2

我正在使用 Apache Tomcat 8.0.0-RC3 服务器和 spring dispatcher servlet。使用 HTTP PUT 方法时出现 403 被禁止,但 HTTPGET 方法工作正常。我正在尝试通过安全约束解决这个问题,但它给了我 409 冲突错误,因为我使用的是 spring dispatcher servlet 并且它不工作。但它在 tomcat 7 上运行完美。请帮助我摆脱这个。这是我的 web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee            http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <display-name>abc</display-name>
    <description>ABC Web application</description>
    <!-- Enable escaping of form submission contents -->
    <context-param>
        <param-name>defaultHtmlEscape</param-name>
        <param-value>true</param-value>
    </context-param>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
    </context-param>
    <filter>
        <filter-name>CharacterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter>
        <filter-name>HttpMethodFilter</filter-name>
        <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
    </filter>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter>
        <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
        <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CharacterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>HttpMethodFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- Creates the Spring Container shared by all Servlets and Filters -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <!-- Handles Spring requests -->
    <servlet>
        <servlet-name>ABC</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>WEB-INF/spring/webmvc-config.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <persistence-unit-ref>
        <persistence-unit-ref-name>persistence/persistenceUnit</persistence-unit-ref-name>
        <persistence-unit-name>persistenceUnit</persistence-unit-name>
    </persistence-unit-ref>

    <servlet-mapping>
        <servlet-name>ABC</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>10</session-timeout>
    </session-config>
    <error-page>
        <exception-type>java.lang.Exception</exception-type>
        <location>/uncaughtException</location>
    </error-page>
    <error-page>
        <error-code>404</error-code>
        <location>/resourceNotFound</location>
    </error-page>
</web-app>

工厂.js

angular.module('cnitch').factory('configFactory', ['$http',
    function ($http) {
        var urlBase = '/ABC/api/mode';
        var urlrootmode = '/ABC/api/mode/host/all/tranx/all';
        var configFactory = {};

        configFactory.getConfig = function (id) {
            return $http.get(urlBase + "/" + id);
        };

        configFactory.getConfigs = function () {
            return $http.get(urlBase);
        };

        configFactory.getConfignew = function () {
            return $http.get(urlrootmode);
        };

        configFactory.insertConfig = function (configString) {
            return $http.post(urlBase, configString);
        };

        configFactory.updateConfig = function (id, configString) {
            return $http.put(urlBase + '/' + id, configString);
        };
        configFactory.updateConfignew = function (id, configString) {
            return $http.put(urlBase, configString);
        };

        configFactory.deleteConfig = function (id) {
            return $http.delete(urlBase + '/' + id);
        };

        return configFactory;

    }
]);

ApplicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans" xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <!-- HTTP security configurations -->
    <http auto-config="true" use-expressions="true">
        <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
        <logout logout-url="/resources/j_spring_security_logout" />
        <!-- Configure these elements to secure URIs in your application -->
        <intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/member/**" access="isAuthenticated()" />
        <intercept-url pattern="/resources/**" access="permitAll" />
        <intercept-url pattern="/main/**" access="permitAll" />
        <intercept-url pattern="/api/**" access="permitAll" />
        <intercept-url pattern="/**" access="permitAll" />
    </http>
    <!-- Configure Authentication mechanism -->
    <authentication-manager alias="authenticationManager">
        <!-- SHA-256 values can be produced using 'echo -n your_desired_password |
                sha256sum' (using normal *nix environments) -->
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password, enabled from users where username=?" authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id = ur.user_id and u.username =?  " />
        </authentication-provider>
    </authentication-manager>
</beans:beans>
4

1 回答 1

1

您可能应该确认位于 $TOMCAT_HOME/conf/web.xml 中的默认 web.xml。

确保从以下内容中删除 PUT 方法:

<security-constraint>
<web-resource-collection>
    <web-resource-name>restricted methods</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>TRACE</http-method>
    <http-method>PUT</http-method>
    <http-method>OPTIONS</http-method>
    <http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint/>

于 2014-02-04T20:09:41.580 回答