1. 首頁
  2. 問答
  3. Spring Security 3.1攔截url不攔截任何網址

Spring Security 3.1攔截url不攔截任何網址

2013-04-30 145 views
0

我有Spring Security 3.1在直接訪問登錄頁面時連接並驗證用戶,但是當用戶未通過身份驗證時沒有發生重定向。Spring Security 3.1攔截url不攔截任何網址

以下是我爲Spring Security添加或更新的配置文件。我已經閱讀了大部分(如果不是全部)關於這個命令的攔截URL的帖子。適當的EL,訪問權限等,我肯定在這裏錯過了一些東西。

我結束了在我的應用程序中使用不存在的角色進行故障排除的方法,但是仍然沒有取得任何成功。 @PreFilters也被忽略,所以我認爲它在某個地方的配置中,但根本沒有看到它。

環境 的Tomcat 7.0.22,鑽嘴魚科2.1.21,春季安全3.1,Java7

啓動服務器時

沒有錯誤。

感謝您的幫助!

問候,

邁克

的security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<bean:beans xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.1.xsd"  
    xmlns="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:bean="http://www.springframework.org/schema/beans"> 
<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"/> 
<http pattern="/resources/**" security="none" /> 
<http pattern="/images/**" security="none"/> 
<http pattern="/templates/**" security="none"/> 
<http pattern="/security/**" security="none"/> 
<http use-expressions="true" auto-config="true" access-denied-page="/error/access-denied.xhtml"> 
<intercept-url pattern="/home/**" access="hasRole('ROLE_BLAH')"/> 
<form-login default-target-url="/login.xhtml" authentication-failure-url="/login.xhtml" /> 
<logout logout-success-url="/login.xhtml" logout-url="/logout.xhtml" invalidate-session="true"/> 
<session-management> 
    <concurrency-control max-sessions="1" /> 
</session-management> 
</http> 
<authentication-manager alias="authenticationManager"> 
<authentication-provider ref="consummateUserAuthenticationProvider"> 
</authentication-provider> 
</authentication-manager> 
</bean:beans>

的services.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:jdbc="http://www.springframework.org/schema/jdbc" 
    xmlns:tx="http://www.springframework.org/schema/tx" 
    xmlns:p="http://www.springframework.org/schema/p" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/jdbc  
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd 
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
http://www.springframework.org/schema/context  
http://www.springframework.org/schema/context/spring-context-3.1.xsd 
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd"> 
<context:component-scan base-package="com.comanche.authentication"> 
</context:component-scan> 
</beans>

web.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
version="3.0"> 
<filter> 
<filter-name>springSecurityFilterChain</filter-name> 
<filter-class> 
    org.springframework.web.filter.DelegatingFilterProxy 
</filter-class> 
    </filter> 
    <filter-mapping> 
<filter-name>springSecurityFilterChain</filter-name> 
<url-pattern>/*</url-pattern> 
    </filter-mapping> 
<servlet> 
    <servlet-name>Faces Servlet</servlet-name> 
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
    <servlet-name>Faces Servlet</servlet-name> 
    <url-pattern>/faces/*</url-pattern> 
</servlet-mapping> 

<filter> 
    <filter-name>PrimeFaces FileUpload Filter</filter-name> 
    <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class> 
    <init-param> 
     <param-name>thresholdSize</param-name> 
     <param-value>51200</param-value> 
    </init-param> 
    <init-param> 
     <param-name>uploadDirectory</param-name> 
     <param-value>/home/provider/temp-fu</param-value> 
    </init-param> 

</filter> 
<filter-mapping> 
    <filter-name>PrimeFaces FileUpload Filter</filter-name> 
    <servlet-name>Faces Servlet</servlet-name> 
</filter-mapping> 
<filter> 
    <filter-name>Custom Page Filter</filter-name> 
    <filter-class>com.comanche.web.filter.CustomPageFilter</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>Custom Page Filter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<context-param> 
    <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description> 
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name> 
    <param-value>server</param-value> 
</context-param> 
<context-param> 
    <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name> 
    <param-value>resources.application</param-value> 
</context-param> 
<context-param> 
    <param-name>com.sun.faces.expressionFactory</param-name> 
    <param-value>com.sun.el.ExpressionFactoryImpl</param-value> 
</context-param> 
<context-param> 
    <param-name>com.sun.faces.enableMissingResourceLibraryDetection</param-name> 
    <param-value>true</param-value> 
</context-param> 
<context-param> 
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name> 
    <param-value>/WEB-INF/custom.taglib.xml</param-value> 
</context-param> 
<context-param> 
    <param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name> 
    <param-value>true</param-value> 
</context-param> 
<listener> 
    <listener-class>com.sun.faces.config.ConfigureListener</listener-class> 
</listener> 
<session-config> 
    <session-timeout>120</session-timeout> 
</session-config> 
<error-page> 
    <error-code>500</error-code> 
    <location>/faces/content/error/error.xhtml</location> 
</error-page> 
<error-page> 
    <error-code>404</error-code> 
    <location>/faces/content/error/error.xhtml</location> 
</error-page> 
<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/classes/application-context.xml 
     /WEB-INF/spring/security.xml 
     /WEB-INF/spring/services.xml 
    </param-value> 
</context-param> 
<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener>

來源

2013-04-30 MikeR

回答

0

要允許訪問,你需要在攔截的URL指定訪問= 「permitAll」 匿名用戶。

除此之外,

您可能需要您的形式登錄元素改變這樣的事情:

<form-login login-page='/login.xhtml' default-target-url='/home/index.xhtml' 
     always-use-default-target='true' />

爲默認目標網址是用戶身份驗證後重定向到一個或者如果你不需要它,那麼刪除它,也是永遠使用的默認目標標誌。

另外你在web.xml中缺少RequestContextListener,這些Spring監聽器應該是第一個監聽器。

並使用

<access-denied-handler error-page="/error/access-denied.xhtml" />

如禁止訪問的頁面屬性是不鼓勵。

來源

2013-04-30 19:14:13 Ravi

+0

感謝您的回覆。我現在不在尋找匿名訪問。發生的問題是,沒有通過身份驗證時沒有任何內容被重定向到登錄頁面。當我將攔截url更改爲pattern =「/ **」並刪除所有其他http模式時,它開始重定向到另一個頁面(儘管它是一個無效的URL)。 – MikeR 2013-04-30 20:08:23

+0

所以你試圖重定向到不同頁面的登錄頁面?你是使用超鏈接來做這件事,還是你正在從服務器代碼進行轉發/重定向? – Ravi 2013-04-30 20:52:05

+0

我試圖讓它重定向到昨晚我終於能夠完成的登錄頁面,但也遇到了很多奇怪的行爲(如果通過在/ faces/content/home/*中添加正確的路徑) *驗證主體不再有效)從簡單的更改到我的security.xml文件。我認爲現在需要轉移到一個新的問題,因爲它不再僅適用於攔截url – MikeR 2013-05-01 13:42:45

相關問題

 相關問題