2

出于学习目的,我简单的 Spring-hibernate 应用程序。它具有一对多的数据库关联,您可以在其中添加一个仓库,并且可以为每个仓库添加项目。现在我想添加 spring-security 进行身份验证,但是当我尝试访问该站点时,我得到了 HTTP ERROR 404。

这是 web.xml 中的 spring-security 标准:

<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>
        /WEB-INF/spring-security.xml
   </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

这是 spring-security.xml :

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security 
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http use-expressions="true">
        <intercept-url pattern="/record/**" access="permitAll" />
        <form-login />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="password" authorities="supervisor, teller, user" />
                <user name="dianne" password="emu" authorities="teller, user" />
                <user name="scott" password="wombat" authorities="user" />
                <user name="peter" password="opal" authorities="user" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

如果我将其更改access="permitAll"为 `access="hasRole('supervisor')" 当我尝试访问应用程序时,系统会要求我输入用户名和密码,但当我输入它们时,我也会收到 404 错误。没有spring-security,当我访问“http://localhost:8080/testapp/record/list”时,应用程序可以正常工作......我使用这个网站来了解spring security - http://static.springsource.org/spring -security/site/tutorial.html

这是我的主控制器:

@Controller
@RequestMapping("/record")
public class MainController {

    protected static Logger logger = Logger.getLogger("controller");

    @Resource(name="warehouseService")
     private WarehouseService warehouseService;

     @Resource(name="itemService")
     private ItemService itemService;

        @RequestMapping(value = "/list", method = RequestMethod.GET)
        public String getRecords(Model model) {
         logger.debug("Received request to show records page");

         // Retrieve all persons
         List<Warehouse> warehouses = warehouseService.getAll();

         // Prepare model object
         List<WarehouseDTO> warehousesDTO = new ArrayList<WarehouseDTO>();

         for (Warehouse warehouse: warehouses) {
          // Create new data transfer object
             WarehouseDTO dto = new WarehouseDTO();

       dto.setId(warehouse.getId());
       dto.setName(warehouse.getName());
       dto.setAddress(warehouse.getAddress());
       dto.setManager(warehouse.getManager());
       dto.setItems(itemService.getAll(warehouse.getId()));

       warehousesDTO.add(dto);
         }

         model.addAttribute("warehouses", warehousesDTO);

      return "records";
     }

有任何想法吗?

4

2 回答 2

1

尝试default-target-url在 form-login 标记中指定 a 。我猜您的身份验证和 Spring 安全性默认将请求路由到应用程序的根目录,该根目录未映射导致 404。

<form-login default-target-url="/record/list"/>

如果失败尝试(不确定视图是如何映射的):

<form-login default-target-url="/record/list/"/>
于 2013-01-13T10:54:49.467 回答
0

听起来可能很愚蠢,但是您是否尝试将 pattern="/record/ " 更改为 pattern="/testapp/record/ "?

通常安全访问问题会出现 403 错误(拒绝访问),而不是 404(未找到资源)。

于 2013-01-13T10:49:29.853 回答