【问题标题】:Authentication is not happening in spring security, directly going to the authenticated pagespring security中没有进行认证,直接进入认证页面
【发布时间】:2014-04-24 19:24:29
【问题描述】:

我的安全 xml 是 ::

<beans xmlns="http://www.springframework.org/schema/beans"  
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
       xmlns:security="http://www.springframework.org/schema/security"  
       xmlns:p="http://www.springframework.org/schema/p"   
       xsi:schemaLocation="http://www.springframework.org/schema/beans  
                           http://www.springframework.org/schema/beans/spring-beans.xsd  
                           http://www.springframework.org/schema/security  
                           http://www.springframework.org/schema/security/spring-security-3.2.xsd">  

    <security:http auto-config="true">
        <security:intercept-url method="POST" pattern="/admin**" access="ROLE_USER" />
        <security:http-basic />
    </security:http>

    <security:authentication-manager>
      <security:authentication-provider>
        <security:user-service>
        <security:user name="user" password="pass" authorities="ROLE_USER" />
        </security:user-service>
      </security:authentication-provider>
    </security:authentication-manager>

</beans>

我正在使用 spring-security 3.2.xsd。在此应用程序中,它应该在访问 /admin 页面时提示登录。但它直接进入 /admin 页面而无需身份验证。 请指出我哪里错了。

我的调度程序 servlet :::

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">

    <context:component-scan base-package="com.suva.*" />

    <bean
      class="org.springframework.web.servlet.view.InternalResourceViewResolver">
      <property name="prefix">
        <value>/WEB-INF/pages/</value>
      </property>
      <property name="suffix">
        <value>.jsp</value>
      </property>
    </bean>

</beans>

我的 web.xml 是::::

<web-app id="WebApp_ID" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>Spring MVC Application</display-name>

    <!-- Spring MVC -->
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

        <!-- Loads Spring Security config file -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name >
        <url-pattern>/**</url-pattern>
        </filter-mapping>

        </web-app>

我的控制器类 ::

*

package com.suva.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class HelloController {

    @RequestMapping(value = { "/", "/welcome**" }, method = RequestMethod.GET)
    public ModelAndView welcomePage() {

        ModelAndView model = new ModelAndView();
        model.addObject("title", "Spring Security Hello World");
        model.addObject("message", "This is welcome page!");
        model.setViewName("hello");
        return model;

    }

    @RequestMapping(value = "/admin**", method = RequestMethod.GET)
    public ModelAndView adminPage() {

        ModelAndView model = new ModelAndView();
        model.addObject("title", "Spring Security Hello World");
        model.addObject("message", "This is protected page!");
        model.setViewName("admin");

        return model;

    }

}

JSP 文件::

你好.jsp ::

*

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
    <%@page session="false"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<h1>Title : ${title}</h1>   
    <h1>Message : ${message}</h1>   
</body>
</html>

* admin.jsp

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<body>
    <h1>Title : ${title}</h1> 
    <h1>Message : ${message}</h1> 

    <c:if test="${pageContext.request.userPrincipal.name != null}">
       <h2>Welcome : ${pageContext.request.userPrincipal.name} 
            <a href="<c:url value="/j_spring_security_logout" />" > Logout</a></h2>  
    </c:if>
</body>
</html>

仅此而已..请帮我找出我错在哪里

【问题讨论】:

  • 如果你使用 pattern="/admin/**" 会发生什么?
  • 抱歉,回复晚了..但同样的事情发生了..
  • 能否请您发布其余的 Spring 配置以及您的 web.xml
  • 也尝试删除 auto-config="true" 看看会发生什么
  • 我已经用 web.xml 和 dispatcher-servlet.xml 编辑了这个问题

标签: spring spring-mvc authentication spring-security


【解决方案1】:

只需在 web.xml 中更改以下内容即可解决问题

<filter-mapping>
   <filter-name>springSecurityFilterChain</filter-name >
   <url-pattern>/*</url-pattern>
</filter-mapping>

【讨论】:

  • 是的,它正在工作..谢谢 geoand.. 但你能告诉我为什么“/*”工作但“/”或“/**”不起作用吗??
  • 欢迎您!我真的不知道前者的作品,后者不知道,我对蚂蚁​​匹配器的了解有点模糊
猜你喜欢
  • 2012-08-15
  • 2016-08-11
  • 1970-01-01
  • 2019-05-11
  • 1970-01-01
  • 2016-11-15
  • 2015-03-17
  • 2013-11-03
  • 1970-01-01
相关资源
最近更新 更多