0

我在 Google App Engine 上使用 Spring MVC(用于 REST)、Spring Security 3 和 Apache Wicket (UI)。一切正常,除了登录后我无法通过 SecurityContextHolder 在 Wicket 页面上获取身份验证。

我已经用谷歌搜索了这个问题,但似乎没有一个对我有用。我怀疑这是我的 web xml 有问题。任何人都可以请帮忙。谢谢。

我正在使用来自http://blog.springsource.org/2010/08/02/spring-security-in-google-app-engine/的 Google App Engine 上的 Spring Security 教程

这是我的 web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app>        
 <display-name>MTP Portal</display-name>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/mtp-web-servlet.xml, /WEB-INF/mtp-web-security-context.xml
    </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>mtp-web</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>

<servlet-mapping>
    <servlet-name>mtp-web</servlet-name>
    <url-pattern>/api/*</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>WicketApp</filter-name>
    <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
    <init-param>
        <param-name>applicationFactoryClassName</param-name>
        <param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>WicketApp</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

这是我的弹簧安全配置:

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
     xmlns:b="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<global-method-security pre-post-annotations="enabled"/>

<http pattern="/images/**" security="none"/>
<http pattern="/css/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/api/**" security="none"/>
<http pattern="/favicon.ico" security="none"/>
<http pattern="/disabled" security="none"/>

<http use-expressions="true" entry-point-ref="gaeEntryPoint" auto-config="true">
    <intercept-url pattern="/" access="permitAll"/>
    <intercept-url pattern="/api/**" access="permitAll"/>
    <intercept-url pattern="/admin/logout" access="permitAll"/>
    <intercept-url pattern="/register" access="hasRole('NEW_USER')"/>
    <intercept-url pattern="/admin/**" access="hasRole('ADMIN')"/>
    <custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter"/>
</http>

<b:bean id="gaeEntryPoint"
        class="com.peerbuccoss.apps.mtp.web.authentication.impl.GoogleAccountsAuthenticationEntryPoint"/>

<b:bean id="gaeFilter" class="com.peerbuccoss.apps.mtp.web.authentication.filter.GaeAuthenticationFilter">
    <b:property name="authenticationManager" ref="authenticationManager"/>
    <b:property name="failureHandler">
        <b:bean class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
            <b:property name="exceptionMappings">
                <b:map>
                    <b:entry key="org.springframework.security.authentication.DisabledException"
                             value="/disabled"/>
                </b:map>
            </b:property>
        </b:bean>
    </b:property>
</b:bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="gaeAuthenticationProvider"/>
</authentication-manager>

<b:bean id="gaeAuthenticationProvider"
        class="com.peerbuccoss.apps.mtp.web.authentication.provider.GoogleAccountsAuthenticationProvider"/>

4

1 回答 1

1

我不确定哪个 URL 无法获取 SecurityContext(也许您可以提供一个示例 URL),但不会为映射到 security="none" 的任何 URL 填充 SecurityContext。这是因为 security="none" 指示 Spring Security 完全忽略此 URL。如果您需要访问每个用户都允许的 URL 上的 SecurityContext,那么您需要使用 permitAll。

PS:如果这对您没有帮助,您可以提供一个示例 URL,说明您在获取身份验证时遇到了问题。您还可以通过“在 Wicket 页面上获取身份验证时遇到问题”提供有关您的意思的详细信息(即它是否为空、抛出异常等)。

于 2012-07-01T16:55:39.087 回答