【发布时间】:2011-05-16 17:56:27
【问题描述】:
我正在尝试向我的 Spring 3.0 Web 应用程序添加身份验证支持,但从 http:basic 到更精细的身份验证都没有工作。 Spring 文档中提供的示例不起作用。
在使用带注释的控制器时,是否有不同的方式来启用安全性?
我在 web.xml 中有 springSecurityFilterChain 映射,我的库中有 spring 安全 jar 文件。
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!--
Key of the system property that should specify the root directory of this
web app. Applied by WebAppRootListener or Log4jConfigListener.
-->
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>WebIDE.root</param-value>
</context-param>
<!-- Reads request input using UTF-8 encoding -->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Map URL for views: display /index instead of /app/index as
suggested by the dispatcher -->
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app-config.xml
/WEB-INF/applicationContext-security.xml</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Mapping required for the security feature to work -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- set up dispatcher servlet -->
<servlet>
<servlet-name>app dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app dispatcher</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>jnlp</extension>
<mime-type>application/x-java-jnlp-file</mime-type>
</mime-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
应用程序安全性.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- enable web security for defined roles -->
<http auto-config='true'>
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page='/login.jsp' default-target-url='/' />
</http>
<!-- define test logins TO REMOVE -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimi" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="bob" password="bob" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
log4j.properties
log4j.rootLogger=DEBUG, stdout, logfile
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - <%m>%n
log4j.appender.logfile=org.apache.log4j.RollingFileAppender
log4j.appender.logfile.File=${WebIDE.root}\WEB-INF\resources\WebIDE.log
log4j.appender.logfile.MaxFileSize=512KB
# Keep three backup files.
log4j.appender.logfile.MaxBackupIndex=3
# Pattern to output: date priority [category] - message
log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
log4j.appender.logfile.layout.ConversionPattern=%d %p [%c] - %m%n
log4j.logger.org.springframework.security=DEBUG
我所有的jsp文件都保存在WEB-INF/views/
调试信息
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Initializing filter 'springSecurityFilterChain'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean org.springframework.security.filterChainProxy'
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Filter 'springSecurityFilterChain' configured successfully
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean'org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler#0'
DEBUG[org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource] - Adding web access control expression 'ROLE_USER', for Ant [pattern='/']
DEBUG[org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource] - Adding web access control expression 'ROLE_USER', for org.springframework.security.web.util.AnyRequestMatcher@2433a1
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean '(inner bean)#6'
INFO [org.springframework.security.config.http.DefaultFilterChainValidator] - Checking whether login URL '/spring_security_login' is accessible with your configuration
DEBUG [org.springframework.security.config.http.DefaultFilterChainValidator] - Default generated login page is in use
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean 'org.springframework.security.filterChainProxy'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.provisioning.InMemoryUserDetailsManager#0'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.authentication.dao.DaoAuthenticationProvider#0'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
2010-11-29 07:57:58,744 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - Unable to locate LifecycleProcessor with name 'lifecycleProcessor': using default
[org.springframework.context.support.DefaultLifecycleProcessor@ca2c3d]
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'lifecycleProcessor'
DEBUG [org.springframework.web.context.ContextLoader] - Published root WebApplicationContext as ServletContext attribute with name
[org.springframework.web.context.WebApplicationContext.ROOT]
INFO [org.springframework.web.context.ContextLoader] - Root WebApplicationContext: initialization completed in 9316 ms
DEBUG [org.springframework.web.filter.CharacterEncodingFilter] - Initializing filter 'characterEncodingFilter'
DEBUG [org.springframework.web.filter.CharacterEncodingFilter] - Filter 'characterEncodingFilter' configured successfully
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Initializing filter 'springSecurityFilterChain'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.filterChainProxy'
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Filter 'springSecurityFilterChain' configured successfully
DEBUG [org.springframework.web.servlet.DispatcherServlet] - Initializing servlet 'app dispatcher'
INFO [org.springframework.web.servlet.DispatcherServlet] - FrameworkServlet 'app dispatcher': initialization started
【问题讨论】:
-
什么也没发生。启用spring security并添加所有jar文件,当我加载系统时,没有“基本”登录页面。即使我定义了一个登录页面,它也根本不显示。我还应该提到我只使用一个 jsp 并依赖于 dojo json 调用来实现不同的功能。我不确定这是否是问题的原因。
-
我已更新上面的消息以添加我的 web.xml 和 log4j.properties 文件
-
尝试将“log4j.rootLogger=INFO, stdout, logfile”改为“log4j.rootLogger=DEBUG, stdout, logfile”
-
为什么web.xml中的springSecurityFilterChain相关条目被注释掉了?
-
感谢 nickdos,我在您建议的基础上做了一些其他更改,现在我可以获取 spring 调试信息。 springSecurityFilterChain 在我的应用程序的其他部分工作时被暂时注释掉。我已经用调试信息更新了我的消息。似乎创建了默认登录页面但未显示:DEBUG [org.springframework.security.config.http.DefaultFilterChainValidator] - 默认生成的登录页面正在使用中
标签: java spring spring-mvc spring-security