1

我想在 m web 应用程序中使用 spring 中的 spring security 所以这里是配置:

这是 spring-security.xml :

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true" use-expressions="false">
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login login-page="/authentication"  login-processing-url="/static  
              /j_spring_security_check" authentication-failure 
              url="/login?login_error=t" />

</http>

<authentication-manager>
  <authentication-provider>
     <jdbc-user-service id="userService"
       data-source-ref="DataSource"
       users-by-username-query="select name, password, true from person where name=?"
       authorities-by-username-query="select name,'ROLE_USER' from person where    
       name=?" />
  </authentication-provider>
</authentication-manager>

网页.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns  
 /javaee/web-app_2_5.xsd"
 id="WebApp_ID" version="2.5">

  <display-name>OTV_JSF_PrimeFaces_Spring_Hibernate</display-name>

  <!-- Spring Context Configuration' s Path definition -->
  <context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>
  /WEB-INF/applicationContext.xml
  /WEB-INF/spring-security.xml
  </param-value>
 </context-param>

 <!-- The Bootstrap listener to start up and shut down Spring's root  
   WebApplicationContext. It is registered to Servlet Container -->
 <listener>
  <listener-class>
    org.springframework.web.context.ContextLoaderListener
  </listener-class>
 </listener>
 <listener>
 <listener-class>
     org.springframework.web.context.request.RequestContextListener
 </listener-class>
 </listener>

<!-- Project Stage Level -->
 <context-param>
  <param-name>javax.faces.PROJECT_STAGE</param-name>
  <param-value>Development</param-value>
 </context-param>

<!-- Welcome Page -->
<welcome-file-list>
  <welcome-file>/home.xhtml</welcome-file>
</welcome-file-list>

<!-- JSF Servlet is defined to container -->
 <servlet>
 <servlet-name>Faces Servlet</servlet-name>
 <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
 <load-on-startup>1</load-on-startup>
</servlet>

<!-- Mapping with servlet and url for the http requests. -->
<servlet-mapping>
 <servlet-name>Faces Servlet</servlet-name>
 <url-pattern>*.jsf</url-pattern>
 </servlet-mapping>
 <servlet-mapping>
   <servlet-name>Faces Servlet</servlet-name>
   <url-pattern>*.faces</url-pattern>
 </servlet-mapping>
<servlet-mapping>
 <servlet-name>Faces Servlet</servlet-name>
 <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>

   <!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>  org.springframework.web.filter.DelegatingFilterProxy   
            </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

这是应用程序:在此处输入图像描述

当我运行应用程序时,这个 URL 被打开 http://localhost:8089/MVNOONPProject/authentication并且我得到这个错误:

 `The page isn't redirecting properly
  Firefox has detected that the server is redirecting the request for this address in 
  a way that will never complete.`

我确定这是 web.xml 的问题。但我没有找到如何解决它。

先感谢您

4

4 回答 4

2

尝试 2 件事

添加

<intercept-url pattern="/authentication" access="IS_AUTHENTICATED_ANONYMOUSLY" />

在表单登录标签中添加 default-target-url

default-target-url='/home.xhtml'

您使用自定义登录页面的另一件事,如果您使用自定义登录页面,您的 http auto-config="true" 将其更改为 false

所以你的安全配置应该是这样的(login-processing-url 也不需要)

<http auto-config="false" use-expressions="false">
<intercept-url pattern="/**" access="ROLE_USER" />
 < intercept-url pattern="/authentication" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-page="/authentication"   authentication-failure 
          url="/login?login_error=t" default-target-url='/home.xhtml'/>

于 2013-02-23T09:27:04.663 回答
2

通常只保护适当的网页是有意义的,这些网页将在此处呈现 JSF。当然,您不应该拦截所有网址,否则将无法登录。这假设您在 /authentication 下有一个工作登录页面。

<http auto-config="true" use-expressions="false">
    <intercept-url pattern="/**/*.faces" access="ROLE_USER" />
    <intercept-url pattern="/**/*.jsf" access="ROLE_USER" />
    <intercept-url pattern="/**/*.xhtml" access="ROLE_USER" />
    <form-login login-page="/authentication"  login-processing-url="/static  
              /j_spring_security_check" authentication-failure 
              url="/login?login_error=t" />

</http>
于 2013-02-23T09:32:14.577 回答
1

那是因为,您的弹簧安全配置循环重定向。

尝试这个 ,

<http auto-config="true" use-expressions="false">
     <intercept-url pattern="/login.jsp*" filters="none"/>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login login-page="/authentication"  login-processing-url="/static  
              /j_spring_security_check" authentication-failure 
              url="/login?login_error=t" />

</http>

编辑

<http auto-config="true" use-expressions="false">
     <intercept-url pattern="/authentication" filters="none"/>
     <intercept-url pattern="/login.jsp*" filters="none"/>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login login-page="/authentication"  login-processing-url="/static  
              /j_spring_security_check" authentication-failure 
              url="/login?login_error=t" />

</http>
于 2013-02-23T09:19:05.703 回答
0

由于 pattern="/**" 拦截了所有 URL 请求,包括登录页面本身,任何用户都必须登录才能访问登录页面。所以经过数小时的尝试,以下为我做了诀窍。

<intercept-url pattern="/login**" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/resources/**" access="ROLE_ANONYMOUS, ROLE_USER, ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />

<form-login 
    login-page="/login" 
    default-target-url="/home"
    authentication-failure-url="/login?error=true" />

注意,

  • 拦截 URL 标签的顺序
  • pattern="/**" 基本上拦截所有 url 请求,甚至包括 css 和图像文件之类的资源。这就是为什么需要第二行。

其他答案非常接近,但不适用于 Spring MVC 3.2.3.RELEASE 版本

我认为这可能会在未来引起其他问题,所以更好的方法可能是,

<intercept-url pattern="/admin*" access="ROLE_ADMIN" />
<intercept-url pattern="/user*" access="ROLE_USER, ROLE_ADMIN" />
<form-login 
    login-page="/login" 
    default-target-url="/home"
    authentication-failure-url="/login?error=true" />
于 2015-09-17T06:56:38.057 回答