1. 首頁
  2. 問答
  3. Spring Security - 我可以同時使用名稱空間和過濾器鏈嗎?

Spring Security - 我可以同時使用名稱空間和過濾器鏈嗎?

2012-07-23 36 views
6

我正在使用spring安全性,我必須同時使用過濾器鏈和命名空間。命名空間工作正常,但似乎過濾器鏈不!
這是我的配置。首先,命名空間:
Spring Security - 我可以同時使用名稱空間和過濾器鏈嗎?

<sec:global-method-security secured-annotations="enabled" /> 

<sec:http pattern="/app/login.jsp*" security="none" /> 
<sec:http pattern="/admin/login.jsp*" security="none" /> 
<sec:http pattern="/app/*.png" security="none" /> 
<sec:http pattern="/admin/*.png" security="none" /> 
<sec:http pattern="/app/**" authentication-manager-ref="authenticationManager" 
    access-decision-manager-ref="accessDecisionManager"> 
    <sec:intercept-url pattern="/app/**" access="ROLE_USER" /> 
    <sec:access-denied-handler error-page="/app/login.jsp?aer=" /> 
    <sec:form-login login-processing-url="/app/j_spring_security_check" 
     always-use-default-target="true" default-target-url="/app/index.html" 
     login-page='/app/login.jsp' authentication-failure-url='/app/login.jsp?login_error' /> 
    <sec:logout logout-url="/app/j_spring_security_logout" 
     invalidate-session="true" logout-success-url="/app/login.jsp" /> 
</sec:http> 
<sec:http pattern="/admin/**" authentication-manager-ref="authenticationManager" 
    access-decision-manager-ref="accessDecisionManager"> 
    <sec:intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> 
    <sec:access-denied-handler error-page="/admin/login.jsp?aer=" /> 
    <sec:form-login login-processing-url="/admin/j_spring_security_check" 
     always-use-default-target="true" default-target-url="/admin/index.html" 
     login-page='/admin/login.jsp' authentication-failure-url='/admin/login.jsp?login_error' /> 
    <sec:logout logout-url="/admin/j_spring_security_logout" 
     invalidate-session="true" logout-success-url="/admin/login.jsp" /> 
</sec:http>


這工作得很好。但我也需要有一個過濾器鏈來檢查其他請求。 (動態創建這些要求,我們必須控制他們這樣)
這是我的過濾器鏈:

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy"> 
    <security:filter-chain-map path-type="ant"> 

    <sec:filter-chain pattern="/css/**" filters="none" /> 
    <sec:filter-chain pattern="/common/**" filters="none" /> 
    <sec:filter-chain pattern="/images/**" filters="none" /> 
    <sec:filter-chain pattern="/login.jsp*" filters="none" /> 
    <sec:filter-chain pattern="/rest/**" 
     filters=" 
     ConcurrentSessionFilter, 
     securityContextPersistenceFilter, 
     logoutFilter, 
     authenticationProcessingFilter, 
     sessionManagementFilter, 
     exceptionTranslationFilter, 
     filterSecurityInterceptor" /> 

    </security:filter-chain-map> 
</bean>


的問題是,過濾鏈不控制任何。我確信,當不使用名稱空間時,過濾器鏈工作正常。但是當我添加命名空間時,問題就開始了。
爲什麼?我不能使用它嗎?或者我可以和我必須改變一些東西?

更新:
這是我的調試日誌調用該資源時:/rest/asrv/gtallmmbrsofusrgrp

DEBUG AntPathRequestMatcher   - Checking match of request : '/rest/asrv/gtallmmbrsofusrgrp'; against '/app/login.jsp*' 
DEBUG AntPathRequestMatcher   - Checking match of request : '/rest/asrv/gtallmmbrsofusrgrp'; against '/admin/login.jsp*' 
DEBUG AntPathRequestMatcher   - Checking match of request : '/rest/asrv/gtallmmbrsofusrgrp'; against '/app/*.png' 
DEBUG AntPathRequestMatcher   - Checking match of request : '/rest/asrv/gtallmmbrsofusrgrp'; against '/admin/*.png' 
DEBUG AntPathRequestMatcher   - Checking match of request : '/rest/asrv/gtallmmbrsofusrgrp'; against '/app/**' 
DEBUG AntPathRequestMatcher   - Checking match of request : '/rest/asrv/gtallmmbrsofusrgrp'; against '/admin/**' 
DEBUG FilterChainProxy    - /rest/asrv/gtallmmbrsofusrgrp has no matching filters

來源

2012-07-23 Matin Kh

+0

從你配置命名空間的方式,我假設你正在使用SS 3.1?基於你的問題的特殊性,你似乎知道你在配置方面正在做什麼 - 你是否試圖應用這個過濾器鏈而不是* 命名空間聲明,或者除了它們? – 2012-07-23 15:11:18

