0

在我添加了 Spring Security 过滤器后,这已停止工作。

Spring 3.1.4.RELEASE
Spring Security 3.1.2.RELEASE
Tomcat 7.0.37

部署应用程序时按预期配置映射

INFO annotation.RequestMappingHandlerMapping:映射“{[/countries],methods=[GET],params=[!countryCode],headers=[],consumes=[],produces=[application/json],custom=[]}”到公共 com.purpleleaf.proxy.rest.data.ProxyResponse com.purpleleaf.proxy.rest.service.reference.DefaultCountry.findAll()

GET 请求已提交。

获取 http://localhost:8081/purpleleaf-admin-1.0.0/countries?page=1&start=0&limit=25

请求参数由 ExtJS 添加,这不是问题,因为它在没有安全性的情况下工作。

GET 请求的日志

DEBUG util.AntPathRequestMatcher:检查请求的匹配:'/countries';反对 '/*'
DEBUG web.FilterChainProxy: /countries?page=1&start=0&limit=25 有一个空的过滤器列表
DEBUG servlet.DispatcherServlet:名为“admin-spring”的 DispatcherServlet 处理 [//purpleleaf-admin-1.0.0/countries] 的 GET 请求
DEBUG annotation.RequestMappingHandlerMapping:查找路径的处理程序方法 //purpleleaf-admin-1.0.0/countries
DEBUG annotation.RequestMappingHandlerMapping:没有找到[//purpleleaf-admin-1.0.0/countries]的处理程序方法
DEBUG handler.SimpleUrlHandlerMapping:请求的匹配模式 [//purpleleaf-admin-1.0.0/countries] 是 [/**]
DEBUG handler.SimpleUrlHandlerMapping:请求的URI模板变量[//purpleleaf-admin-1.0.0/countries]是{}
DEBUG handler.SimpleUrlHandlerMapping:使用处理程序 [org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler@3f8050cf] 和 1 个拦截器将 [//purpleleaf-admin-1.0.0/countries] 映射到 HandlerExecutionChain
DEBUG servlet.DispatcherServlet:[//purpleleaf-admin-1.0.0/countries] 的 Last-Modified 值为:-1
DEBUG servlet.DispatcherServlet:Null ModelAndView 返回到 DispatcherServlet,名称为“admin-spring”:假设 HandlerAdapter 已完成请求处理
DEBUG servlet.DispatcherServlet:成功完成请求

当请求由 web.filterChainProxy 处理时,它是/countries,但是当它由 annotation.RequestMappingHandlerMapping 处理时,它是//purpleleaf-admin-1.0.0/countires

Purpleleaf-admin-1.0.0是解压war文件的文件夹。

web.xml 具有以下 servlet 和过滤器映射

<servlet-mapping>
    <servlet-name>admin-spring</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

关于如何解决此映射的任何建议?

编辑 1:Spring 安全配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
   xmlns:beans="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <beans:import resource="classpath*:applicationContext-CrowdClient.xml" />

<beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
    <beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
    <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
    <beans:property name="userManager" ref="crowdUserManager"/>
    <beans:property name="authorityPrefix" value="ROLE_"/>
</beans:bean>

<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
    <beans:constructor-arg ref="crowdAuthenticationManager"/>
    <beans:constructor-arg ref="httpAuthenticator"/>
    <beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref='crowdAuthenticationProvider' />
</authentication-manager>

<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:constructor-arg value="/login.jsp" />
</beans:bean>

<beans:bean id="crowdAuthenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
    <beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="filterProcessesUrl" value="/j_security_check"/>
    <beans:property name="authenticationFailureHandler">
        <beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/login.jsp?error=true"/>
        </beans:bean>
    </beans:property>

    <beans:property name="authenticationSuccessHandler">
        <beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/"/>
        </beans:bean>
    </beans:property>
</beans:bean>

<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
    <beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>
<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />

<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <beans:constructor-arg index="0" value="/index.html"/>
    <beans:constructor-arg index="1">
        <beans:list>
            <beans:ref bean="crowdLogoutHandler"/>
            <beans:ref bean="securityContextLogoutHandler"/>
        </beans:list>
    </beans:constructor-arg>
    <beans:property name="filterProcessesUrl" value="/logout.html"/>
</beans:bean>

<http pattern='/*' security='none'/>
<!--http pattern='/scripts/*' security='none'/-->

<http auto-config="false" entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">

    <custom-filter position="FORM_LOGIN_FILTER" ref='crowdAuthenticationProcessingFilter'/>
    <custom-filter position="LOGOUT_FILTER" ref='logoutFilter'/>

    <!--intercept-url pattern="/admin/*" access="ROLE_application-administrators"/-->
    <!--intercept-url pattern="/passwordHint.html" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/-->
    <!--security:intercept-url pattern="/**/*.html*" access="IS_AUTHENTICATED_FULLY"/-->
</http>
</beans:beans>
4

1 回答 1

0

根本原因是 url 上的purpleleaf-admin- 1.0.0util.AntPathRequestMatcher在包含点 (.) 时无法正确解析路径。

在添加安全过滤器之前,该类不在路径中。

于 2013-06-16T12:00:32.093 回答