堆栈内存溢出
  简体   繁体   English

无法使用Spring Security保护AngularJS页面

[英]Can not secure AngularJS page using Spring Security

 原文  2014-08-16 17:01:51       java/ angularjs/ spring/ google-app-engine/ spring-security

问题描述

I am using spring security to secure my app with the below configuration to try and display Spring default login page: 我正在使用Spring Security通过以下配置保护我的应用程序的安全,以尝试显示Spring默认登录页面:

spring-security.xml 弹簧security.xml文件 

    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true">
        <intercept-url pattern="/**" access="ROLE_USER" />
    </http>

    <authentication-manager>
      <authentication-provider>
        <user-service>
        <user name="test.account" password="123456" authorities="ROLE_USER" />
        </user-service>
      </authentication-provider>
    </authentication-manager>

</beans:beans>

My problem is that all resources are succesfully authenticated excpet the Angular file (localhost:8080/#/notification) which is always open to public. 我的问题是所有资源都已成功通过身份验证,而该文件始终对公众开放,而该文件是Angular文件(localhost:8080 /#/ notification)。

Edit 1 : 编辑1

I've tried to run the above spring security configuration on Jetty server and it works great. 我试图在Jetty服务器上运行上述spring安全配置,并且效果很好。 The problem only appears when using Google AppEngine even after adding <sessions-enabled>true</sessions-enabled> to appengine-web.xml. 即使在将<sessions-enabled>true</sessions-enabled>到appengine-web.xml中之后,该问题仅在使用Google AppEngine时出现。

Thank you in advance. 先感谢您。

1 个解决方案

解决方案1
 1 已采纳  2014-08-18 09:40:52

I've been able to secure static files using Spring MVC on Google AppEngine using the <security-constraint> attribute of the web.xml file. 我已经能够使用web.xml文件的<security-constraint>属性在Google AppEngine上使用Spring MVC保护静态文件。

Example: 例: 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Public Area</web-resource-name>
        <url-pattern>/xyz</url-pattern>
        <url-pattern>/images/*</url-pattern>
        <url-pattern>/yyz/*</url-pattern>
        <url-pattern>*.xml</url-pattern>
    </web-resource-collection>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从控制器下载安全页面,Spring安全性 - Download secure page from controller, Spring security 如何使用Spring安全性保护包含的页面 - How to secure an included page with Spring security 可以通过弹簧安全性固定选项卡式表格 - Can secure tabbed form with spring security 如何使用Spring安全保护URL? - How to secure URLs using Spring security? 如何使用Spring Security保护Spring Data Rest端点? - How can I secure my Spring Data Rest endpoints using Spring Security? 带有自定义 AngularJS 登录页面的 Spring Boot 和安全性 - Spring Boot and Security with custom AngularJS Login page 通过Spring Security保护REST - Secure REST with Spring Security 使用Spring Security的Spring RESTFul Web服务安全客户端调用 - Spring RESTFul Webservice secure client call using Spring Security 如何使用弹簧安全保护基本认证的swagger-ui - how to secure swagger-ui with basic auth using spring security 无法使用Spring-Security保护HTML文件的安全 - Cannot secure HTML files using Spring-Security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM