stackoom
  简体   繁体   中英

Spring Security, always redirect to Login page

 原文  2014-06-18 15:45:39       java/ spring/ hibernate/ spring-mvc/ weblogic11g

Question

I have a serious problem... i'm trying to create an application on weblogic 11g, with Spring 3, Hibernate 3 and AngularJS. for 2 days, i was in deep difficulty to make my app working. finally, i was able to make this work !

but, the problem is when i authenticate myself, and i navigate on the app, on each page, spring security redirect me on the login page... and i really don't know why...

Web.xml : 

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/spring/spring.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <listener>
    <listener-class>com.bla.Init</listener-class>
</listener>

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
            /WEB-INF/spring/spring.xml
        </param-value>
  </context-param>

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter>
    <filter-name>encodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
      <param-name>forceEncoding</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>encodingFilter</filter-name>
    <servlet-name>dispatcher</servlet-name>
  </filter-mapping>
  <jsp-config>
    <jsp-property-group>
      <url-pattern>*.jsp</url-pattern>
      <page-encoding>UTF-8</page-encoding>
      <trim-directive-whitespaces>true</trim-directive-whitespaces>
    </jsp-property-group>
  </jsp-config>
</web-app>

Spring.xml 

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/task/spring-context-3.0.xsd">

    <!-- Basic Configurations -->
    <context:annotation-config/>

    <context:component-scan base-package="test.model"/>
    <context:component-scan base-package="test.repository"/>
    <context:component-scan base-package="test.service"/>
    <context:component-scan base-package="test.controller"/>

    <!-- SpringMVC -->
    <import resource="spring-mvc.xml"/>

    <!-- SpringData -->
    <import resource="spring-jpa.xml"/>

    <!-- SpringSecurity -->
    <import resource="spring-security.xml"/>
</beans>

spring-security.xml : 

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <security:global-method-security secured-annotations="enabled" />

    <security:http auto-config="true" use-expressions="true" access-denied-page="/login?error=403">

        <security:intercept-url pattern="/" access="permitAll" />
        <security:intercept-url pattern="/protected/**" access="isFullyAuthenticated()" />

        <security:form-login login-page="/login" authentication-failure-url="/login?error=403" default-target-url="/protected/home" />

        <security:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service
                    data-source-ref="myRapportDataSource"
                    users-by-username-query="select nni, password, enabled from system_user where nni = ?"
                    authorities-by-username-query="select u.nni as login, u.user_role as role from system_user u where u.nni = ?" />
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

i add the spring-mvc.xml too : 

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

    <mvc:annotation-driven/>
    <mvc:default-servlet-handler/>

    <!-- Login Interceptor -->
    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/protected/**"/>
            <bean class="gram.interceptor.LoginInterceptor"/>
        </mvc:interceptor>
        <!-- workaround to fix IE8 problem -->
        <bean id="webContentInterceptor"
              class="org.springframework.web.servlet.mvc.WebContentInterceptor">
            <property name="cacheSeconds" value="0"/>
            <property name="useExpiresHeader" value="true"/>
            <property name="useCacheControlHeader" value="true"/>
            <property name="useCacheControlNoStore" value="true"/>
        </bean>
    </mvc:interceptors>
</beans>

at first, this app was on Tomcat 6 and worked fine, but i have to migrate it on weblogic 10.3.6

any ideas ? i'm almost despered...

thank you very much every one to take a look at my problem

1 answers

solution1
 4  2014-06-19 08:16:50

With 

<security:intercept-url pattern="/" access="permitAll" />

Only the URL matching / will have the permitAll access. So what you need is actually: 

<security:intercept-url pattern="/protected/**" access="isFullyAuthenticated()" />
<security:intercept-url pattern="/**" access="permitAll" />

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security Custom Authentication Provider always redirect to login page Spring security authentication: always redirect to error login page Spring boot & Spring security always redirect to Login spring security redirect page login Spring security login form always redirect to authfailed spring security login always redirect to failure url Spring Security always redirecting to login page Spring Boot security, always opens login page Spring Security: Page does not redirect after login Redirect user to login page on timeout Spring Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM