1

我使用 Spring Security 3 和 JSF2 Primefaces。然后,我为欢迎页面创建 index.xhtml,为登录页面创建 login.xhtml

当我访问根网站时,它会将我重定向到 login.xhtml 页面。为什么不?

如何将欢迎页面设置为 index.xhtml

这是 web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<welcome-file-list>
    <welcome-file>index.xhtml</welcome-file>
</welcome-file-list>

这是 spring-security.xml

<global-method-security secured-annotations="enabled"
    jsr250-annotations="enabled" />

<!-- Resource Security -->
<http access-denied-page="/accessDenied.jsp">
    <intercept-url pattern="/pages/**" access="ROLE_ADMIN" />


    <form-login login-page="/login.jsf" default-target-url="/pages/index.jsf" />


    <logout logout-success-url="/login.jsf" invalidate-session="true" />
    <session-management invalid-session-url="/login.jsf">
        <concurrency-control max-sessions="10"
            error-if-maximum-exceeded="true" />
    </session-management>
</http>
4

1 回答 1

1

对于具有 JSF、Spring 和 Spring-Security 的基本应用程序,您需要配置 web.xml,如下所示:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       
         xmlns="http://java.sun.com/xml/ns/javaee" 
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"  
         version="3.0">

<welcome-file-list>
  <welcome-file>pages/index.jsf</welcome-file>
</welcome-file-list>
<servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
<listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
  <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

并且还配置 faces-config.xml 如下:

<?xml version="1.0" encoding="UTF-8"?>
<faces-config
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"
    version="2.0">

     <application>
       <el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
     </application>

 </faces-config>

和您的 applicationContext-security.xml 如下:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">

  <global-method-security secured-annotations="enabled"
jsr250-annotations="enabled" />     
  <http auto-config="true" >
     <intercept-url pattern="/login.jsf*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
     <intercept-url pattern="/pages/*" access="ROLE_USER,ROLE_ADMIN" />
     <intercept-url pattern="/pages/super/**" access="ROLE_ADMIN" />
     <access-denied-handler error-page="/accessDenied.jsf" />
     <form-login login-page='/login.jsf' default-target-url='/pages/index.jsf'
    always-use-default-target='true'/>
     <logout logout-success-url="/" logout-url="/j_spring_security_logout" invalidate-session="true" />
     <session-management invalid-session-url="/login.jsf">
        <concurrency-control max-sessions="10"
        error-if-maximum-exceeded="true" />
     </session-management>
 </http>
  <authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="ravi" password="password" authorities="ROLE_USER, ROLE_ADMIN" />
      </user-service>
    </authentication-provider>
  </authentication-manager>
</beans:beans>

最后,如果您有任何 spring bean,则基于注释的配置的 applicationContext.xml 将是:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:context="http://www.springframework.org/schema/context"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans.xsd
     http://www.springframework.org/schema/context
     http://www.springframework.org/schema/context/spring-context.xsd">

   <context:annotation-config/>
   <context:component-scan base-package="com.examples" />

 </beans>

并像这样注释你的豆子:

@Component 
@Scope("request")

因此,所有这些与您的页面一起到位应该没有问题。

于 2012-06-16T22:47:54.210 回答