1

我知道这个问题之前已经被问过几次,但我不知何故无法破解它。帮助真的很感激,因为我坚持了一段时间。

下面附加的我的安全 XML 文件已经工作了一段时间,但是我需要添加另一个标签以包含 WebService 安全性

现有的安全 XML

    <security:http pattern="/abc.html" security="none"/>
<security:http pattern="/dev.html" security="none"/>

<security:http entry-point-ref="authenticaionEntryPoint">
    <security:intercept-url pattern="/*.xyz" access="ROLE_USER"/>
    <security:logout logout-success-url="/login_failure.do" />
    <security:custom-filter position="FORM_LOGIN_FILTER" ref="customAuthenticationFilter"/>
    <security:anonymous username="guest" granted-authority="ROLE_ANONIM"/>
</security:http>

<bean id="authenticaionEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/login.jsp" />
</bean>

<bean id="customAuthenticationFilter" class="package.security.CustomAuthenticationProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationSuccessHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
            <property name="defaultTargetUrl" value="/login_success.jsp" />
            <property name="alwaysUseDefaultTargetUrl" value="false" />
        </bean>
    </property>
    <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="/login_failure.do" />
        </bean>
    </property>
</bean>

<bean id="authenticationProvider" class="package.security.CustomAuthenticationProvider" />

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="authenticationProvider"/>        
</security:authentication-manager>

我需要添加

    <security:http pattern="/SetWebServices*" create-session="stateless" authentication-manager-ref="remotingAuthenticationManager" auto-config="true">
    <security:intercept-url pattern="/SetWebServices*" access="ROLE_USER"/>
    <security:http-basic/> 
</security:http>

<security:authentication-manager  alias="remotingAuthenticationManager">
    <security:authentication-provider>
        <security:user-service>
            <security:user name="adminuser" password="adminpass" authorities="ROLE_USER" />
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

它们都单独工作,但将第二块放在顶部会在 /SetWebServices?WSDL 上给出 403 Access denied。

任何帮助/方向/输入将不胜感激。

4

0 回答 0