授權後不會調用請求映射的Spring安全性

Question

我有一個自定義登錄頁面，它使用自定義的UserDetailsS​​ervice bean對用戶進行身份驗證。在春季安全調試日誌中，我發現身份驗證正常進行，並且授權中的列表包含ROLE_USER。

根據配置，頁面應該重定向到welcomePage.html。但對welcomePage.html的迴應是login.html頁面。日誌表明認證成功進行。

我在我的servlet xml文件中使用註解驅動的配置。

1. 爲什麼welcomePage.html的請求處理程序未被調用？
2. 如何讓請求處理程序被調用？它曾經在春季安全整合之前工作。其他請求處理程序在彈簧安全集成之後也不會被調用。
3. 另外，Spring Security如何知道安全配置應該將所有請求轉發給我的servlet。應用程序中可能會有更多的servlet。 form-login的login-page屬性是否查詢web.xml以找到適當的處理程序？爲什麼它不諮詢web.xml，然後找不到welcomePage.html的請求映射呢？我正在使用Spring MVC DispatcherServlet。
4. 這與此相關嗎？ http://mark.koli.ch/2010/07/spring-3-and-spring-security-setting-your-own-custom-j-spring-security-check-filter-processes-url.html

下面是春季安全日誌：

19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.css' 
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.js' 
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.png' 
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistence 
Filter' 
19:03:49,646 DEBUG HttpSessionSecurityContextRepository:158 - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.secu 
rity.core.context.SecurityContextImpl@afe7c13e: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@afe7c1 
3e: Principal: security.V2VUserDetails@4a97111c; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authenticati 
on.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER' 
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter' 
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthentica 
tionFilter' 
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAware 
RequestFilter' 
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFil 
ter' 
19:03:49,647 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springf 
ramework.security.authentication.UsernamePasswordAuthenticationToken@afe7c13e: Principal: security.V2VUserDetails@4a97111c; Credentials: [PROTECTED]; 
Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E 
5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER' 
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter' 
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter 
' 
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor 
' 
19:03:49,648 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/login.html*' 
19:03:49,648 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/welcomepage.html*' 
19:03:49,648 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /welcomePage.html; Attributes: [hasRole('ROLE_USER')] 
19:03:49,649 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticatio 
nToken@afe7c13e: Principal: security.V2VUserDetails@4a97111c; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web 
.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, R 
OLE_USER 
19:03:49,649 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4481f947, returned: 1 
19:03:49,650 DEBUG FilterSecurityInterceptor:215 - Authorization successful 
19:03:49,650 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object 
19:03:49,651 DEBUG FilterChainProxy:323 - /welcomePage.html reached end of additional filter chain; proceeding with original chain 
19:03:49,660 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.css' 
19:03:49,660 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.js' 
19:03:49,661 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.png' 
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersis 
tenceFilter' 
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter' 
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthe 
nticationFilter' 
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFi 
lter' 
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilt 
er' 
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolder 
AwareRequestFilter' 
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticati 
onFilter' 
19:03:49,662 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springf 
ramework.security.authentication.UsernamePasswordAuthenticationToken@afe7c13e: Principal: security.V2VUserDetails@4a97111c; Credentials: [PROTECTED]; 
Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E 
5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER' 
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilt 
er' 
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationF 
ilter' 
19:03:49,663 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterc 
eptor' 
19:03:49,663 DEBUG FilterChainProxy:323 - /WEB-INF/jsp/login.jsp reached end of additional filter chain; proceeding with original chain 
19:03:49,665 DEBUG ExceptionTranslationFilter:115 - Chain processed normally 
19:03:49,665 DEBUG ExceptionTranslationFilter:115 - Chain processed normally 
19:03:49,665 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed 
