我正在尝试在我的应用程序中实现 Spring Security,并且我的日志中有消息说它可以识别安全性,但它从来没有执行我设置的规则。我的 login.xhtml 也在调用 login 方法,但它永远不会正确返回,所以我只能假设我在配置中遗漏了一些东西,但我找不到它。提前致谢。
我知道这已经被问过很多次了,但是我已经看了几天了很多不同的例子,据我所知,我的例子是匹配的
这是我的配置文件(部分)
弹簧安全.xml
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_ADMIN"/>
<form-login login-processing-url="/j_spring_security_check"
login-page="/views/login.xhtml"
default-target-url="/views/index.xhtml"
authentication-failure-url="/views/error.xhtml" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="dummy" password="dummy" authorities="ROLE_DUMMY"/>
<user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/META-INF/spring/applicationContext.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
服务器日志
19:48:45,028 INFO [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization started
19:48:45,058 INFO [org.springframework.web.context.support.XmlWebApplicationContext] (ServerService Thread Pool -- 460) Refreshing Root WebApplicationContext: startup date [Tue Aug 20 19:48:45 PDT 2013]; root of context hierarchy
19:48:45,081 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from class path resource [META-INF/spring/applicationContext.xml]
19:48:45,152 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from ServletContext resource [/WEB-INF/spring-security.xml]
19:48:45,162 INFO [org.springframework.security.core.SpringSecurityCoreVersion] (ServerService Thread Pool -- 460) You are running with Spring Security Core 3.1.4.RELEASE
19:48:45,163 INFO [org.springframework.security.config.SecurityNamespaceHandler] (ServerService Thread Pool -- 460) Spring Security 'config' module version is 3.1.4.RELEASE
19:48:45,187 INFO [org.springframework.security.config.http.HttpSecurityBeanDefinitionParser] (ServerService Thread Pool -- 460) Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 800, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1900, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2000]
19:48:45,258 INFO [org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor] (ServerService Thread Pool -- 460) JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
19:48:45,282 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] (ServerService Thread Pool -- 460) Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@23c50d4e: defining beans [dataSource,entityManager,entityManagerFactory,distroStoreConverter,distroStaffBean,distroStoreBean,distroTastingBean,editDistroStaffBean,editDistroStoreBean,editDistroTastingBean,loginBean,newDistroStoreBean,newDistroTastingBean,scheduleBean,staffDaoImpl,storeDaoImpl,tastingDaoImp,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,jpaPropertyMap,hibernateVendor,transactionManager,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.provisioning.InMemoryUserDetailsManager#0,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,org.springframework.context.annotation.ConfigurationClassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy
19:48:45,292 INFO [org.springframework.jdbc.datasource.DriverManagerDataSource] (ServerService Thread Pool -- 460) Loaded JDBC driver: org.postgresql.Driver
19:48:45,331 INFO [org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean] (ServerService Thread Pool -- 460) Building JPA container EntityManagerFactory for persistence unit 'default'
19:48:46,047 INFO [org.springframework.security.web.DefaultSecurityFilterChain] (ServerService Thread Pool -- 460) Creating filter chain: org.springframework.security.web.util.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@5151d7c2, org.springframework.security.web.authentication.logout.LogoutFilter@542c2b43, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1fcc66e1, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@24764e16, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5300990d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4c404f0d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@12060597, org.springframework.security.web.session.SessionManagementFilter@495905bf, org.springframework.security.web.access.ExceptionTranslationFilter@73886437, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7f6b9222]
19:48:46,055 INFO [org.springframework.security.config.http.DefaultFilterChainValidator] (ServerService Thread Pool -- 460) Checking whether login URL '/views/login.xhtml' is accessible with your configuration
19:48:46,062 INFO [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization completed in 1034 ms
19:48:46,064 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Initializing Mojarra 2.1.19-jbossorg-1 20130304-0420 for context '/LuxuryLiquor'
19:48:46,575 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Monitoring jndi:/default-host/LuxuryLiquor/WEB-INF/faces-config.xml for modifications
19:48:47,591 INFO [org.jboss.as.server] (management-handler-thread - 16) JBAS018562: Redeployed "LuxuryLiquor.war"
19:48:47,592 INFO [org.jboss.as.server] (management-handler-thread - 16) JBAS018565: Replaced deployment "LuxuryLiquor.war" with deployment "LuxuryLiquor.war"
19:48:47,596 INFO [org.jboss.as.repository] (management-handler-thread - 16) JBAS014901: Content removed from location C:\Program Files\jboss-eap-6.1\standalone\data\content\8f\21f2c1f876b95cd37a0207b0fb9148ce3e00b0\content
登录.xhtml
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui" style="background: black;">
<h:head>
<meta />
<h:outputStylesheet library="css" name="screen.css" />
<title>Login</title>
</h:head>
<h:body>
<div id="container">
<div id="content">
<div class="stores-position">
<h1>Login</h1>
<h:form id="loginForm">
<p:panelGrid>
<p:row>
<p:column>
<h:outputLabel value="Username" />
</p:column>
<p:column>
<h:inputText id="j_username" value="#{loginBean.username}" required="true" />
</p:column>
</p:row>
<p:row>
<p:column>
<h:outputLabel value="Password" />
</p:column>
<p:column>
<h:inputSecret id="j_password" value="#{loginBean.password}" required="true" />
</p:column>
</p:row>
</p:panelGrid>
<p:commandButton id="login" type="submit"
action="#{loginBean.doLogin}" value="Login" />
</h:form>
</div>
</div>
<div id="aside">
<h:graphicImage value="/resources/gfx/LL_logo-1-1.jpg" />
</div>
<div id="footer" />
</div>
</h:body>
</html>