1

我将 Spring Security 从 2 升级到 3

以前 Security.xml 有AuthenticationProcessingFilterAuthenticationProcessingFilterEntryPoint

所以我的新 Security.xml 是

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<beans:bean id="userAuthenticationService"
    class="com.raykor.core.service.UserAuthenticationService" />

<beans:bean id="shaEncoder"
    class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />

<global-method-security />

<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">

    <intercept-url pattern="/resettingPassword.do**" access="ROLE_ADMIN" />
    <intercept-url pattern="/resetPassword.do**" access="ROLE_ADMIN" />
    <logout logout-success-url="/index.jsp" invalidate-session="true" />
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userAuthenticationService">
        <password-encoder ref="shaEncoder">
            <salt-source user-property="salt" />
        </password-encoder>
    </authentication-provider>
</authentication-manager>

<beans:bean id="authenticationFilter"
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="authenticationFailureHandler"
        ref="failureHandler" />
    <beans:property name="authenticationSuccessHandler"
        ref="successHandler" />
</beans:bean>

<beans:bean id="successHandler"
    class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
    <beans:property name="alwaysUseDefaultTargetUrl" value="false" />
    <beans:property name="defaultTargetUrl" value="/home.do" />
</beans:bean>

<beans:bean id="failureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <beans:property name="defaultFailureUrl" value="/login.do?error=true" />
</beans:bean>

<beans:bean id="authenticationProcessingFilterEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:property name="loginFormUrl" value="/login.do" />
    <beans:property name="forceHttps" value="false" />
</beans:bean>

`

还在web.xml 中添加了过滤器springSecurityFilterChain

在 login.do 上打开登录页面,在提交时提交给j_spring_security_check,用户名和密码为j_username & j_password

那么为什么说 j_spring_security_checknot avaliable

4

2 回答 2

1

我错过了添加自定义过滤器参考我更新为

<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
    <custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter"/>
    <intercept-url pattern="/resettingPassword.do**" access="ROLE_ADMIN" />
    <intercept-url pattern="/resetPassword.do**" access="ROLE_ADMIN" />
    <logout logout-success-url="/index.jsp" invalidate-session="true" />
</http>
于 2013-03-04T11:46:12.140 回答
1

您实例化 a UsernamePasswordAuthenticationFilter,但仅通过创建它就不会成为安全过滤器链的一部分。尝试auto-config="false"http配置元素中删除 ,并<form-login>在其中包含一个元素。我认为您通过 bean 定义完成的所有配置都可以使用更简洁的命名空间配置来完成,这应该是 Spring Security 3 的首选。

于 2013-03-04T11:39:42.773 回答