春季安全配置问题
[英]Spring Security Configuration Issue
问题描述
I'm trying to implement Spring Security in my application and I have messages in my log saying that it recognizes the security but it is not ever enforcing the rules I set. 
我试图在我的应用程序中实现Spring Security,并且我的日志中有消息说它可以识别安全性,但是它从来没有执行我设置的规则。 My login.xhtml is also calling the login method but it never returns correctly so I can only assume that I've missed something in my configuration but I just can't find it. 我的login.xhtml也正在调用login方法,但是它永远不会正确返回,因此我只能假设我错过了配置中的某些内容,但找不到它。 Thanks in advance. 提前致谢。
I know this has been asked many times but I've looked for a couple days now at many different examples and as far as I can tell mine match the examples 我知道这个问题已经被问过很多次了,但是我已经找了几天了很多不同的例子,据我所知
Here are my config files (parts) 这是我的配置文件(部分)
spring-security.xml spring-security.xml
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_ADMIN"/>
<form-login login-processing-url="/j_spring_security_check"
login-page="/views/login.xhtml"
default-target-url="/views/index.xhtml"
authentication-failure-url="/views/error.xhtml" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="dummy" password="dummy" authorities="ROLE_DUMMY"/>
<user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
web.xml web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/META-INF/spring/applicationContext.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
server.log server.log
19:48:45,028 INFO [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization started
19:48:45,058 INFO [org.springframework.web.context.support.XmlWebApplicationContext] (ServerService Thread Pool -- 460) Refreshing Root WebApplicationContext: startup date [Tue Aug 20 19:48:45 PDT 2013]; root of context hierarchy
19:48:45,081 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from class path resource [META-INF/spring/applicationContext.xml]
19:48:45,152 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from ServletContext resource [/WEB-INF/spring-security.xml]
19:48:45,162 INFO [org.springframework.security.core.SpringSecurityCoreVersion] (ServerService Thread Pool -- 460) You are running with Spring Security Core 3.1.4.RELEASE
19:48:45,163 INFO [org.springframework.security.config.SecurityNamespaceHandler] (ServerService Thread Pool -- 460) Spring Security 'config' module version is 3.1.4.RELEASE
19:48:45,187 INFO [org.springframework.security.config.http.HttpSecurityBeanDefinitionParser] (ServerService Thread Pool -- 460) Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 800, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1900, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2000]
19:48:45,258 INFO [org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor] (ServerService Thread Pool -- 460) JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
19:48:45,282 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] (ServerService Thread Pool -- 460) Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@23c50d4e: defining beans [dataSource,entityManager,entityManagerFactory,distroStoreConverter,distroStaffBean,distroStoreBean,distroTastingBean,editDistroStaffBean,editDistroStoreBean,editDistroTastingBean,loginBean,newDistroStoreBean,newDistroTastingBean,scheduleBean,staffDaoImpl,storeDaoImpl,tastingDaoImp,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,jpaPropertyMap,hibernateVendor,transactionManager,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.provisioning.InMemoryUserDetailsManager#0,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,org.springframework.context.annotation.ConfigurationClassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy
19:48:45,292 INFO [org.springframework.jdbc.datasource.DriverManagerDataSource] (ServerService Thread Pool -- 460) Loaded JDBC driver: org.postgresql.Driver
19:48:45,331 INFO [org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean] (ServerService Thread Pool -- 460) Building JPA container EntityManagerFactory for persistence unit 'default'
