0

我们有一个使用 Java、Spring 3.2.x 和 hibernate 开发的 web 应用程序。

通过将 Web 应用程序作为服务器来实现 RestFul 服务。(应用程序既是 Web 应用程序又是用于休息的服务器)。

每当我使用 http 请求从服务器获取数据时,我需要登录到 webapp 吗?这就是我现在的问题。在我登录之前,我无法获得详细信息。一些我需要绕过此登录的方式。有什么建议么!提前致谢!如果您需要更多详细信息,请告诉我!

web.xml 的 servlet 部分

 <servlet>
    <servlet-name>test</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>test</servlet-name>
    <url-pattern>*.do</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>test</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

对于 webapp 中的安全性,使用 spring security。

以下是我的 security.xml 文件

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <import resource="classpath:spring-authentication.xml"/>

    <security:http pattern="/" security="none"/>
    <security:http pattern="/login.*" security="none"/>
    <security:http pattern="/forgotpassword.*" security="none"/>
    <security:http pattern="/img/**" security="none"/>
    <security:http pattern="/css/**" security="none"/>
    <security:http pattern="/ws/**" security="none"/>

    <security:http realm="myrealm">

        <security:intercept-url pattern="/*jsp" access="ROLE_ADMIN"/>

        <!-- order matters so these overrides must be above the star do below to work -->       
        <security:intercept-url pattern="/welcome.do" access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/MyProfile.do" access="ROLE_ADMIN"/>           
        <security:intercept-url pattern="/User.do" access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/UserSearch.do" access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/UserList.do" access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/PasswordReset.do" access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/*do"   access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/*csv" access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/*pdf" access="ROLE_ADMIN"/>
            <security:intercept-url pattern="/ui/**" access="ROLE_ADMIN" />
            <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
        <!-- Catch all to prevent public access to anything missed by proceeding filters -->
        <security:intercept-url pattern="/**" access="ROLE_ADMIN" />

        <security:form-login login-page="/login.do" 
            default-target-url="/welcome.do" 
            always-use-default-target="true"
            authentication-failure-url="/login.do?login_error=1" 
        />

        <security:logout logout-success-url="/login.do" />
        <security:http-basic/>
        <security:anonymous />
    </security:http>
    <bean id="authProvider" class="security.AuthenticationProvider">
    </bean>     
    <security:authentication-manager alias="authenticationManager">  
        <security:authentication-provider ref="authProvider"/>
    </security:authentication-manager>

</beans>
4

2 回答 2

1
<security:http pattern="/" security="none"/>

将仅匹配根请求,因此如果它在根上下文之后有任何字符串,它将不匹配请求。您的休息服务网址必须类似于http://host:port/context/<url>

只会http://host:port/context匹配模式"/"

解决方案:将 http 标签中的模式更新为 security="none" 的 rest 服务 url。

我假设您有一些差异网址,以防您拨打休息服务电话?

于 2013-10-07T08:44:20.027 回答
0

尝试将“访问”属性设置permitAll<intercept-url>. 但是您应该在您的 http 描述符中启用 SpEL <http use-expressions="true">

于 2013-10-04T19:06:47.283 回答