我正在使用 Wildfly 8 Final、WebApplicationInitializer 实现而不是 web.xml、Spring MVC 4 和 Spring Security 3.2。我遇到的问题是,即使 Wildfly 说它有时(并非总是)成功部署了战争,但当我尝试访问 Web 应用程序的任何 URI 时,我得到“404 Not Found”。问题一直存在,直到我重新部署 Web 应用程序。清空 tmp 文件夹无关紧要 - 重新启动后错误可能仍然存在。
我打开了调试,唯一不同寻常的是“Null ModelAndView 返回到 DispatcherServlet,名称为'dispatcher':假设 HandlerAdapter 完成了请求处理”(在请求之后)。问题是我在这两种情况下都会收到此消息。
这是我的 WebApplicationInitializer
public class MyWebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
AnnotationConfigWebApplicationContext dispatcherServlet = new AnnotationConfigWebApplicationContext();
dispatcherServlet.register(WebConfig.class, SecurityConfig.class,
DataConfig.class);
servletContext
.addListener(new ContextLoaderListener(dispatcherServlet));
servletContext.setInitParameter("defaultHtmlEscape", "true");
servletContext.addListener(new HttpSessionEventPublisher());
FilterRegistration.Dynamic fr = servletContext.addFilter("encodingFilter",
new CharacterEncodingFilter());
fr.setInitParameter("encoding", "UTF-8");
fr.setInitParameter("forceEncoding", "true");
fr.addMappingForUrlPatterns(null, true, "/*");
servletContext.addFilter("springSecurityFilterChain",
DelegatingFilterProxy.class).addMappingForUrlPatterns(null,
false, "/*");
ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
"dispatcher", new DispatcherServlet(dispatcherServlet));
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
}}
这是安全配置:
public class SecurityConfig {
@Configuration
@Order(1)
public static class SecurityConfigForRest extends
WebSecurityConfigurerAdapter {
@Autowired
TokenAuthenticationProvider tokenAuthenticationProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(tokenAuthenticationProvider);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean()
throws Exception {
return super.authenticationManagerBean();
}
@Bean
protected TokenAuthenticationFilter getTokenAuthFilter()
throws Exception {
TokenAuthenticationFilter tapf = new TokenAuthenticationFilter(
authenticationManagerBean());
return tapf;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/rest/set/**",
"/rest/get/**")
.and()
.addFilterBefore(getTokenAuthFilter(),
AbstractPreAuthenticatedProcessingFilter.class)
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class SecurityConfigForWebApp extends
WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(
passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/index", "/forgotPassword").permitAll()
.antMatchers("/sysadmin/*").hasAnyRole("SYS_ADMIN")
.antMatchers("/admin/*")
.hasAnyRole("SYS_ADMIN", "ADMIN")
.antMatchers("/user/*")
.hasAnyRole("SYS_ADMIN", "ADMIN", "USER")
.and().formLogin().loginPage("/login")
.loginProcessingUrl("/login").permitAll()
.defaultSuccessUrl("/index")
.successHandler(new SecurityLoginSuccessHandler()).and()
.sessionManagement().maximumSessions(1)
.expiredUrl("/sessionExpired").and().and()
.exceptionHandling()
.accessDeniedHandler(new SecurityAccessDeniedHandler())
.and().logout().logoutSuccessUrl("/login")
.invalidateHttpSession(true).deleteCookies("JSESSIONID");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
}}
有时它如何正常工作而其他情况则不然,这真的没有多大意义。
编辑
未找到日志/Spring Security On
正常响应/(Spring Security On)
正常响应/(Spring Secutiry Off)