19:03:49,915 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/jquery-ui-1.8.16.custom.css'; against '/**/*.css' 
19:03:49,916 DEBUG FilterChainProxy:180 - /css/jquery-ui-1.8.16.custom.css has an empty filter list 
19:03:49,915 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/css/jquery.datatables.css'; against '/**/*.css' 
19:03:49,916 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/css/jquery.dataTables.css has an empty filter list 
19:03:49,916 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/css/jquery.datatables_themeroller.css'; against 
'/**/*.css' 
19:03:49,917 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/css/jquery.dataTables_themeroller.css has an empty filter list 
19:03:49,961 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/redmond.custom.css'; against '/**/*.css' 
19:03:49,961 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/jquery-1.8.1.min.js'; against '/**/*.css' 
19:03:49,961 DEBUG FilterChainProxy:180 - /css/redmond.custom/redmond.custom.css has an empty filter list 
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/jquery-ui/js/jquery-ui-1.8.23.custom.min.js'; against '/**/*.css' 
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/jquery-ui/js/jquery-ui-1.8.23.custom.min.js'; against '/**/*.js' 
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/jquery-1.8.1.min.js'; against '/**/*.js' 
19:03:49,962 DEBUG FilterChainProxy:180 - /jquery-ui/js/jquery-ui-1.8.23.custom.min.js has an empty filter list 
19:03:49,963 DEBUG FilterChainProxy:180 - /js/jquery-1.8.1.min.js has an empty filter list 
19:03:49,970 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.css'; against '/**/*.css' 
19:03:49,971 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.css has an empty filter list 
19:03:49,972 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.css'; against '/** 
/*.css' 
19:03:49,972 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/css/tabletools.css'; against ' 
/**/*.css' 
19:03:49,972 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.filter.css has an empty filter list 
19:03:49,973 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/css/TableTools.css has an empty filter list 
19:03:49,973 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/css/tabletools_jui.css'; again 
st '/**/*.css' 
19:03:49,973 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/css/TableTools_JUI.css has an empty filter list 
19:03:50,018 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/css/colvis.css'; against '/**/*.cs 
s' 
19:03:50,019 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/ColVis/media/css/ColVis.css has an empty filter list 
19:03:50,021 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/common.css'; against '/**/*.css' 
19:03:50,021 DEBUG FilterChainProxy:180 - /css/common.css has an empty filter list 
19:03:50,062 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/toppanel.css'; against '/**/*.css' 
19:03:50,063 DEBUG FilterChainProxy:180 - /css/topPanel.css has an empty filter list 
19:03:50,063 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/login.css'; against '/**/*.css' 
19:03:50,063 DEBUG FilterChainProxy:180 - /css/login.css has an empty filter list 
19:03:50,065 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/js/jquery.datatables.js'; against '/**/*.css' 
19:03:50,065 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/js/jquery.datatables.js'; against '/**/*.js' 
19:03:50,065 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/js/jquery.dataTables.js has an empty filter list 
19:03:50,066 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/js/tabletools.min.js'; against 
'/**/*.css' 
19:03:50,067 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/js/tabletools.min.js'; against 
'/**/*.js' 
19:03:50,067 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/js/TableTools.min.js has an empty filter list 
19:03:50,069 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/fixedcolumns/media/js/fixedcolumns.min.js'; aga 
inst '/**/*.css' 
19:03:50,069 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/fixedcolumns/media/js/fixedcolumns.min.js'; aga 
inst '/**/*.js' 
19:03:50,069 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/FixedColumns/media/js/FixedColumns.min.js has an empty filter list 
19:03:50,070 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/js/colvis.min.js'; against '/**/*. 
css' 
19:03:50,070 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/js/colvis.min.js'; against '/**/*. 
js' 
19:03:50,071 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/ColVis/media/js/ColVis.min.js has an empty filter list 
19:03:50,071 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/slidingmessage/jquery.slidingmessage.js'; against '/**/*.css' 
