当直接访问登录页面时,我已经连接了 Spring Security 3.1 并对用户进行身份验证,但是当用户未通过身份验证时不会发生重定向。
下面是我为 Spring Security 添加或更新的配置文件。我已经阅读了大多数(如果不是所有的话)这里有关订单的拦截 URL 的帖子。正确的 EL、访问权限等,我肯定在这里遗漏了一些东西。
我最终将 interecept-url 缩减为我的应用程序中的一个,以便以不存在的角色进行故障排除,但仍然没有任何成功。@PreFilters 也被忽略了,所以我认为它在某处的配置中,但根本看不到它。
环境为Tomcat 7.0.22、Mojarra 2.1.21、Spring Security 3.1、Java7
启动服务器时没有错误。
谢谢你的帮助!
问候,
麦克风
安全.xml
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd"
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:bean="http://www.springframework.org/schema/beans">
<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"/>
<http pattern="/resources/**" security="none" />
<http pattern="/images/**" security="none"/>
<http pattern="/templates/**" security="none"/>
<http pattern="/security/**" security="none"/>
<http use-expressions="true" auto-config="true" access-denied-page="/error/access-denied.xhtml">
<intercept-url pattern="/home/**" access="hasRole('ROLE_BLAH')"/>
<form-login default-target-url="/login.xhtml" authentication-failure-url="/login.xhtml" />
<logout logout-success-url="/login.xhtml" logout-url="/logout.xhtml" invalidate-session="true"/>
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="consummateUserAuthenticationProvider">
</authentication-provider>
</authentication-manager>
</bean:beans>
服务.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<context:component-scan base-package="com.comanche.authentication">
</context:component-scan>
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
<init-param>
<param-name>thresholdSize</param-name>
<param-value>51200</param-value>
</init-param>
<init-param>
<param-name>uploadDirectory</param-name>
<param-value>/home/provider/temp-fu</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<filter>
<filter-name>Custom Page Filter</filter-name>
<filter-class>com.comanche.web.filter.CustomPageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Custom Page Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>resources.application</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.expressionFactory</param-name>
<param-value>com.sun.el.ExpressionFactoryImpl</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.enableMissingResourceLibraryDetection</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/custom.taglib.xml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<error-page>
<error-code>500</error-code>
<location>/faces/content/error/error.xhtml</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/faces/content/error/error.xhtml</location>
</error-page>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/application-context.xml
/WEB-INF/spring/security.xml
/WEB-INF/spring/services.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>