【发布时间】:2011-07-03 11:53:42
【问题描述】:
我正在尝试为 get to now spring 3 构建一个应用程序。我现在尝试配置安全性,但似乎我的 fitler 正在被选中。
下面是我的 web.xml 文件
<?xml version="1.0" encoding="ISO-8859-1"?>
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> 主要家谱
<description>Pedigree Application</description>
<!--
Key of the system property that should specify the root directory of this
web app. Applied by WebAppRootListener or Log4jConfigListener.
-->
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>pedigree.root</param-value>
</context-param>
<!--
Location of the Log4J config file, for initialization and refresh checks.
Applied by Log4jConfigListener.
-->
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<!--
- Location of the XML file that defines the root application context.
- Applied by ContextLoaderServlet.
-
- Can be set to:
- "/WEB-INF/applicationContext-hibernate.xml" for the Hibernate implementation,
- "/WEB-INF/applicationContext-jpa.xml" for the JPA one, or
- "/WEB-INF/applicationContext-jdbc.xml" for the JDBC one.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext-hibernate.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
To use the JPA variant above, you will need to enable Spring load-time
weaving in your server environment. Out of the box, Spring will try to
detect the running environment and use the appropriate weaver but if that
fails, one must enable one by hand or use the VM-wide weaver.
See PetClinic's readme and/or Spring's JPA documentation for more information.
-->
<!-- ****************************************** -->
<!--
- Configures Log4J for this web app.
- As this context specifies a context-param "log4jConfigLocation", its file path
- is used to load the Log4J configuration, including periodic refresh checks.
-
- Would fall back to default Log4J initialization (non-refreshing) if no special
- context-params are given.
-
- Exports a "web app root key", i.e. a system property that specifies the root
- directory of this web app, for usage in log file paths.
- This web app specifies "petclinic.root" (see log4j.properties file).
-->
<!-- Leave the listener commented-out if using JBoss -->
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!--
- Loads the root application context of this web app at startup,
- by default from "/WEB-INF/applicationContext.xml".
- Note that you need to fall back to Spring's ContextLoaderServlet for
- J2EE servers that do not follow the Servlet 2.4 initialization order.
-
- Use WebApplicationContextUtils.getWebApplicationContext(servletContext)
- to access it anywhere in the web application, outside of the framework.
-
- The root context is the parent of all servlet-specific contexts.
- This means that its beans are automatically available in these child contexts,
- both for getBean(name) calls and (external) bean references.
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>tcdefault</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>tcdefault</servlet-name>
<url-pattern>/resources/images</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>tcdefault</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>tcdefault</servlet-name>
<url-pattern>*.gif</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>tcdefault</servlet-name>
<url-pattern>*.png</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>tcdefault</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>jpg
<servlet-mapping>
<servlet-name>tcdefault</servlet-name>
<url-pattern>*.jpg</url-pattern>
</servlet-mapping>
<!--
Defines the 'default' servlet (usually for service static resources).
Uncomment this in containers (GlassFish) that do not declare this
implicit definition out of the box, or change the name of the servlet mapping
below to the appropriate one.
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
-->
<!--
- Map static resources to the default servlet
- examples:
- http://localhost:8080/static/images/pets.png
- http://localhost:8080/static/styles/petclinic.css
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/static/*</url-pattern>
</servlet-mapping> -->
<!--
- Servlet that dispatches request to registered handlers (Controller implementations).
- Has its own application context, by default defined in "{servlet-name}-servlet.xml",
- i.e. "petclinic-servlet.xml".
-
- A web app can contain any number of such servlets.
- Note that this web app has a shared root application context, serving as parent
- of all DispatcherServlet contexts.
-->
<servlet>
<servlet-name>pedigree</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<!--
- Maps the petclinic dispatcher to "*.do". All handler mappings in
- petclinic-servlet.xml will by default be applied to this subpath.
- If a mapping isn't a /* subpath, the handler mappings are considered
- relative to the web app root.
-
- NOTE: A single dispatcher can be mapped to multiple paths, like any servlet.
-->
<servlet-mapping>
<servlet-name>pedigree</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>httpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>httpMethodFilter</filter-name>
<servlet-name>pedigree</servlet-name>
</filter-mapping>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<!-- Displays a stack trace -->
<location>/WEB-INF/jsp/uncaughtException.jsp</location>
</error-page>
<!-- eliminate welcome files -->
<!-- useful for Servlet 3 container (Tomcat 7 and Jetty 6) -->
<welcome-file-list>
<welcome-file></welcome-file>
</welcome-file-list>
<!--
- Reference to PetClinic database.
- Only needed if not using a local DataSource but a JNDI one instead.
-->
<!--
<resource-ref>
<res-ref-name>jdbc/petclinic</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
-->
这是我的 appicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="bob" password="bobspassword" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
它们都在应用程序的 web-inf 文件夹中。该应用程序是使用tomcat 6部署的。根据spring security的手册,在完成上述操作之后,我应该在登录之前无法访问任何内容。但是我甚至可以在不被要求登录的情况下访问所有内容。
有人可以帮忙吗?
感谢每一个提示。
谢谢, 约翰。
【问题讨论】:
标签: java spring spring-security