堆栈内存溢出
  简体   繁体   English

带有SpringSecurity和Tiles的Struts2

[英]Struts2 with SpringSecurity and Tiles

 原文  2017-11-05 17:00:46       spring/ spring-security/ struts2

问题描述

I need to integrate Struts2 with Spring Security. 我需要将Struts2与Spring Security集成在一起。 For now i successfully added spring and spring security to my project but i can't log in to my application. 现在,我已经成功地将spring和spring安全性添加到了我的项目中,但是我无法登录到我的应用程序。 I don't have any idea what can be wrong. 我不知道有什么问题。

Using dependencies: 使用依赖: 

<properties>
    <struts.version>2.3.24.1</struts.version>
    <java.version>1.8</java.version>
    <spring.version>4.2.1.RELEASE</spring.version>
    <springsecurity.version>4.0.2.RELEASE</springsecurity.version>
    <hibernate.version>4.3.8.Final</hibernate.version>
    <mysqlconnector.version>5.1.34</mysqlconnector.version>

    <javaee-web-api.version>7.0</javaee-web-api.version>
    <servlet-api-version>3.1.0</servlet-api-version>
    <jsp-api-version>2.1</jsp-api-version>
</properties>
<dependencies>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-beans</artifactId>
        <version>${spring.version}</version>
    </dependency>

    <!-- Struts2 -->
    <dependency>
        <groupId>org.apache.struts</groupId>
        <artifactId>struts2-core</artifactId>
        <version>${struts.version}</version>
    </dependency>

    <!-- Tiles -->
    <dependency>
        <groupId>org.apache.struts</groupId>
        <artifactId>struts2-tiles-plugin</artifactId>
        <version>${struts.version}</version>
    </dependency>

    <!-- Struts 2 annotations -->
    <dependency>
        <groupId>org.apache.struts</groupId>
        <artifactId>struts2-convention-plugin</artifactId>
        <version>${struts.version}</version>
    </dependency>

    <!-- Struts 2 AJAX support -->
    <dependency>
        <groupId>com.jgeppert.struts2.jquery</groupId>
        <artifactId>struts2-jquery-plugin</artifactId>
        <version>3.7.1</version>
    </dependency>

     <!-- Spring -->
     <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>${spring.version}</version>
    </dependency>

    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context</artifactId>
        <version>${spring.version}</version>
    </dependency>

    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context-support</artifactId>
        <version>${spring.version}</version>
    </dependency>

    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-webmvc</artifactId>
        <version>${spring.version}</version>
    </dependency>

    <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-orm</artifactId>
       <version>4.2.1.RELEASE</version>
    </dependency>

    <!-- struts 2 & spring -->
    <dependency>
        <groupId>org.apache.struts</groupId>
        <artifactId>struts2-spring-plugin</artifactId>
        <version>${struts.version}</version>
    </dependency>

    <!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>${springsecurity.version}</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>${springsecurity.version}</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-taglibs</artifactId>
        <version>${springsecurity.version}</version>
    </dependency>

    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-web</artifactId>
        <version>${spring.version}</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>${springsecurity.version}</version>
    </dependency>

    <!-- hibernate 4 -->
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
        <version>${hibernate.version}</version>
    </dependency>

    <!-- database pool -->
    <dependency>
        <groupId>org.apache.commons</groupId>
        <artifactId>commons-dbcp2</artifactId>
        <version>2.0</version>
    </dependency>

    <!-- mysql java connector -->
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <version>${mysqlconnector.version}</version>
    </dependency>

    <!-- Servlet -->
    <dependency>
        <groupId>javax</groupId>
        <artifactId>javaee-web-api</artifactId>
        <version>${javaee-web-api.version}</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <version>${servlet-api-version}</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>javax.servlet.jsp</groupId>
        <artifactId>jsp-api</artifactId>
        <version>${jsp-api-version}</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>jstl</artifactId>
        <version>1.2</version>
    </dependency>
</dependencies>

My web.xml: 我的web.xml: 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_1.xsd">
<display-name>Struts 2 - NSAI</display-name>
<!-- load spring configuration: -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-config.xml</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!--Struts Filter-->
<filter>
    <filter-name>struts2</filter-name>
    <filter-class>
        org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

    <!-- load tiles configuration: -->
<context-param>
    <param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
    <param-value>/WEB-INF/classes/tiles.xml</param-value>
</context-param>

<!-- tiles listener: -->
<listener>
    <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
</listener>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>

spring-config.xml: spring-config.xml: 

