0

我正在尝试在我的应用程序中实现 Spring Security,并且我的日志中有消息说它可以识别安全性,但它从来没有执行我设置的规则。我的 login.xhtml 也在调用 login 方法,但它永远不会正确返回,所以我只能假设我在配置中遗漏了一些东西,但我找不到它。提前致谢。

我知道这已经被问过很多次了,但是我已经看了几天了很多不同的例子,据我所知,我的例子是匹配的

这是我的配置文件(部分)

弹簧安全.xml

<http auto-config="true">

    <intercept-url pattern="/*" access="ROLE_ADMIN"/>
    <form-login login-processing-url="/j_spring_security_check" 
        login-page="/views/login.xhtml" 
        default-target-url="/views/index.xhtml"
        authentication-failure-url="/views/error.xhtml" />

</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="dummy" password="dummy" authorities="ROLE_DUMMY"/>
            <user name="admin" password="admin" authorities="ROLE_ADMIN"/>
        </user-service>
    </authentication-provider>
</authentication-manager>  

web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:/META-INF/spring/applicationContext.xml,
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

服务器日志

19:48:45,028 INFO  [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization started
19:48:45,058 INFO  [org.springframework.web.context.support.XmlWebApplicationContext] (ServerService Thread Pool -- 460) Refreshing Root WebApplicationContext: startup date [Tue Aug 20 19:48:45 PDT 2013]; root of context hierarchy
19:48:45,081 INFO  [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from class path resource [META-INF/spring/applicationContext.xml]
19:48:45,152 INFO  [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from ServletContext resource [/WEB-INF/spring-security.xml]
19:48:45,162 INFO  [org.springframework.security.core.SpringSecurityCoreVersion] (ServerService Thread Pool -- 460) You are running with Spring Security Core 3.1.4.RELEASE
19:48:45,163 INFO  [org.springframework.security.config.SecurityNamespaceHandler] (ServerService Thread Pool -- 460) Spring Security 'config' module version is 3.1.4.RELEASE
19:48:45,187 INFO  [org.springframework.security.config.http.HttpSecurityBeanDefinitionParser] (ServerService Thread Pool -- 460) Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 800, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1900, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2000]
19:48:45,258 INFO  [org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor] (ServerService Thread Pool -- 460) JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
19:48:45,282 INFO  [org.springframework.beans.factory.support.DefaultListableBeanFactory] (ServerService Thread Pool -- 460) Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@23c50d4e: defining beans [dataSource,entityManager,entityManagerFactory,distroStoreConverter,distroStaffBean,distroStoreBean,distroTastingBean,editDistroStaffBean,editDistroStoreBean,editDistroTastingBean,loginBean,newDistroStoreBean,newDistroTastingBean,scheduleBean,staffDaoImpl,storeDaoImpl,tastingDaoImp,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,jpaPropertyMap,hibernateVendor,transactionManager,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.provisioning.InMemoryUserDetailsManager#0,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,org.springframework.context.annotation.ConfigurationClassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy
19:48:45,292 INFO  [org.springframework.jdbc.datasource.DriverManagerDataSource] (ServerService Thread Pool -- 460) Loaded JDBC driver: org.postgresql.Driver
19:48:45,331 INFO  [org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean] (ServerService Thread Pool -- 460) Building JPA container EntityManagerFactory for persistence unit 'default'
19:48:46,047 INFO  [org.springframework.security.web.DefaultSecurityFilterChain] (ServerService Thread Pool -- 460) Creating filter chain: org.springframework.security.web.util.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@5151d7c2, org.springframework.security.web.authentication.logout.LogoutFilter@542c2b43, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1fcc66e1, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@24764e16, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5300990d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4c404f0d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@12060597, org.springframework.security.web.session.SessionManagementFilter@495905bf, org.springframework.security.web.access.ExceptionTranslationFilter@73886437, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7f6b9222]
19:48:46,055 INFO  [org.springframework.security.config.http.DefaultFilterChainValidator] (ServerService Thread Pool -- 460) Checking whether login URL '/views/login.xhtml' is accessible with your configuration
19:48:46,062 INFO  [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization completed in 1034 ms
19:48:46,064 INFO  [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Initializing Mojarra 2.1.19-jbossorg-1 20130304-0420 for context '/LuxuryLiquor'
19:48:46,575 INFO  [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Monitoring jndi:/default-host/LuxuryLiquor/WEB-INF/faces-config.xml for modifications
19:48:47,591 INFO  [org.jboss.as.server] (management-handler-thread - 16) JBAS018562: Redeployed "LuxuryLiquor.war"
19:48:47,592 INFO  [org.jboss.as.server] (management-handler-thread - 16) JBAS018565: Replaced deployment "LuxuryLiquor.war" with deployment "LuxuryLiquor.war"
19:48:47,596 INFO  [org.jboss.as.repository] (management-handler-thread - 16) JBAS014901: Content removed from location C:\Program Files\jboss-eap-6.1\standalone\data\content\8f\21f2c1f876b95cd37a0207b0fb9148ce3e00b0\content

登录.xhtml

<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui" style="background: black;">

<h:head>
    <meta />
    <h:outputStylesheet library="css" name="screen.css" />
    <title>Login</title>
</h:head>
<h:body>
    <div id="container">
    <div id="content">
        <div class="stores-position">
            <h1>Login</h1>
            <h:form id="loginForm">
                <p:panelGrid>
                    <p:row>
                        <p:column>
                            <h:outputLabel value="Username" />
                        </p:column>
                        <p:column>
                            <h:inputText id="j_username" value="#{loginBean.username}" required="true" />
                        </p:column>
                    </p:row>
                    <p:row>
                        <p:column>
                            <h:outputLabel value="Password" />
                        </p:column>
                        <p:column>
                            <h:inputSecret id="j_password" value="#{loginBean.password}" required="true" />
                        </p:column>
                    </p:row>
                </p:panelGrid>
                <p:commandButton id="login" type="submit" 
                    action="#{loginBean.doLogin}" value="Login" />
            </h:form>
        </div>
    </div>
    <div id="aside">
        <h:graphicImage value="/resources/gfx/LL_logo-1-1.jpg" />
    </div>
    <div id="footer" />
</div>
</h:body>
</html>
4

1 回答 1

1

乍一看,您的 url 模式是错误的。url-pattern 是一种 ant 样式的模式(即默认模式,如Spring Security Reference Guide中所述),这意味着

  • ? 匹配一个字符
    • 匹配零个或多个字符
  • ** 匹配路径中的零个或多个“目录”

您正在使用 /* 而您可能应该使用 /**

<http auto-config="true">

<intercept-url pattern="/**" access="ROLE_ADMIN"/>
<form-login login-processing-url="/j_spring_security_check" 
    login-page="/views/login.xhtml" 
    default-target-url="/views/index.xhtml"
    authentication-failure-url="/views/error.xhtml" />

</http>

有关蚂蚁风格表达的更多信息,请参阅此问题

于 2013-08-21T12:37:05.400 回答