2013-01-13 172 views
2

爲了學習的目的,我簡單的Spring-Hibernate應用程序。它具有一對多的數據庫關聯,您可以在其中添加倉庫,併爲每個倉庫添加項目。現在,我想補充彈簧安全認證,但是當我嘗試訪問該網站,我得到的HTTP錯誤404彈簧安全http 404錯誤

這裏是春天的安全標準桿在web.xml:

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/spring-security.xml 
    </param-value> 
</context-param> 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

這裏彈簧security.xml文件:

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

    <http use-expressions="true"> 
     <intercept-url pattern="/record/**" access="permitAll" /> 
     <form-login /> 
    </http> 

    <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="admin" password="password" authorities="supervisor, teller, user" /> 
       <user name="dianne" password="emu" authorities="teller, user" /> 
       <user name="scott" password="wombat" authorities="user" /> 
       <user name="peter" password="opal" authorities="user" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 
</beans:beans> 

如果我改變access="permitAll"爲`訪問=「hasRole(‘導師’)」當我嘗試訪問該應用程序,我被要求輸入用戶名和密碼,但是當我輸入他們,我也得到了404錯誤。沒有彈簧安全性,當我訪問「http:// localhost:8080/testapp/record/list」時,應用程序工作正常...... 我使用此網站了解彈簧安全性 - http://static.springsource.org/spring-security/site/tutorial.html

這是我的MainController:

@Controller 
@RequestMapping("/record") 
public class MainController { 

    protected static Logger logger = Logger.getLogger("controller"); 

    @Resource(name="warehouseService") 
    private WarehouseService warehouseService; 

    @Resource(name="itemService") 
    private ItemService itemService; 

     @RequestMapping(value = "/list", method = RequestMethod.GET) 
     public String getRecords(Model model) { 
     logger.debug("Received request to show records page"); 

     // Retrieve all persons 
     List<Warehouse> warehouses = warehouseService.getAll(); 

     // Prepare model object 
     List<WarehouseDTO> warehousesDTO = new ArrayList<WarehouseDTO>(); 

     for (Warehouse warehouse: warehouses) { 
      // Create new data transfer object 
      WarehouseDTO dto = new WarehouseDTO(); 

     dto.setId(warehouse.getId()); 
     dto.setName(warehouse.getName()); 
     dto.setAddress(warehouse.getAddress()); 
     dto.setManager(warehouse.getManager()); 
     dto.setItems(itemService.getAll(warehouse.getId())); 

     warehousesDTO.add(dto); 
     } 

     model.addAttribute("warehouses", warehousesDTO); 

     return "records"; 
    } 

任何想法?

回答

1

嘗試在表單登錄標籤中指定default-target-url。我猜你的認證和Spring安全默認情況下將請求路由到應用程序的根,沒有映射造成404

<form-login default-target-url="/record/list"/> 

如果失敗嘗試(不知道的觀點是如何映射):

<form-login default-target-url="/record/list/"/> 
+0

在我的MainController中,我有/ record/list的映射請求,並且列出了倉庫和倉庫項目。此頁面位於records.jsp文件中 – Karlis

+0

我添加了主控制器 – Karlis

+0

您是否在控制器中收到調試消息? –

0

這可能聽起來很愚蠢,但您是否嘗試將pattern =「/ record/」更改爲pattern =「/ testapp/record/」?

通常一個安全訪問問題會彈出403錯誤(拒絕訪問),而不是404(資源未找到)。