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd 
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-4.2.xsd
 http://www.springframework.org/schema/tx 
 http://www.springframework.org/schema/tx/spring-tx-4.2.xsd 
 http://www.springframework.org/schema/task 
 http://www.springframework.org/schema/task/spring-task-4.2.xsd">

<context:annotation-config />
<tx:annotation-driven transaction-manager="transactionManager" />

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url" value="jdbc:mysql://localhost:3306/nsai" />
    <property name="username" value="nsaiuser" />
    <property name="password" value="nsaipassword" />
</bean>

<!--Hibernate session factory configuration -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
    <property name="dataSource" ref="dataSource" />
    <property name="configLocation" value="classpath:hibernate.cfg.xml" />
    <property name="packagesToScan" value="com.politechnika.models" />
</bean>

<!-- Transaction manager -->
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
    <property name="sessionFactory" ref="sessionFactory"></property>
</bean>

<context:component-scan base-package="com.politechnika" /> 
<import resource="classpath*:spring-security.xml"/>

spring-security.xml: spring-security.xml: 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security.xsd">

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/showUsersList.action" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/executeLogin.action" access="permitAll"/>
    <access-denied-handler error-page="/views/accessDenied.jsp" />
    <form-login
        login-page="/inputLogin.action"
        default-target-url="/"
        username-parameter="username"
        password-parameter="password"
        authentication-failure-url="/login?error"/>
    <logout logout-success-url="/logout" />

</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="admin" password="admin" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider> 

    <authentication-provider user-service-ref="myUserDetailsService">
    </authentication-provider>
</authentication-manager>
</beans:beans>

and login.jsp: 和login.jsp: 

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="s" uri="/struts-tags"%>

<div id="login">
<s:form name="loginFrom" action="/j_spring_security_check" method="post">
    <s:textfield key="user.login" name="username"/>
    <s:password key="user.password" name="password"/>
    <s:submit key="submit"/>
</s:form>
<p>
    <a href="<s:url action='showUsersList'/>">List of users</a>
</p>

When im trying to login application redirect me to AccesDenied page and when i'am trying go to another page it autommatically redirect me to login page. 当我尝试登录应用程序时,将我重定向到AccesDenied页面,当我尝试转到另一个页面时,它会自动将我重定向到登录页面。

What is wrong there? 那里怎么了

UPDATE: I added log4j for spring security and when i'am trying log in i'm getting this: 更新:我为春季安全性添加了log4j,当我尝试登录时我得到了这个: 

    2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:171 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:171 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:101 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@45e88786. A new one will be created.
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:101 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@45e88786. A new one will be created.
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-11-05 18:49:28 DEBUG HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@508596c1
2017-11-05 18:49:28 DEBUG HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@508596c1
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2017-11-05 18:49:28 DEBUG CsrfFilter:106 - Invalid CSRF token found for http://localhost:8080/nsai-struts2/j_spring_security_check
2017-11-05 18:49:28 DEBUG CsrfFilter:106 - Invalid CSRF token found for http://localhost:8080/nsai-struts2/j_spring_security_check
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-11-05 18:49:28 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
2017-11-05 18:49:28 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed

UPDATE2: I added csrf to the jsp file and still won't work. UPDATE2:我在csp文件中添加了csrf,但仍然无法正常工作。 Log (cannot paste here becouse limit is 30000 characters): 日志(由于限制为30000个字符,因此无法在此处粘贴):

https://pastebin.com/SWT3ZCgp https://pastebin.com/SWT3ZCgp

1 个解决方案

解决方案1
 0  2017-11-05 18:47:11

Use _csrf as below: 使用_csrf ,如下所示: 

<s:form name="loginFrom" action="/j_spring_security_check" method="post">
    <s:textfield key="user.login" name="username"/>
    <s:password key="user.password" name="password"/>
<input type="hidden"  name="${_csrf.parameterName}"   value="${_csrf.token}"/>
    <s:submit key="submit"/>
</s:form>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Struts2依赖注入 - Struts2 Dependency Injection 带有struts2的Spring aop - Spring aop with struts2 struts2中的事务支持 - Transaction support in struts2 集成 struts2 和 spring 插件 - integrate struts2 and spring plugin 使用Struts2的@Autowired Spring注释 - @Autowired Spring annotation with struts2 spring3和struts2集成 - spring3 and struts2 integration 用Spring MVC替换Struts2 - Replacing Struts2 with spring mvc struts2检查权限拦截器 - struts2 check permission interceptor Spring3与Struts2集成 - Spring3 integration with Struts2 Struts2 Spring Hibernate应用程序 - Struts2 Spring Hibernate Application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM