2012-10-20 61 views
0

我嘗試使用Spring Security 3.0.5來保護我的struts 2應用程序。用Spring Security Securize Struts2命名空間

我在web.xml中聲明這一點:

 <!-- Tiles --> 
    <context-param> 
    <param-name> org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG </param-name> 
    <param-value>/WEB-INF/conf/tiles.xml</param-value> 
    </context-param> 
    <listener> 
    <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class> 
    </listener> 

<!-- Files defining SPRING ApplicationContext --> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>/WEB-INF/conf/spring-security.xml,/WEB-INF/conf/application.xml</param-value> 
    </context-param> 

    <context-param> 
     <param-name>locatorFactorySelector</param-name> 
     <param-value>classpath:/model/config/beans.xml</param-value> 
    </context-param> 
    <context-param> 
     <param-name>parentContextKey</param-name> 
     <param-value>context</param-value> 
    </context-param> 

    <!-- Filter for security --> 
    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <!-- Struts 2 --> 
    <filter> 
    <filter-name>struts2</filter-name> 
    <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class> 
    </filter> 
    <filter-mapping> 
    <filter-name>struts2</filter-name> 
    <url-pattern>/*</url-pattern> 
    </filter-mapping> 
    <!-- Spring --> 


    <!-- Open session filter - binds a Hibernate Session to the thread for the entire processing of the request --> 
    <filter> 
     <filter-name>HibernateFilter</filter-name> 
     <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class> 
     <init-param> 
       <param-name>sessionFactoryBeanName</param-name> 
       <param-value>hibernateSessionFactory</param-value> 
     </init-param> 
    </filter> 

     <!-- Filter for Character Encoding --> 
    <filter> 
     <filter-name>CharacterEncodingFilter</filter-name> 
     <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
     <init-param> 
      <param-name>encoding</param-name> 
      <param-value>UTF-8</param-value> 
     </init-param> 
    </filter> 


    <!-- Mapping for pages to filter --> 
    <filter-mapping> 
     <filter-name>HibernateFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 
    <filter-mapping> 
     <filter-name>CharacterEncodingFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 


<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 
<listener> 
     <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> 
</listener> 


    <welcome-file-list> 
    <welcome-file>index.html</welcome-file> 
    </welcome-file-list> 

然後在我的struts.xml:

<struts> 
    <!-- internationalisation --> 
    <constant name="struts.custom.i18n.resources" value="messages" /> 
    <!-- intégration Spring --> 
    <constant name="struts.objectFactory.spring.autoWire" value="name" /> 

    <package name="searchMandate" namespace="/search" extends="struts-default, tiles-default"> 
    <action name="MandateSearchActionInit" class="web.action.mandate.SearchAction" method="initSearch"> 
     <result name="input" type="tiles">search</result> 
     <result name="success" type="tiles">search</result> 
    </action> 
    </package> 
    <package name="userProfile" namespace="/profile" extends="struts-default, tiles-default"> 
     <action name="ChangeProfileInit" class="web.action.user.ProfileAction" method="loadProfile"> 
      <result name="input" type="tiles">updateProfile</result> 
     </action> 
    </package> 
</struts> 

我的彈簧security.xml文件:

 <beans:bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy"> 
     <filter-chain-map path-type="ant"> 
      <filter-chain pattern="/**" filters="sif"/> 
     </filter-chain-map> 
    </beans:bean> 

    <http use-expressions="true"> 
     <intercept-url pattern="/profile*" access="isAuthenticated()" /> 
     <intercept-url pattern="/search*" access="hasRole('SEARCH')"/> 
     <form-login login-page="/login" default-target-url="/welcome" 
      authentication-failure-url="/loginfailed" /> 
     <logout logout-success-url="/logout" /> 
    </http> 



    <authentication-manager> 
     <authentication-provider> 
      <password-encoder ref="passwordEncoder" /> 
      <jdbc-user-service data-source-ref="dataSource" 

       users-by-username-query=" 
        select login,password, isactive 
        from tuser where LOGIN=?" 

       authorities-by-username-query=" 
        select u.login, ur.name from tuser u,tgroup g, trolegroup rg, trole ur 
        where u.groupid = g.groupid and g.groupid=rg.groupid and rg.roleid=ur.roleid and u.login =? " 

      /> 
     </authentication-provider> 
    </authentication-manager> 

我想安全性在閱讀「INFO 20-10 23:26:55,620 - 爲/ search *創建訪問控制表達式屬性hasRole('SEARCH')'」爲服務器啓動。但是,當我訪問搜索/ MandateSearchActionInit網址時,我會轉到該操作,而不會被路由到登錄頁面。 有沒有人的關鍵?

+0

對不起。忘掉這個愚蠢的問題。一切都好,但攔截網址的模式。與Struts無關。 – Rydermark

+1

/search/**和/ profile/**更好地工作 – Rydermark

+0

如果您找到答案,請回答自己,這對其他人很有用。 –

回答

0

事實上,攔截URL模式是錯誤的。 例如,對於搜索路徑的語法應爲:

<intercept-url pattern="/search/**" access="hasRole('SEARCH')"/> 

與struts2的無連接(春季安全保證URL,也沒有背後是什麼事)。