成功登录后尝试访问受 Spring Security 保护的 URL 时出现 404 错误,但当我不使用 Spring Security 保护 URL 时不会出现错误。
我正在使用 Spring-MVC、Spring Security 和 Hibernate。我试图找出问题可能是什么,但完全失败了。我需要你们的帮助。
我的 spring-security.xml 文件如下:
<http auto-config="true">
<intercept-url pattern="/sec/*" access="ROLE_USER" />
<form-login login-page="/login"
authentication-success-handler-ref="successHandler" authentication-failure-handler-ref="failureHandler"
authentication-failure-url="/login/error" />
<remember-me/>
<logout logout-success-url="/login" />
<access-denied-handler error-page="/403"/>
</http>
dispatcher-servlet.xml 如下:
<mvc:annotation-driven/>
<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer" p:definitions="/WEB-INF/tiles.xml" />
<bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.tiles2.TilesView"/>
</bean>
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="/WEB-INF/application"/>
<property name="cacheSeconds" value="1"/>
和 web.xml 是:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml,
/WEB-INF/spring-security.xml,
/WEB-INF/applicationContext.xml,
/WEB-INF/spring-db.xml
</param-value>
</context-param>
<filter>
<filter-name>hibernateSessionInViewFilter</filter-name>
<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
<init-param>
<param-name>flushMode</param-name>
<param-value>ALWAYS</param-value>
</init-param>
<init-param>
<param-name>singleSession</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>hibernateSessionInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
请注意,Spring Security Authentication 工作得很好。它保护的那种 url 不再被调度程序映射。有人请帮我解决这个问题。先感谢您。