簡體   English   中英

j_spring_security_check 404

[英]j_spring_security_check 404

我們正在嘗試將現有的Web應用程序從Spring 2.x升級到Spring 3,並相信在一切再次正常運行之前,我們處於最后一個問題。 我們使用CAS,並且可以獲取JASIG CAS登錄信息,但是登錄時卻出現404錯誤。我們讓服務器管理員從CAS服務器中提取Catalina日志,並指出登錄成功並且正在返回到應用程序。 但是,在tomcat服務器的調試輸出中,它指出對匿名用戶的訪問被拒絕,我不是。

Web.xml代碼段

<context-param>
    <param-name>log4jConfigLocation</param-name> 
    <param-value>/WEB-INF/classes/log4j.properties</param-value> 
</context-param>
<filter>
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

ApplicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <import resource="classpath:edu/umt/brp/spring/run-env.xml"/>


<!-- NEW SECURITY (Begin) -->
<security:http access-denied-page="/myAccessDeniedPage" entry-point-ref="casProcessingFilterEntryPoint">
    <security:port-mappings>
    <!--<security:port-mapping http="8080" https="8081"/> -->
    <security:port-mapping http="8080" https="443"/> 
    </security:port-mappings>


    <security:intercept-url pattern="/infoGriz.html*" access="ROLE_EMPLOYEE" />
    <security:intercept-url pattern="/**/frameset**" access="ROLE_EMPLOYEE" />
<!--        <security:logout logout-url="/logout" logout-success-url="https://logintest.umt.edu/cas/logout" invalidate-session="true"/> -->
    <!--  next line may fix problem --> 
    <security:logout logout-url="/logout" logout-success-url="${casLogoutUrl}" invalidate-session="true"/>
</security:http>     
<security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" />

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="casAuthenticationProvider" />
</security:authentication-manager>

<security:ldap-server id="ldapServer" url="${ldapUrl}"/>

<bean id="userService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
    <constructor-arg>
        <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
            <constructor-arg index="0" value="cn=users,dc=umt,dc=edu"/>
            <constructor-arg index="1" value="(uid={0})"/>
            <constructor-arg index="2" ref="ldapServer" />
        </bean>     
    </constructor-arg>
    <constructor-arg>
        <bean class="edu.umt.brp.security.AuthoritiesPopulator">
            <constructor-arg ref="ldapServer" />
            <constructor-arg value="cn=groups,dc=umt,dc=edu" />
            <property name="groupSearchFilter" value="(uniqueMember={0})"/>
            <property name="searchSubtree" value="true"/>

            <property name="grouperServiceUrl" value="${grouperServiceUrl}"/>
            <property name="grouperUser" value="${grouperUser}"/>
            <property name="grouperPass" value="${grouperPass}"/>

        </bean>
    </constructor-arg>
    <property name="userDetailsMapper">
        <bean class="org.springframework.security.ldap.userdetails.PersonContextMapper"/>
    </property>
</bean>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service" value="${applicationHost}/infoGriz/j_spring_cas_security_check"/> 
    <property name="sendRenew" value="false"/>
</bean> 

<bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="http://www.google.com"/>
        </bean>
    </property>
</bean>

<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="${casLoginUrl}"/>
    <property name="serviceProperties" ref="serviceProperties"/>
</bean>

<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider" >
    <property name="userDetailsService" ref="userService"/>
    <property name="serviceProperties" ref="serviceProperties" />

    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="${casValidateUrl}" />
        </bean>
    </property>
    <property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
<!-- NEW SECURITY (End) -->

我們已經在Spring 3和Spring Security 3.0.2上使用了另一個Web應用程序作為模型,但是兩者之間似乎沒有什么不同。 讓我知道是否還有其他文件可以幫助您。

謝謝,

伊恩

基於Spring Security 3 參考 ,還需要將CAS auth過濾器添加到安全配置中:

<security:http ... >
    <security:custom-filter position="CAS_FILTER" ref="casProcessingFilter" />
</security:http>

我有一個問題是/infoGriz.html*/infoGriz/j_spring_cas_security_check之間是什么關系? 如果您希望intercept-url標記能夠捕獲第二個,則不會!

如果您使用的是Spring Security 4,請將其添加到xml

<csrf disabled="true"/>

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM