[英]Can not secure AngularJS page using Spring Security
I am using spring security to secure my app with the below configuration to try and display Spring default login page: 我正在使用Spring Security通过以下配置保护我的应用程序的安全,以尝试显示Spring默认登录页面:
spring-security.xml 弹簧security.xml文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true">
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="test.account" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
My problem is that all resources are succesfully authenticated excpet the Angular file (localhost:8080/#/notification) which is always open to public. 我的问题是所有资源都已成功通过身份验证,而该文件始终对公众开放,而该文件是Angular文件(localhost:8080 /#/ notification)。
Edit 1 : 编辑1 :
I've tried to run the above spring security configuration on Jetty server and it works great. 我试图在Jetty服务器上运行上述spring安全配置,并且效果很好。 The problem only appears when using Google AppEngine even after adding <sessions-enabled>true</sessions-enabled>
to appengine-web.xml. 即使在将<sessions-enabled>true</sessions-enabled>
到appengine-web.xml中之后,该问题仅在使用Google AppEngine时出现。
Thank you in advance. 先感谢您。
I've been able to secure static files using Spring MVC on Google AppEngine using the <security-constraint>
attribute of the web.xml file. 我已经能够使用web.xml文件的<security-constraint>
属性在Google AppEngine上使用Spring MVC保护静态文件。
Example: 例:
<security-constraint>
<web-resource-collection>
<web-resource-name>Public Area</web-resource-name>
<url-pattern>/xyz</url-pattern>
<url-pattern>/images/*</url-pattern>
<url-pattern>/yyz/*</url-pattern>
<url-pattern>*.xml</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.