Spring 4 MVC +安全问题
[英]Spring 4 MVC + security issue
问题描述
我一直在使用Spring MVC应用程序。 要增加安全性。 一切正常。
添加了下一个实现。
- MessageSecurityWebApplicationInitializer
- MessageWebApplicationInitializer
- 安全配置
登录表单有效。
成功授权后,获得-HTTP状态404-
同样,我可以在授权后将方法调试到appController中,这意味着下一个方法public String listPatients(ModelMap model) 。
为什么我有404? 我该怎么解决?
public class MessageSecurityWebApplicationInitializer
extends AbstractSecurityWebApplicationInitializer {
}
public class MessageWebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{AppConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{AppConfig.class};
}
@Override
protected String[] getServletMappings() {
return new String[] {"/*"};
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
}
@Controller
@RequestMapping("/")
public class AppController {
public static final String jsonPage = "json";
@RequestMapping(value = {"/"}, method = RequestMethod.GET)
public String listPatients(ModelMap model) {
model.addAttribute("json", "test"}");
return jsonPage;
}
BR!
1 个解决方案
解决方案1
0 2016-04-28 13:58:35
这是我(正在工作)的内容:
AppInitializer
public class AppInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] {
SpringRootConfig.class,
DatabaseConfig.class,
SecurityConfig.class,
SecurityInitializer.class,
WsdlMarshallerConfig.class
};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { SpringWebConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
安全初始化器
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
安全配置
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
// @formatter:off
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("SELECT username, password, enabled FROM users WHERE username = ?")
.authoritiesByUsernameQuery("SELECT username, role FROM user_roles WHERE username = ?");
// @formatter:on
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.and()
.csrf()
.disable();
// @formatter:on
}
}
Spring MVC 应用程序在 URL 中过滤 HTML - 这是一个安全问题吗?
[英]Spring MVC application filtering HTML in URL - Is this a security issue?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.