1

我正在使用 Wildfly 8 Final、WebApplicationInitializer 实现而不是 web.xml、Spring MVC 4 和 Spring Security 3.2。我遇到的问题是,即使 Wildfly 说它有时(并非总是)成功部署了战争,但当我尝试访问 Web 应用程序的任何 URI 时,我得到“404 Not Found”。问题一直存在,直到我重新部署 Web 应用程序。清空 tmp 文件夹无关紧要 - 重新启动后错误可能仍然存在。

我打开了调试,唯一不同寻常的是“Null ModelAndView 返回到 DispatcherServlet,名称为'dispatcher':假设 HandlerAdapter 完成了请求处理”(在请求之后)。问题是我在这两种情况下都会收到此消息。

这是我的 WebApplicationInitializer

public class MyWebAppInitializer implements WebApplicationInitializer {

@Override
public void onStartup(ServletContext servletContext)
        throws ServletException {
    AnnotationConfigWebApplicationContext dispatcherServlet = new AnnotationConfigWebApplicationContext();
    dispatcherServlet.register(WebConfig.class, SecurityConfig.class,
            DataConfig.class);

    servletContext
            .addListener(new ContextLoaderListener(dispatcherServlet));

    servletContext.setInitParameter("defaultHtmlEscape", "true");

    servletContext.addListener(new HttpSessionEventPublisher());    
    
     FilterRegistration.Dynamic fr = servletContext.addFilter("encodingFilter",  
              new CharacterEncodingFilter());
           fr.setInitParameter("encoding", "UTF-8");
           fr.setInitParameter("forceEncoding", "true");
           fr.addMappingForUrlPatterns(null, true, "/*");
    
    servletContext.addFilter("springSecurityFilterChain",
            DelegatingFilterProxy.class).addMappingForUrlPatterns(null,
            false, "/*");

    ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
            "dispatcher", new DispatcherServlet(dispatcherServlet));
    dispatcher.setLoadOnStartup(1);
    dispatcher.addMapping("/");
}}

这是安全配置:

public class SecurityConfig {
@Configuration
@Order(1)
public static class SecurityConfigForRest extends
        WebSecurityConfigurerAdapter {

    @Autowired
    TokenAuthenticationProvider tokenAuthenticationProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.authenticationProvider(tokenAuthenticationProvider);
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean()
            throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    protected TokenAuthenticationFilter getTokenAuthFilter()
            throws Exception {
        TokenAuthenticationFilter tapf = new TokenAuthenticationFilter(
                authenticationManagerBean());
        return tapf;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.requestMatchers()
                .antMatchers("/rest/set/**",
                        "/rest/get/**")
                .and()
                .addFilterBefore(getTokenAuthFilter(),
                        AbstractPreAuthenticatedProcessingFilter.class)
                .csrf().disable();

    }
}

@Configuration
@Order(2)
public static class SecurityConfigForWebApp extends
        WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(
                passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/", "/index", "/forgotPassword").permitAll()
                .antMatchers("/sysadmin/*").hasAnyRole("SYS_ADMIN")
                .antMatchers("/admin/*")
                .hasAnyRole("SYS_ADMIN", "ADMIN")
                .antMatchers("/user/*")
                .hasAnyRole("SYS_ADMIN", "ADMIN", "USER")
                .and().formLogin().loginPage("/login")
                .loginProcessingUrl("/login").permitAll()
                .defaultSuccessUrl("/index")
                .successHandler(new SecurityLoginSuccessHandler()).and()
                .sessionManagement().maximumSessions(1)
                .expiredUrl("/sessionExpired").and().and()
                .exceptionHandling()
                .accessDeniedHandler(new SecurityAccessDeniedHandler())
                .and().logout().logoutSuccessUrl("/login")
                .invalidateHttpSession(true).deleteCookies("JSESSIONID");

    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
    }
}}

有时它如何正常工作而其他情况则不然,这真的没有多大意义。

编辑

未找到日志/Spring Security On

正常响应/(Spring Security On)

正常响应/(Spring Secutiry Off)

4

0 回答 0