0

大家好!
在我的 jsf 页面中,我无法加载任何脚本 [javascript、css、jquery 和 primefaces],我认为我的问题与我设置 security.xml 的方式有关

我正在使用:
primefaces 3.1.1
jsf 2.0
弹簧框架 3.0.2

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Production</param-value>
</context-param>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/app-config.xml</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<servlet>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/app-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <url-pattern>*.htm</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>faces/index.jsp</welcome-file>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

我的 security.xml 文件:

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http auto-config="true" use-expressions="true">

    <intercept-url pattern="/assets/previews/**" filters="none"/>
    <intercept-url pattern="/assets/thumbs/**" filters="none"/>
    <intercept-url pattern="/css/**" filters="none" />
    <intercept-url pattern="/design/**" filters="none" />
    <intercept-url pattern="/images/**" filters="none" />
    <intercept-url pattern="/js/**" filters="none" />
    <intercept-url pattern="/pageAllNews/**" filters="none" />
    <intercept-url pattern="/pageLogin/**" filters="none" />
    <intercept-url pattern="/resources/css/**" filters="none" />
    <intercept-url pattern="/resources/skins/**" filters="none" />
    <intercept-url pattern="/templates/**" filters="none" />

    <intercept-url pattern="/userPage/**" filters="none"/>
    <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    <intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>

    <form-login login-page="/userPage/home.jsf"/>
    <logout logout-success-url="/userPage/home.jsf"/>
    <remember-me />
</http>

<authentication-manager>
    <authentication-provider>
        <password-encoder hash="md5"/>
        <jdbc-user-service data-source-ref="dataSource" />
    </authentication-provider>
</authentication-manager>

</b:beans>

谁能给我一个关于这个问题的建议?
谢谢

agungdmt :D

4

1 回答 1

0

您需要设置intercept-url指向静态 Web 资源的标签,以允许匿名用户进行身份验证。

<intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

要么通过与 Web 应用程序上下文不同的上下文来提供静态 Web 内容,我个人就是这样做的。

于 2012-05-22T11:45:31.577 回答