1
我在Spring MVC應用程序的jsp頁面中添加鏈接標記時遇到了問題。SAMLRequest 403在css鏈接標記中拒絕訪問
該jsp頁面用於在創建SAMLRequest後處理「拒絕訪問」。但一些如何我的鏈接標籤獲取SAMLRequest而不是CSS文本在jsp中。有人能幫我解決這個問題嗎?
我的JSP
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<link rel="stylesheet" href="css/temp.css" type="text/css">
</head>
<body>
<div class="forbidden">
<div class="repeat-image">
<div class="main-image image403">
<div class="text-block">
<p class="status">403</p>
<p class="title">Access Denied</p>
<p class="message">You currently do not have permission to access this page. Want access?</p>
<div class="instructions">
Instructions to request via Self Service UAA<br />
<ul>
<li>In SSUAA --> Search for "Access"</li>
<li>Click "Next" to confirm requests</li>
</ul>
You will receive an email confirmation and status updates for your request
</div>
<div class="message">
Go ahead and request it <a href="url" target="_blank">here » </a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
Firebug的HTML標籤:
<html>
<head>
<link type="text/css" href="css/temp.css" rel="stylesheet">
<HTML><HEAD><TITLE>HTTP Post Binding (Request)</TITLE></HEAD><BODY Onload="document.forms[0].submit()"><FORM METHOD="POST" ACTION="/idp/SSO.saml2"><INPUT TYPE="HIDDEN" NAME="SAMLRequest" VALUE="PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnBm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50IiBBbGxvd0NyZWF0ZT0idHJ1ZSIvPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg=="/><INPUT TYPE="HIDDEN" NAME="RelayState" VALUE="https://localhost:8080/"/></FORM></BODY></HTML>
</link>
</head>
<body>
</html>
安全部分:
<security:http pattern="/css/**" security="none" />
<security:http pattern="/images/**" security="none" />
<security:http pattern="/403" security="none" />
<security:http entry-point-ref="entryPoint"
use-expressions="true">
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
<security:custom-filter position="CAS_FILTER"
ref="authenticationFilter" />
<security:logout logout-url="/signout"
logout-success-url="/" />
<security:csrf disabled="true"/>
</security:http>
<bean id="authenticationFilter"
class="com.espn.ese.ais.vod.ams.security.picketlink.PicketLinkAuthenticationFilter"
lazy-init="true">
<constructor-arg value="${picketlink.filter.processes.url}" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="serviceUrl" value="${picketlink.service.url}" />
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<constructor-arg value="/403" />
</bean>
</property>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="authenticationProvider" />
</security:authentication-manager>
<bean id="authenticationProvider"
class="com.espn.ese.ais.vod.ams.security.picketlink.PicketLinkAuthenticationProvider"
lazy-init="true">
<property name="authenticationUserDetailsService">
<bean
class="com.espn.ese.ais.vod.ams.security.picketlink.PicketLinkAuthenticationUserDetailsService">
<constructor-arg ref="userDetailsService" />
</bean>
</property>
</bean>
<bean id="userDetailsService"
class="com.espn.ese.ais.vod.ams.security.TestUserDetailsService"
lazy-init="true" />
找不到網頁:
2016-07-28 10:19:18,023 WARN [org.springframework.web.servlet.PageNotFound] (http-/0.0.0.0:8080-1) No mapping found for HTTP request with URI [/{contextroot}/css/temp.css] in DispatcherServlet with name 'spring-web'
請發佈您的css/jsp的目錄結構以及您的安全配置中定義如何應用過濾器以及允許使用哪些目錄的部分。 – blur0224
@ blur0224 - 我已根據您的評論更新了我的帖子。謝謝! – Mohan
SAML安全配置中的某些內容會錯誤地保護URL。如果可以,您可以發佈完整的SAML安全配置嗎?另外,將你的彈簧日誌記錄調試,並在加載頁面時發佈對應的日誌輸出塊。應該有一些輸出顯示請求被重定向。 – blur0224