我有一个使用自定义用户、角色、权限表自定义(阅读“天真”)身份验证的 Spring WebApp。
我现在正在迁移代码以使用 Spring Security。我阅读了教程并达到了可以匿名访问我的 login.jsp 页面、css、js、png 文件的地步。我有一个动作属性为“j_spring_security_check”的表单。在提交表单时,浏览器会向该 URL 执行 HTTP Post,这会导致 404。
现在我没有使用RequestMapping. 这是必需的吗?我们什么时候应该有这个 URL 的请求映射?
在我的身份验证提供程序中,我提供了对实现 UserDetailsService 的类的 bean 的引用。我期待 Spring 通过调用 loadUserByUserName 来执行身份验证,但这个方法永远不会被调用。为什么没有调用该方法?我是否误解了身份验证应该如何工作?我是否需要为 j_spring_security_check 提供自定义请求映射才能使其工作?
这是我的自定义用户详细信息服务:
@Service(value="myUserDetailsService")
public class LoginUserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
System.out.println("here");
User user = userRepository.findUser(username);
if (user != null)
return new V2VUserDetails(user);
else
return null;
}
}
这是我的安全 XML:
<http pattern="/**/*.css" security="none" />
<http pattern="/**/*.js" security="none" />
<http pattern="/**/*.png" security="none" />
<http auto-config="true">
<intercept-url pattern="/login.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/login.html"
login-processing-url="/j_spring_security_check"
default-target-url="/welcomePage.html"
authentication-failure-url="/welcomePage.html"
always-use-default-target="true" />
</http>
<authentication-manager>
<authentication-provider user-service-ref='myUserDetailsService'/>
</authentication-manager>
<beans:bean id="myUserDetailsService"
class="security.LoginUserService">
</beans:bean>
我在 Stackoverflow 和其他网站上检查了几个答案,但无法解决问题。
编辑 尝试了这里给出的建议。现在得到 BeanFactory 未初始化错误。
编辑 contextConfigLocation /WEB-INF/security-v2v-servlet.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
更新
当前的 web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Spring3MVC</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security-v2v-servlet.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/errorPage.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/errorPage.jsp</location>
</error-page>
<servlet>
<servlet-name>v2v</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.ResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>v2v</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>v2v</servlet-name>
<url-pattern>*.zip</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.jpeg</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.gif</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.png</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/j_spring_security_check</url-pattern>
</servlet-mapping>
<filter>
<filter-name>UserAddFilter</filter-name>
<filter-class>
filter.UserInfoAddToThreadFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>UserAddFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
</web-app>