我們正試圖將Spring Security 2.0.5遷移到3.0.8。啓用了SSL的Tomcat和Weblogic Server中的更改工作正常,但沒有F5 Load Balancer。但是,當在Weblogic 12.c上部署應用程序並且其中包含兩個節點並且具有F5 Load Balancer時,它將開始失敗。在這個部署應用程序運行良好之前,但在部署之後它表現得很奇怪。在IE瀏覽器中,登錄按鈕會將錯誤報告爲「網絡錯誤」,有時會出現SSL錯誤,並且在Chrome瀏覽器中,您可以登錄但頁面卡住。任何機構請幫助。 這裏有變化將Spring Security 2.0.5遷移到Spring Security 3.0.8不支持Weblogic和F5負載平衡器
的applicationContext-security.xml文件(2.0.5)
1. <global-method-security />
2. <intercept-url pattern="/bs/systemCheck.action" filters="none"
access="IS_AUTHENTICATED_ANONYMOUSLY"/>
3. <beans:bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
的applicationContext-security.xml文件(3.0.8)
1. <global-method-security pre-post-annotations="enabled" secured-
annotations="enabled"/>
2. <intercept-url pattern="/bs/systemCheck.action" filters="none"/>
3. <beans:bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider"/>
</beans:list>
</beans:property>
</beans:bean>
4. <custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
<custom-filter ref="authenticationProcessingFilter"
position="FORM_LOGIN_FILTER"/>
<custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER"/>
5. <!-- Protects against session fixation -
defaulting to new session & migrate session-->
<session-management session-authentication-strategy-
ref="sessionAuthenticationStrategy"/>
<beans:property name="basicStructureManager"
ref="basicStructureManager"/>
<beans:property name="accountManager" ref="accountManager" />
<!-- Note - this is very important otherwise we get response
committed issue-->
<beans:property name="continueChainBeforeSuccessfulAuthentication"
value="false" />
6. <beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/bs/home.action"/>
<beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
</beans:bean>
7. <beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/bs/login.action?loginError=1"/>
</beans:bean>
而在網絡.xml added
<!-- Required by Spring security to handle session strategy -->
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
請正確格式化您的代碼並顯示不同版本之間的差異。目前它更像是一個難題,然後是信息。 –
@Deinum,我認爲現在好多了,感謝您糾正我:-) – Kumar
這些只是片段,所以很難弄清楚我會說。是否有配置'successHandler'和'failureHandler'而不是在你的http塊中使用''元素的原因? –