堆栈内存溢出
  繁体   English   中英

弹簧安全没有弹簧mvc

[英]Spring security without spring mvc

 原文  2015-06-15 06:40:18       java/ spring/ spring-security

问题描述

我试图在不使用spring MVC的情况下实现spring安全性,

下面是我的片段

在web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_5.xsd"
    id="WebApp_ID" version="2.5">

    <display-name>cxf</display-name>

       <welcome-file-list>
        <welcome-file>/WEB-INF/dcd-html/index.jsp</welcome-file>
    </welcome-file-list>

    <init-param>  
      <param-name>javax.ws.rs.core.Application</param-name>  
      <param-value>images</param-value>  
    </init-param>  


    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

        <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

        <filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
        <init-param>
            <param-name>cors.supportedMethods</param-name>
            <param-value>GET, POST, HEAD, PUT, DELETE</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>



   <listener>
    <listener-class>
        org.springframework.web.context.request.RequestContextListener
    </listener-class>
   </listener>

   <servlet>
        <servlet-name>cxf</servlet-name>
        <description>Apache CXF Endpoint</description>
        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>cxf</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    <session-config>
        <session-timeout>60</session-timeout>
    </session-config>

    <servlet>
        <servlet-name>javax.ws.rs.core.Application</servlet-name>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>javax.ws.rs.core.Application</servlet-name>
        <url-pattern>/images/*</url-pattern>
    </servlet-mapping>


    <servlet>
        <servlet-name>applicationContext</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/applicationContext.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>applicationContext</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

</web-app>

applicationContext.xml中 

<?xml  version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs"
    xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
    xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:mail="http://www.springframework.org/schema/integration/mail"
    xmlns:int="http://www.springframework.org/schema/integration"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd 
        http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd 
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
        http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/integration/mail http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
            http://www.springframework.org/schema/integration/mail/spring-integration-mail-2.1.xsd">



    <context:annotation-config />
    <context:component-scan base-package="com.smart.city.*"></context:component-scan>

    <import resource="/spring/securityContext.xml" />

</beans>

Securitycontext.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="
           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

http://www.springframework.org/schema/security

           http://www.springframework.org/schema/security/spring-security.xsd">

<security:http auto-config="false" use-expressions="true">

     <security:intercept-url pattern="/**" access="hasRole('PRIV_ADMIN')" />
     <security:http-basic />

     <security:form-login login-page="/login"
            authentication-failure-handler-ref="loginFailureHandler"
            authentication-success-handler-ref="loginSuccessHandler" />
        <!-- <security:logout logout-success-url="/logout.htm" logout-url="/j_spring_security_logout"
            invalidate-session="true"/> -->

</security:http>

<security:authentication-manager>
     <security:authentication-provider user-service-ref="userDetailsServiceTx">
            <security:password-encoder ref="customPasswordEncoder" />
        </security:authentication-provider>
</security:authentication-manager>
</beans>

我的问题是如果我使用login-page="/login"我没有被重定向到我的jsp,如果我不使用这个属性,我可以看到spring的默认登录页面。

请协助。

1 个解决方案

解决方案1
 2  2015-06-16 06:45:24

您的配置有两个问题:

  1. 您正在重定向到/login ,我高度怀疑是否存在映射。
  2. 您已经保护了所有URL,因此也保护了您的登录页面,您将在重定向循环中完成当前的解决方案。

首先将您的login-page属性更改为/login.jsp以重定向到您的登录页面。 

<security:form-login login-page="/login.jsp"
        authentication-failure-handler-ref="loginFailureHandler"
        authentication-success-handler-ref="loginSuccessHandler" />

其次允许所有访问/login.jsp以防止重定向循环。 

<security:intercept-url pattern="/login.jsp" access="permitAll" />

另一个建议,免费,你没有使用Spring MVC所以你不需要DispatcherServlet ,目前它重新加载所有bean,你基本上加载你的应用程序两次。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 没有Spring / Spring MVC的Spring Security Java配置 没有Spring安全性的Java MVC授权 AJAX / Spring MVC-没有Spring安全性的403禁止的错误 Spring MVC启用Spring Security 4 Spring MVC 和 Spring 安全集成 Spring 3 MVC +安全性 Spring 4 MVC +安全问题 AngularJS和Spring MVC安全性 MVC中的Spring安全性配置 Spring MVC安全性不起作用
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM