0
我嘗試使用Spring Security 3.0.5來保護我的struts 2應用程序。用Spring Security Securize Struts2命名空間
我在web.xml中聲明這一點:
<!-- Tiles -->
<context-param>
<param-name> org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG </param-name>
<param-value>/WEB-INF/conf/tiles.xml</param-value>
</context-param>
<listener>
<listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
</listener>
<!-- Files defining SPRING ApplicationContext -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/conf/spring-security.xml,/WEB-INF/conf/application.xml</param-value>
</context-param>
<context-param>
<param-name>locatorFactorySelector</param-name>
<param-value>classpath:/model/config/beans.xml</param-value>
</context-param>
<context-param>
<param-name>parentContextKey</param-name>
<param-value>context</param-value>
</context-param>
<!-- Filter for security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Struts 2 -->
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring -->
<!-- Open session filter - binds a Hibernate Session to the thread for the entire processing of the request -->
<filter>
<filter-name>HibernateFilter</filter-name>
<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>hibernateSessionFactory</param-value>
</init-param>
</filter>
<!-- Filter for Character Encoding -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<!-- Mapping for pages to filter -->
<filter-mapping>
<filter-name>HibernateFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
然後在我的struts.xml:
<struts>
<!-- internationalisation -->
<constant name="struts.custom.i18n.resources" value="messages" />
<!-- intégration Spring -->
<constant name="struts.objectFactory.spring.autoWire" value="name" />
<package name="searchMandate" namespace="/search" extends="struts-default, tiles-default">
<action name="MandateSearchActionInit" class="web.action.mandate.SearchAction" method="initSearch">
<result name="input" type="tiles">search</result>
<result name="success" type="tiles">search</result>
</action>
</package>
<package name="userProfile" namespace="/profile" extends="struts-default, tiles-default">
<action name="ChangeProfileInit" class="web.action.user.ProfileAction" method="loadProfile">
<result name="input" type="tiles">updateProfile</result>
</action>
</package>
</struts>
我的彈簧security.xml文件:
<beans:bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
<filter-chain-map path-type="ant">
<filter-chain pattern="/**" filters="sif"/>
</filter-chain-map>
</beans:bean>
<http use-expressions="true">
<intercept-url pattern="/profile*" access="isAuthenticated()" />
<intercept-url pattern="/search*" access="hasRole('SEARCH')"/>
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<password-encoder ref="passwordEncoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select login,password, isactive
from tuser where LOGIN=?"
authorities-by-username-query="
select u.login, ur.name from tuser u,tgroup g, trolegroup rg, trole ur
where u.groupid = g.groupid and g.groupid=rg.groupid and rg.roleid=ur.roleid and u.login =? "
/>
</authentication-provider>
</authentication-manager>
我想安全性在閱讀「INFO 20-10 23:26:55,620 - 爲/ search *創建訪問控制表達式屬性hasRole('SEARCH')'」爲服務器啓動。但是,當我訪問搜索/ MandateSearchActionInit網址時,我會轉到該操作,而不會被路由到登錄頁面。 有沒有人的關鍵?
對不起。忘掉這個愚蠢的問題。一切都好,但攔截網址的模式。與Struts無關。 – Rydermark
/search/**和/ profile/**更好地工作 – Rydermark
如果您找到答案,請回答自己,這對其他人很有用。 –