19:48:46,047 INFO [org.springframework.security.web.DefaultSecurityFilterChain] (ServerService Thread Pool -- 460) Creating filter chain: org.springframework.security.web.util.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@5151d7c2, org.springframework.security.web.authentication.logout.LogoutFilter@542c2b43, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1fcc66e1, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@24764e16, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5300990d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4c404f0d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@12060597, org.springframework.security.web.session.SessionManagementFilter@495905bf, org.springframework.security.web.access.ExceptionTranslationFilter@73886437, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7f6b9222]
19:48:46,055 INFO [org.springframework.security.config.http.DefaultFilterChainValidator] (ServerService Thread Pool -- 460) Checking whether login URL '/views/login.xhtml' is accessible with your configuration
19:48:46,062 INFO [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization completed in 1034 ms
19:48:46,064 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Initializing Mojarra 2.1.19-jbossorg-1 20130304-0420 for context '/LuxuryLiquor'
19:48:46,575 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Monitoring jndi:/default-host/LuxuryLiquor/WEB-INF/faces-config.xml for modifications
19:48:47,591 INFO [org.jboss.as.server] (management-handler-thread - 16) JBAS018562: Redeployed "LuxuryLiquor.war"
19:48:47,592 INFO [org.jboss.as.server] (management-handler-thread - 16) JBAS018565: Replaced deployment "LuxuryLiquor.war" with deployment "LuxuryLiquor.war"
19:48:47,596 INFO [org.jboss.as.repository] (management-handler-thread - 16) JBAS014901: Content removed from location C:\Program Files\jboss-eap-6.1\standalone\data\content\8f\21f2c1f876b95cd37a0207b0fb9148ce3e00b0\content
login.xhtml login.xhtml
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui" style="background: black;">
<h:head>
<meta />
<h:outputStylesheet library="css" name="screen.css" />
<title>Login</title>
</h:head>
<h:body>
<div id="container">
<div id="content">
<div class="stores-position">
<h1>Login</h1>
<h:form id="loginForm">
<p:panelGrid>
<p:row>
<p:column>
<h:outputLabel value="Username" />
</p:column>
<p:column>
<h:inputText id="j_username" value="#{loginBean.username}" required="true" />
</p:column>
</p:row>
<p:row>
<p:column>
<h:outputLabel value="Password" />
</p:column>
<p:column>
<h:inputSecret id="j_password" value="#{loginBean.password}" required="true" />
</p:column>
</p:row>
</p:panelGrid>
<p:commandButton id="login" type="submit"
action="#{loginBean.doLogin}" value="Login" />
</h:form>
</div>
</div>
<div id="aside">
<h:graphicImage value="/resources/gfx/LL_logo-1-1.jpg" />
</div>
<div id="footer" />
</div>
</h:body>
</html>
1 个解决方案
解决方案1
1 已采纳 2013-08-21 12:37:05
At a first glance your url-pattern is wrong. 乍一看,您的url模式错误。 The url-pattern is an ant-style pattern (the default pattern that is, as mentioned in the Spring Security Reference Guide ) which means that url-pattern是一种ant样式的模式(默认模式,如Spring Security参考指南中所述 ),这意味着
- ? ? matches one character 匹配一个字符
-
- matches zero or more characters 匹配零个或多个字符
- matches zero or more characters
- ** matches zero or more 'directories' in a path **匹配路径中的零个或多个“目录”
Your are using /* whereas you probably should have used /** 您正在使用/ *,而您可能应该使用/ **
<http auto-config="true">
<intercept-url pattern="/**" access="ROLE_ADMIN"/>
<form-login login-processing-url="/j_spring_security_check"
login-page="/views/login.xhtml"
default-target-url="/views/index.xhtml"
authentication-failure-url="/views/error.xhtml" />
</http>
For more informatin on ant style expression consult this question . 有关蚂蚁样式表达的更多信息,请参考此问题 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
spring security中的配置问题 - Configuration issue in spring security
Spring Security WebSecurityConfigurerAdapter配置问题 - Spring security WebSecurityConfigurerAdapter configuration issue
Spring Security配置到Java配置 - Spring security configuration to java configuration
Spring Security 配置中的 BcryptEncoder 配置 - BcryptEncoder configuration in Spring Security Configuration
Spring Security Java配置 - Spring Security Java configuration
Spring4安全配置 - Spring4 Security configuration
Spring安全性和@Configuration顺序 - Spring security and @Configuration order
Spring Security:配置错误 - Spring Security : configuration error
Spring Security UserDetailsService配置 - Spring security UserDetailsService configuration
MVC中的Spring安全性配置 - Spring Security Configuration In MVC
相关标签