在我添加了 Spring Security 过滤器后,这已停止工作。
Spring 3.1.4.RELEASE
Spring Security 3.1.2.RELEASE
Tomcat 7.0.37
部署应用程序时按预期配置映射
INFO annotation.RequestMappingHandlerMapping:映射“{[/countries],methods=[GET],params=[!countryCode],headers=[],consumes=[],produces=[application/json],custom=[]}”到公共 com.purpleleaf.proxy.rest.data.ProxyResponse com.purpleleaf.proxy.rest.service.reference.DefaultCountry.findAll()
GET 请求已提交。
获取 http://localhost:8081/purpleleaf-admin-1.0.0/countries?page=1&start=0&limit=25
请求参数由 ExtJS 添加,这不是问题,因为它在没有安全性的情况下工作。
GET 请求的日志
DEBUG util.AntPathRequestMatcher:检查请求的匹配:'/countries';反对 '/*'
DEBUG web.FilterChainProxy: /countries?page=1&start=0&limit=25 有一个空的过滤器列表
DEBUG servlet.DispatcherServlet:名为“admin-spring”的 DispatcherServlet 处理 [//purpleleaf-admin-1.0.0/countries] 的 GET 请求
DEBUG annotation.RequestMappingHandlerMapping:查找路径的处理程序方法 //purpleleaf-admin-1.0.0/countries
DEBUG annotation.RequestMappingHandlerMapping:没有找到[//purpleleaf-admin-1.0.0/countries]的处理程序方法
DEBUG handler.SimpleUrlHandlerMapping:请求的匹配模式 [//purpleleaf-admin-1.0.0/countries] 是 [/**]
DEBUG handler.SimpleUrlHandlerMapping:请求的URI模板变量[//purpleleaf-admin-1.0.0/countries]是{}
DEBUG handler.SimpleUrlHandlerMapping:使用处理程序 [org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler@3f8050cf] 和 1 个拦截器将 [//purpleleaf-admin-1.0.0/countries] 映射到 HandlerExecutionChain
DEBUG servlet.DispatcherServlet:[//purpleleaf-admin-1.0.0/countries] 的 Last-Modified 值为:-1
DEBUG servlet.DispatcherServlet:Null ModelAndView 返回到 DispatcherServlet,名称为“admin-spring”:假设 HandlerAdapter 已完成请求处理
DEBUG servlet.DispatcherServlet:成功完成请求
当请求由 web.filterChainProxy 处理时,它是/countries,但是当它由 annotation.RequestMappingHandlerMapping 处理时,它是//purpleleaf-admin-1.0.0/countires
Purpleleaf-admin-1.0.0是解压war文件的文件夹。
web.xml 具有以下 servlet 和过滤器映射
<servlet-mapping>
<servlet-name>admin-spring</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
关于如何解决此映射的任何建议?
编辑 1:Spring 安全配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:import resource="classpath*:applicationContext-CrowdClient.xml" />
<beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
<beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
<beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
<beans:property name="userManager" ref="crowdUserManager"/>
<beans:property name="authorityPrefix" value="ROLE_"/>
</beans:bean>
<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
<beans:constructor-arg ref="crowdAuthenticationManager"/>
<beans:constructor-arg ref="httpAuthenticator"/>
<beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref='crowdAuthenticationProvider' />
</authentication-manager>
<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg value="/login.jsp" />
</beans:bean>
<beans:bean id="crowdAuthenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="filterProcessesUrl" value="/j_security_check"/>
<beans:property name="authenticationFailureHandler">
<beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.jsp?error=true"/>
</beans:bean>
</beans:property>
<beans:property name="authenticationSuccessHandler">
<beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>
<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/index.html"/>
<beans:constructor-arg index="1">
<beans:list>
<beans:ref bean="crowdLogoutHandler"/>
<beans:ref bean="securityContextLogoutHandler"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout.html"/>
</beans:bean>
<http pattern='/*' security='none'/>
<!--http pattern='/scripts/*' security='none'/-->
<http auto-config="false" entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
<custom-filter position="FORM_LOGIN_FILTER" ref='crowdAuthenticationProcessingFilter'/>
<custom-filter position="LOGOUT_FILTER" ref='logoutFilter'/>
<!--intercept-url pattern="/admin/*" access="ROLE_application-administrators"/-->
<!--intercept-url pattern="/passwordHint.html" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/-->
<!--security:intercept-url pattern="/**/*.html*" access="IS_AUTHENTICATED_FULLY"/-->
</http>
</beans:beans>