2013-09-21 94 views
0

使用Spring安全3.2,我試圖攔截的網址如下:春季安全網址攔截使用正則表達式匹配失敗

<security:http use-expressions="true" path-type="regex" > 

    <security:intercept-url pattern="/jsp/Error_403.jsp" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" /> 
    <security:intercept-url pattern="/jsp/LoggedOut.jsp" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" /> 
    <security:intercept-url pattern="/jsp/home/header.html" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')"/> 
    <security:intercept-url pattern="/unjust?action=statistics" access="hasAnyRole('ROLE_ADMIN','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" /> 
    <security:intercept-url pattern="/unjust?action=browse" access="hasAnyRole('ROLE_ADMIN')" /> 
    <security:intercept-url pattern="/unjust?action=search" access="hasAnyRole('ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" /> 
    <security:intercept-url pattern="/unjust?action=home" access="hasAnyRole('ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" /> 
      <security:intercept-url pattern="/unjust" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')"/> 


    <security:intercept-url pattern="/**" access="denyAll" /> 
    <access-denied-handler error-page="/jsp/Error_403.jsp"/> 

    <security:logout /> 
    <security:openid-login login-page="/openidlogin.jsp" 
     user-service-ref="registeringUserService" authentication-failure-url="/openidlogin.jsp?login_error=true"> 
     <attribute-exchange identifier-match="https://www.google.com/.*"> 
      <openid-attribute name="email" 
       type="http://axschema.org/contact/email" required="true" count="1" /> 
      <openid-attribute name="firstname" 
       type="http://axschema.org/namePerson/first" required="true" /> 
      <openid-attribute name="lastname" 
       type="http://axschema.org/namePerson/last" required="true" /> 
     </attribute-exchange> 

     <attribute-exchange identifier-match=".*myopenid.com.*"> 
      <openid-attribute name="email" 
       type="http://schema.openid.net/contact/email" required="true" /> 
      <openid-attribute name="fullname" 
       type="http://schema.openid.net/namePerson" required="true" /> 
     </attribute-exchange> 
    </security:openid-login> 
    <remember-me token-repository-ref="tokenRepo" /> 
</security:http>  

當我嘗試執行,例如,瀏覽動作,我無法驗證和日誌顯示此:

12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.FilterChainProxy - /unjust?action=statistics at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/jsp/Error_403.jsp' 
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/jsp/LoggedOut.jsp' 
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/jsp/home/header.html' 
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=statistics' 
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=browse' 
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=search$' 
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=home' 
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher - Checking match of request : '/unjust?action=statistics'; against '/unjust' 
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /unjust?action=statistics; Attributes: [denyAll] 
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: [[email protected]f995e9: Principal: [email protected]: Username: https://www.google.com/accounts/o8/id?xxxxx; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_BRONZE_SUB; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]380f4: RemoteIpAddress: 127.0.0.1; SessionId: 6F57A4A404D2BC3CD82391F6973FA715; Granted Authorities: ROLE_BRONZE_SUB, attributes : xxxxxx 
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.sp[email protected]b041b0, returned: -1 
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler 
org.springframework.security.access.AccessDeniedException: Access is denied 

我看到一個數字,有許多不同的格式的正則表達式在計算器上的帖子,不等我有什麼上面

<security:intercept-url pattern="\A^/unjust?action=search.$\Z" 

我已經能夠生成使用ant路徑匹配,然而,事情則無法比賽時,我有這樣的要求:在之間

/unjust?action=browseUNDT&sEcho=1&iColumns=7&sColumns=&iDisplayStart=0&iDisplayLength=10&mDataProp_0=caseName&mDataProp_1=caseId&mDataProp_2=judgmentDate&mDataProp_3=judgmentType&mDataProp_4=judgmentNo&mDataProp_5=docId&mDataProp_6=displayCase&sSearch=&bRegex=false&sSearch_0=&bRegex_0=false&bSearchable_0=true&sSearch_1=&bRegex_1=false&bSearchable_1=true&sSearch_2=&bRegex_2=false&bSearchable_2=true&sSearch_3=&bRegex_3=false&bSearchable_3=true&sSearch_4=&bRegex_4=false&bSearchable_4=true&sSearch_5=&bRegex_5=false&bSearchable_5=true&sSearch_6=&bRegex_6=false&bSearchable_6=true&iSortCol_0=0&sSortDir_0=asc&iSortingCols=1&bSortable_0=true&bSortable_1=true&bSortable_2=true&bSortable_3=true&bSortable_4=true&bSortable_5=true&bSortable_6=true&_=1379771161138 

和一切。

有人可以引導我走向這種模式匹配的正確設置和語法嗎?

+0

它看起來好像是一個簡單的語法錯誤,例如:應該寫成以匹配url結尾的所有結尾字符 – jmf1205

回答

1

默認情況下,Spring不支持參數匹配。與正則表達式匹配使用請求匹配=「正則表達式」或路徑類型=「正則表達式」,你可以使用正則表達式來匹配網址。 現在你提供的模式= /unjust?action=browse「?」意味着正則表達式中的特殊符號一次出現或零次。你應該逃脫?在您的模式中使用"\\?"

+1

是幾個問題之一 - 我也不正確地匹配到行的末尾。正確的語法如下所示: jmf1205