1. 首頁
  2. 問答
  3. Spring Security - 我已經登錄時無法訪問我的歡迎頁面

Spring Security - 我已經登錄時無法訪問我的歡迎頁面

2010-01-13 24 views
2

我有一個使用Spring Security的網站。我已經意識到,當我登錄應用程序時,我試圖再次訪問該網站而不關閉本次會話,我得到一個404錯誤。我的意思是,如果我的應用程序有一個上下文名稱「myApp」,當我沒有登錄時,我可以訪問localhost:8080/myApp,但是當我登錄並輸入該URL時,出現錯誤。例如,如果我輸入localhost:8080/myApp/control/login,它就會正確顯示我的登錄表單。Spring Security - 我已經登錄時無法訪問我的歡迎頁面

這裏是我的春天 - 安全配置:

<beans 
    xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:sec="http://www.springframework.org/schema/security" 
    xsi:schemaLocation=" 
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd 
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> 

<sec:http auto-config="true" access-denied-page="/control/login/error"> 
    <sec:intercept-url pattern="/resources/**" filters="none"/> 
    <sec:intercept-url pattern="/favicon.ico" filters="none"/> 
    <sec:intercept-url pattern="/control/login/error" filters="none"/> 
    <sec:intercept-url pattern="/control/login" filters="none"/> 
    <sec:intercept-url pattern="/control/logout" filters="none"/> 
    <sec:intercept-url pattern="/control/newUser" filters="none"/> 
    <sec:intercept-url pattern="/control/invitedUser" filters="none"/> 
    <sec:intercept-url pattern="/control/error" filters="none"/> 

    <sec:intercept-url pattern="/**" access="ROLE_ANONIM,ROLE_GUEST,ROLE_BASIC,ROLE_ADMIN,ROLE_PREMIUM" /> 
    <sec:form-login login-page='/control/login' default-target-url='/control/index' always-use-default-target='true' /> 
<sec:logout logout-success-url="/control/logout"/> 

<sec:session-management> 
<sec:concurrency-control expired-url="/control/login/error" /> 
</sec:session-management>

在我的web.xml我有指標。 JSP作爲

<welcome-file-list> 
<welcome-file>/index.jsp</welcome-file> 
</welcome-file-list>

我增加了日誌,當我嘗試訪問我的歡迎頁面,它顯示了一個404錯誤歡迎文件:

18:36:26,309 DEBUG [jpa.support.OpenEntityManagerInViewFilter] Using EntityManagerFactory 'entityManagerFactory' for OpenEntityManagerInViewFilter 
18:36:26,309 DEBUG [factory.support.DefaultListableBeanFactory] Returning cached instance of singleton bean 'entityManagerFactory' 
18:36:26,309 DEBUG [jpa.support.OpenEntityManagerInViewFilter] Opening JPA EntityManager in OpenEntityManagerInViewFilter 
18:36:26,309 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,309 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /resources/**; matched=false 
18:36:26,309 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,309 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /favicon.ico; matched=false 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /control/login/error; matched=false 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /control/login; matched=false 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /control/logout; matched=false 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /control/newuser; matched=false 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /control/inviteduser; matched=false 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /control/error; matched=false 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,310 DEBUG [security.web.FilterChainProxy] Candidate is: '/'; pattern is /**; matched=true 
18:36:26,310 DEBUG [security.web.FilterChainProxy]/at position 1 of 11 in additional filter chain; firing Filter: 'o[email protected]172cbae' 
18:36:26,310 DEBUG [security.web.FilterChainProxy]/at position 2 of 11 in additional filter chain; firing Filter: 'org.spring[email protected]a89e44' 
18:36:26,311 DEBUG [web.context.HttpSessionSecurityContextRepository] Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]4fb61: Authentication: org.springframew[email protected]1e4fb61: Principal: [email protected]; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: CBDBA57F561C0D3C2AC576182D449F00; Granted Authorities: [email protected]' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 3 of 11 in additional filter chain; firing Filter: 'org.[email protected]17dfcf1' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.s[email protected]697087' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 5 of 11 in additional filter chain; firing Filter: 'org.springfram[email protected]5acf13' 
18:36:26,311 DEBUG [authentication.www.BasicAuthenticationFilter] Authorization header: null 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 6 of 11 in additional filter chain; firing Filter: 'org.sp[email protected]1d1282d' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.[email protected]a4b9da' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentica[email protected]' 
18:36:26,311 DEBUG [web.authentication.AnonymousAuthenticationFilter] SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframew[email protected]1e4fb61: Principal: [email protected]; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: CBDBA57F561C0D3C2AC576182D449F00; Granted Authorities: [email protected]' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 9 of 11 in additional filter chain; firing Filter: 'o[email protected]95772a' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 10 of 11 in additional filter chain; firing Filter: 'org[email protected]c26acd' 
18:36:26,311 DEBUG [security.web.FilterChainProxy]/at position 11 of 11 in additional filter chain; firing Filter: 'org.springfr[email protected]1f1bf46' 
18:36:26,311 DEBUG [access.intercept.DefaultFilterInvocationSecurityMetadataSource] Converted URL to lowercase, from: '/'; to: '/' 
18:36:26,312 DEBUG [access.intercept.DefaultFilterInvocationSecurityMetadataSource] Candidate is: '/'; pattern is /**; matched=true 
18:36:26,312 DEBUG [access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /; Attributes: [ROLE_ANONIM, ROLE_GUEST, ROLE_BASIC, ROLE_ADMIN, ROLE_PREMIUM] 
18:36:26,312 DEBUG [access.intercept.FilterSecurityInterceptor] Previously Authenticated: org.springframew[email protected]1e4fb61: Principal: [email protected]; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: CBDBA57F561C0D3C2AC576182D449F00; Granted Authorities: [email protected] 
18:36:26,312 DEBUG [access.vote.AffirmativeBased] Voter: [email protected], returned: 1 
18:36:26,312 DEBUG [access.intercept.FilterSecurityInterceptor] Authorization successful 
18:36:26,312 DEBUG [access.intercept.FilterSecurityInterceptor] RunAsManager did not change Authentication object 
18:36:26,312 DEBUG [security.web.FilterChainProxy]/reached end of additional filter chain; proceeding with original chain 
18:36:26,312 DEBUG [web.access.ExceptionTranslationFilter] Chain processed normally 
18:36:26,312 DEBUG [web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed 
18:36:26,312 DEBUG [jpa.support.OpenEntityManagerInViewFilter] Closing JPA EntityManager in OpenEntityManagerInViewFilter 
18:36:26,312 DEBUG [orm.jpa.EntityManagerFactoryUtils] Closing JPA EntityManager