19:03:50,072 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/slidingmessage/jquery.slidingmessage.js'; against '/**/*.js' 
19:03:50,072 DEBUG FilterChainProxy:180 - /plugins/slidingmessage/jquery.slidingmessage.js has an empty filter list 
19:03:50,073 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/barcode/jquery-barcode-2.0.2.min.js'; against '/**/*.css' 
19:03:50,074 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/barcode/jquery-barcode-2.0.2.min.js'; against '/**/*.js' 
19:03:50,074 DEBUG FilterChainProxy:180 - /plugins/barcode/jquery-barcode-2.0.2.min.js has an empty filter list 
19:03:50,092 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/printarea/jquery.printarea.js'; against '/**/*.css' 
19:03:50,093 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/printarea/jquery.printarea.js'; against '/**/*.js' 
19:03:50,093 DEBUG FilterChainProxy:180 - /plugins/printarea/jquery.PrintArea.js has an empty filter list 
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/common.js'; against '/**/*.css' 
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnreloadajax.datatables.js'; against '/**/*.css' 
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/common.js'; against '/**/*.js' 
19:03:50,095 DEBUG FilterChainProxy:180 - /js/common.js has an empty filter list 
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnreloadajax.datatables.js'; against '/**/*.js' 
19:03:50,096 DEBUG FilterChainProxy:180 - /js/fnReloadAjax.dataTables.js has an empty filter list 
19:03:50,096 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnstandingredraw.datatables.js'; against '/**/*.css' 
19:03:50,097 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnstandingredraw.datatables.js'; against '/**/*.js' 
19:03:50,097 DEBUG FilterChainProxy:180 - /js/fnStandingRedraw.dataTables.js has an empty filter list 
19:03:50,098 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.min.js'; against '/**/*.c 
ss' 
19:03:50,098 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.min.js'; against '/**/*.j 
s' 
19:03:50,099 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.min.js has an empty filter list 
19:03:50,100 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js'; against ' 
/**/*.css' 
19:03:50,100 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js'; against ' 
/**/*.js' 
19:03:50,100 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js has an empty filter list 
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/toggleradio/toggleradio.js'; against '/**/*.css' 
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/highlight/highlight.js'; against '/**/*.css' 
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/toggleradio/toggleradio.js'; against '/**/*.js' 
19:03:50,103 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/highlight/highlight.js'; against '/**/*.js' 
19:03:50,103 DEBUG FilterChainProxy:180 - /plugins/toggleradio/toggleradio.js has an empty filter list 
19:03:50,103 DEBUG FilterChainProxy:180 - /plugins/Highlight/highlight.js has an empty filter list 
19:03:50,105 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js'; against '/** 
/*.css' 
19:03:50,105 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js'; against '/** 
/*.js' 
19:03:50,105 DEBUG FilterChainProxy:180 - /plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js has an empty filter list 
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.cs 
s' 
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.js 
' 
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/ 
*.css' 
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.pn 
g' 
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/ 
*.js' 
19:03:50,230 DEBUG FilterChainProxy:180 - /css/redmond.custom/images/ui-icons_6da8d5_256x240.png has an empty filter list 
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/ 
*.png' 
19:03:50,231 DEBUG FilterChainProxy:180 - /css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png has an empty filter list 

春季安全配置：

<http pattern="/**/*.css" security="none" /> 
    <http pattern="/**/*.js" security="none" /> 
    <http pattern="/**/*.png" security="none" /> 

    <http auto-config="true" use-expressions="true"> 
    <intercept-url pattern="/login.html*" access="isAnonymous()" /> 
    <intercept-url pattern="/welcomePage.html*" access="hasRole('ROLE_USER')" /> 
    <intercept-url pattern="/**" access="isFullyAuthenticated()" /> 
    <form-login login-page="/login.html" 
       default-target-url="/welcomePage.html" 
       authentication-failure-url="/login.html" 
       always-use-default-target="true" /> 
    </http> 

Answer 1

找到我說春天的安全代碼，但忘了刪除一些問題

負責認證的舊代碼的一部分。我有一個攔截器，它將檢查會話中的用戶，並在用戶未找到時重定向到登錄頁面。

刪除舊的攔截器，現在問題得到解決。