+0

我試圖將這些過濾器添加到命名空間。 – 2012-07-23 15:27:05

+0

我已更新我的問題@PeterMularien。現在你可以看到filter-chain-proxy不起作用。這是我的配置導致這個問題嗎?我必須更改訂單嗎? – 2012-07-25 09:48:08

回答

5

我認爲你缺少在web.xml中的DelegatingFilterProxy條目。但是無論如何,

從Spring 3.1開始,FilterChainProxy使用SecurityFilterChain實例列表進行配置,並且不建議使用FilterChainMap。因此,嘗試將其配置是這樣的:

<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> 
    <constructor-arg> 
     <list> 
      <sec:filter-chain pattern="/css/**" filters="none" /> 
      <sec:filter-chain pattern="/common/**" filters="none" /> 
      <sec:filter-chain pattern="/images/**" filters="none" /> 
      <sec:filter-chain pattern="/login.jsp*" filters="none" /> 
      <sec:filter-chain pattern="/rest/**" 
       filters=" 
       ConcurrentSessionFilter, 
       securityContextPersistenceFilter, 
       logoutFilter, 
       authenticationProcessingFilter, 
       sessionManagementFilter, 
       exceptionTranslationFilter, 
       filterSecurityInterceptor" /> 
     </list> 
    </constructor-arg> 
</bean>

和過濾器添加到您的web.xml是這樣的:

<filter> 
    <filter-name>filterChainProxy</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>filterChainProxy</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

API Documentation

更新1

要添加日誌到您的應用程序只需將log4j jar放在路徑上並在您的類路徑下添加一個log4j.properties文件即可。

Log4j.properties:

log4j.rootCategory=INFO, stdout 
log4j.appender.stdout=org.apache.log4j.ConsoleAppender 
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout 
log4j.appender.stdout.layout.ConversionPattern=%d{ISO8601} %-5p %c %M - %m\n 

log4j.category.org.springframework.security=DEBUG

logging using Log4j

更新2見:這似乎爲我工作,我已經把測試頁welcome.xhtml休息目錄。調試日誌如下:

2012-07-30 00:26:05,917 DEBUG org.springframework.security.web.util.AntPathRequestMatcher matches - Checking match of request : '/rest/welcome.xhtml'; against '/javax.faces.resource/**' 
2012-07-30 00:26:05,923 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2012-07-30 00:26:05,923 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository readSecurityContextFromSession - No HttpSession currently exists 
2012-07-30 00:26:05,923 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository loadContext - No SecurityContext was available from the HttpSession: null. A new one will be created. 
2012-07-30 00:26:05,925 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
2012-07-30 00:26:05,925 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2012-07-30 00:26:05,925 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 4 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
2012-07-30 00:26:05,925 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 5 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2012-07-30 00:26:05,925 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 6 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2012-07-30 00:26:05,926 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
2012-07-30 00:26:05,926 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2012-07-30 00:26:05,928 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter doFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2012-07-30 00:26:05,928 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2012-07-30 00:26:05,929 DEBUG org.springframework.security.web.session.SessionManagementFilter doFilter - Requested session IDD44EAA53A767F3DC9C7338D3CD335198 is invalid. 
2012-07-30 00:26:05,929 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2012-07-30 00:26:05,929 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2012-07-30 00:26:05,929 DEBUG org.springframework.security.web.util.AntPathRequestMatcher matches - Checking match of request : '/rest/welcome.xhtml'; against '/login.xhtml' 
2012-07-30 00:26:05,929 DEBUG org.springframework.security.web.util.AntPathRequestMatcher matches - Checking match of request : '/rest/welcome.xhtml'; against '/*' 
2012-07-30 00:26:05,929 DEBUG org.springframework.security.web.util.AntPathRequestMatcher matches - Checking match of request : '/rest/welcome.xhtml'; against '/admin/**' 
2012-07-30 00:26:05,930 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor beforeInvocation - Public object - authentication not attempted 
2012-07-30 00:26:05,932 DEBUG org.springframework.security.web.FilterChainProxy doFilter - /rest/welcome.xhtml reached end of additional filter chain; proceeding with original chain 
2012-07-30 00:26:06,229 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter doFilter - Chain processed normally

我認爲這是兩種形式的登錄,你有導致問題。嘗試只有一個登錄表單並根據角色控制導航。看到這個問題,例如:Can i use one Login page to redirect different page with Spring 3.0 Security..?

來源

2012-07-23 16:47:54 Ravi

+0

我會在接下來的幾個小時內檢查並讓您知道結果。但是,我不會忘記這一點。 – 2012-07-23 17:07:01

+0

並在調試級別檢查日誌。 – Ravi 2012-07-23 17:29:50

+0

我檢查了你的配置,不幸的是這也不起作用。沒有日誌,因爲它沒有遇到任何問題。讓我知道你是否需要更多信息。 – 2012-07-24 04:59:38

相關問題

 相關問題