編輯:它只有當我已經登錄情況。這可能是會議的問題嗎?

在此先感謝。

編輯:我有春天3.0.0 RC3和春季安全3.0.0 RC1 它仍然發生,任何想法?

來源

2010-01-13 Javi

+0

請問您可以發佈一些日誌輸出.. – nfechner 2010-01-13 11:04:21

+0

您是否嘗試了/ in /index.jsp? – rodrigoap 2010-01-13 16:01:54

+0

我已經添加了日誌輸出,謝謝 – Javi 2010-01-13 17:40:48

回答

0

我解決它通過使用JSP的只是用來重定向到index.jsp的REST URL並在歡迎設置 - 將JSP以斜槓開始的位置的絕對路徑。

來源

2010-03-05 10:32:57 Javi

0

mmmm,這個URL是否工作http://localhost:8080/myApp/control/index或它顯示呢?這是default-target-url屬性中的一個。

而沒有/?

<welcome-file-list> 
<welcome-file>index.jsp</welcome-file> 
</welcome-file-list>

來源

2010-01-13 14:26:00 rodrigoap

+0

http:// localhost:8080/myApp/control/index工作正常,但http:// localhost:8080/myApp顯示404錯誤 – Javi 2010-01-13 15:40:35

+0

沒有/ – Javi 2010-01-13 17:43:06

0 
<sec:intercept-url pattern="/**" access="ROLE_ANONIM,ROLE_GUEST,ROLE_BASIC,ROLE_ADMIN,ROLE_PREMIUM" />

正在合格的URL那裏,只能由那些用戶訪問。

另外,我注意到你使用ROLE_ANONIM,但你還沒有配置它設置爲默認角色。我的意思是這樣

<sec:anonymous username="guest" granted-authority="ROLE_ANONIM"/> 


<sec:intercept-url pattern="/control/login**" filters="none" />

添加上述行應該解決您的問題

來源

2010-01-20 20:15:53

+0

,發生相同情況我的ROLE_ANONIM是一個特殊比匿名更有特權的角色。我的問題只發生在我已經登錄系統時,並且我嘗試再次訪問網站而沒有登出。 – Javi 2010-01-21 10:02:07

+0

嘗試添加此行 2010-01-25 18:47:11

+0

感謝您的回答,但它也不起作用。當我嘗試訪問禁止頁面時,我沒有得到AccessDeniedException。我認爲Spring Security會捕獲URL /但它不知道如何處理它。 – Javi 2010-01-26 13:01:59

相關問題

 相關問題