spring - Spring Security 只返回控制器的根目录

Question

在我的应用程序中添加了 spring security 之后，它似乎只返回了我的控制器的根目录。

当我在其中放置一个 URL 时，它应该在“工作”版本中返回 json，它会按预期返回 json。在我使用弹簧安全的版本中，它只返回我的控制器的根。

下面是我的tomcat输出。

DEBUG - Converted URL to lowercase, from: '/service/products/2'; to: '/service/products/2'
DEBUG - Candidate is: '/service/products/2'; pattern is /**; matched=true
DEBUG - /service/products/2 at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG - No HttpSession currently exists
DEBUG - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG - /service/products/2 at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG - /service/products/2 at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
DEBUG - /service/products/2 at position 4 of 11 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
DEBUG - /service/products/2 at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG - /service/products/2 at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG - /service/products/2 at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG - /service/products/2 at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG - /service/products/2 at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG - Requested session ID8FA5D77A75BFF4D7EBDD063710EFF5F4 is invalid.
DEBUG - /service/products/2 at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG - /service/products/2 at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG - Converted URL to lowercase, from: '/service/products/2'; to: '/service/products/2'
DEBUG - Candidate is: '/service/products/2'; pattern is /service/products/removeproduct**; matched=false
DEBUG - Public object - authentication not attempted
DEBUG - /service/products/2 reached end of additional filter chain; proceeding with original chain
DEBUG - DispatcherServlet with name 'cr' processing GET request for [/service/products/2]
DEBUG - Matching patterns for request [/service/products/2] are [/service/products/{productId}]
DEBUG - URI Template variables for request [/service/products/2] are {productId=2}
DEBUG - Mapping [/service/products/2] to HandlerExecutionChain with handler [com.cr.controllers.ProductsController@60326032] and 3 interceptors
DEBUG - Last-Modified value for [/service/products/2] is: -1
DEBUG - Invoking request handler method: public void com.cr.controllers.ProductsController.get(javax.servlet.ServletResponse) throws java.io.IOException
DEBUG - Returning cached instance of singleton bean 'org.springframework.transaction.interceptor.TransactionInterceptor#0'
DEBUG - Null ModelAndView returned to DispatcherServlet with name 'cr': assuming HandlerAdapter completed request handling
DEBUG - Successfully completed request
DEBUG - Chain processed normally
DEBUG - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
DEBUG - SecurityContextHolder now cleared, as request processing completed

我将以下内容添加到我的 web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:applicationContext.xml
        classpath:spring-security.xml
    </param-value>
</context-param>
<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>

弹簧安全.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <http auto-config="true" path-type="ant">
        <intercept-url pattern="/service/products/removeProduct**" access="ROLE_USER" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="user" password="user" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

我还降级到春季版本 3.0.5。这是我的 pom.xml 中的 spring 依赖项。工作版本在 3.2.0 / 3.1.3

<properties>
        <spring.version>3.0.5.RELEASE</spring.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.data</groupId>
            <artifactId>spring-data-jpa</artifactId>
            <version>1.0.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-orm</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-tx</artifactId>
            <version>${spring.version}</version>
        </dependency>

score 1 · Accepted Answer

如果您在 POM 文件（特别是 3.2.0.RELEASE）中包含 Spring 3.2，那么您的配置文件应以：

<beans:beans 
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.2.xsd"
>

请注意，模式位置上的版本号与您正在使用的 Spring 框架的版本号（主要/次要）匹配。

[我试图将此作为评论添加到您的答案 zmanc，但类似 URL 的字符串被系统重新解释并转换为链接（减去协议，并且较长的字符串被截断）。]

score 0 · Accepted Answer

我发现这是我使用的弹簧版本组合的问题。我对我的 Pom 进行了以下更改，并对 spring-security.xml 进行了一项更改，它解决了这个问题。

<properties>
    <spring.version>3.2.0.RELEASE</spring.version>
</properties>
<dependencies>
    <dependency>
        <groupId>org.springframework.data</groupId>
        <artifactId>spring-data-jpa</artifactId>
        <version>1.0.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-web</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-webmvc</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-orm</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-tx</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
        <version>3.6.10.Final</version>
    </dependency>

春季安全 xml 更新

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

spring - Spring Security 只返回控制器的根目录

2 回答 2

Related

Reference