我正在使用Wildfly 8 Final,一个WebApplicationInitializer实现,而不是web.xml,Spring MVC 4和Spring Security 3.2。我遇到的问题是,即使Wildfly说它已经成功地部署了战争(并非所有时间),当我尝试访问Web应用程序的任何URI时,我得到“404 Not Found”。在重新部署Web应用程序之前,问题仍然存在。清空tmp文件夹无关紧要 - 重启后错误可能仍然存在。
我打开了调试,唯一不寻常的是“Null ModelAndView返回DispatcherServlet,名称为'dispatcher':假设HandlerAdapter完成了请求处理”(请求后)。问题是我在这两种情况下都得到了这个消息。
这是我的WebApplicationInitializer
public class MyWebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
AnnotationConfigWebApplicationContext dispatcherServlet = new AnnotationConfigWebApplicationContext();
dispatcherServlet.register(WebConfig.class, SecurityConfig.class,
DataConfig.class);
servletContext
.addListener(new ContextLoaderListener(dispatcherServlet));
servletContext.setInitParameter("defaultHtmlEscape", "true");
servletContext.addListener(new HttpSessionEventPublisher());
FilterRegistration.Dynamic fr = servletContext.addFilter("encodingFilter",
new CharacterEncodingFilter());
fr.setInitParameter("encoding", "UTF-8");
fr.setInitParameter("forceEncoding", "true");
fr.addMappingForUrlPatterns(null, true, "/*");
servletContext.addFilter("springSecurityFilterChain",
DelegatingFilterProxy.class).addMappingForUrlPatterns(null,
false, "/*");
ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
"dispatcher", new DispatcherServlet(dispatcherServlet));
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
}}
这是安全配置:
public class SecurityConfig {
@Configuration
@Order(1)
public static class SecurityConfigForRest extends
WebSecurityConfigurerAdapter {
@Autowired
TokenAuthenticationProvider tokenAuthenticationProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(tokenAuthenticationProvider);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean()
throws Exception {
return super.authenticationManagerBean();
}
@Bean
protected TokenAuthenticationFilter getTokenAuthFilter()
throws Exception {
TokenAuthenticationFilter tapf = new TokenAuthenticationFilter(
authenticationManagerBean());
return tapf;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/rest/set/**",
"/rest/get/**")
.and()
.addFilterBefore(getTokenAuthFilter(),
AbstractPreAuthenticatedProcessingFilter.class)
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class SecurityConfigForWebApp extends
WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(
passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/index", "/forgotPassword").permitAll()
.antMatchers("/sysadmin/*").hasAnyRole("SYS_ADMIN")
.antMatchers("/admin/*")
.hasAnyRole("SYS_ADMIN", "ADMIN")
.antMatchers("/user/*")
.hasAnyRole("SYS_ADMIN", "ADMIN", "USER")
.and().formLogin().loginPage("/login")
.loginProcessingUrl("/login").permitAll()
.defaultSuccessUrl("/index")
.successHandler(new SecurityLoginSuccessHandler()).and()
.sessionManagement().maximumSessions(1)
.expiredUrl("/sessionExpired").and().and()
.exceptionHandling()
.accessDeniedHandler(new SecurityAccessDeniedHandler())
.and().logout().logoutSuccessUrl("/login")
.invalidateHttpSession(true).deleteCookies("JSESSIONID");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
}}
有时它的工作原理确实没有多大意义,有些则没有。
Not found log / Spring Security On
Normal response /(Spring Security On)
Normal response /(Spring Secutiry Off)