/js/commonScript.js"/> 

    <bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" /> 

    <security:http auto-config="false" entry-point-ref="authenticationEntryPoint" disable-url-rewriting="true" use-expressions="true"> 

     <security:custom-filter position="FORM_LOGIN_FILTER" 
      ref="customAuthenticationProcessingFilter" /> 

<!--  <security:intercept-url pattern="/js/jquery.min.js" access="isAuthenticated()" /> --> 
<!--  <security:intercept-url pattern="/js/**/**" access="permitAll" /> --> 
     <security:intercept-url pattern="/displayAdminPage.htm" access="hasRole('ROLE_ADMIN')" /> 
     <security:access-denied-handler ref="accessDeniedHandler" /> 

    </security:http> 

    <security:authentication-manager alias="authenticationManager"> 
     <security:authentication-provider user-service-ref="customUserDetailService"> 
     </security:authentication-provider> 
    </security:authentication-manager> 

    <bean id="customUserDetailService" class="com.qait.cdl.services.impl.UserSecurityServiceImpl"> 
     <property name="userDao" ref="userDao"/> 
     </bean> 

    <bean id="customAuthenticationProcessingFilter" 
     class="com.qait.cdl.services.impl.CustomAuthenticationProcessingFilter"> 
     <property name="authenticationManager" ref="authenticationManager" /> 
    </bean> 

    <bean id="accessDeniedHandler" 
     class="org.springframework.security.web.access.AccessDeniedHandlerImpl"> 
     <property name="errorPage" value="/WEB-INF/jsp/customLoginForm/denied.jsp" /> 
    </bean> 
</beans>

我不知道在哪里,我错了吗?我想所有的JS,图片,CSS必须由弹簧security.JS文件绕过存在于Web应用程序/ JS和的webapp/JS/commonScript folder.Images是存在于webapp/images文件夹中。

下面是我的web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    id="WebApp_ID" version="2.5"> 
    <display-name>cdl</display-name> 
    <servlet> 
     <servlet-name>dispatcher</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>dispatcher</servlet-name> 
     <url-pattern>/</url-pattern> 
    </servlet-mapping> 

    <servlet> 
     <servlet-name>startUpServlet</servlet-name> 
     <servlet-class>com.qait.cdl.commons.startup.StartUpServlet</servlet-class> 
     <load-on-startup>2</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>startUpServlet</servlet-name> 
     <url-pattern>/startUpServlet.htm</url-pattern> 
    </servlet-mapping> 

    <welcome-file-list> 
     <welcome-file>redirect.jsp</welcome-file> 
    </welcome-file-list> 

    <context-param> 
     <param-name>CDL_ENV</param-name> 
     <param-value>staging</param-value> 
    </context-param> 

    <listener> 
     <listener-class>com.qait.cdl.commons.startup.CdlContextListner</listener-class> 
    </listener> 

    <!-- Session timeout --> 
    <session-config> 
     <session-timeout>600</session-timeout> 
    </session-config> 

    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 

    <context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
    WEB-INF/applicationContext.xml 
<!--  WEB-INF/SpringSecurityConfig.xml --> 
    WEB-INF/dispatcher-servlet.xml 
    </param-value> 
    </context-param> 

</web-app>

来源

2013-05-10 ved

回答

5

更新:

从更新的问题,它是与静态资源映射问题。我们需要在Spring配置中添加一个静态资源映射,因为所有请求都被传递给调度器servlet。

需要添加以下到调度员servelt.xml

<mvc:resources mapping="/js/**" location="/js/" />

来源

2013-05-10 05:55:34

+0

@ved评论在哪里? – 2013-05-14 03:57:32

+0

我也感到震惊....我不知道.. 你做了更新,我想某处..... – ved 2013-05-14 04:04:36

+0

我没有得到他的评论 – ved 2013-05-14 06:56:23

2

对我来说,解决办法是

添加在applicationContext.xml中(调度员的servelt)标签:

<mvc:resources mapping="/js/**" location="/js/" />

以及我在项目中如何拥有Spring Security ....在spring-security.xml中添加标签:

<http pattern="/js/**" security="none" />

使用Spring和Spring Security 3.1

来源

2014-02-16 21:26:42 Dellanio

 相关问题

  • 暂无相关问题^_^