我使用Spring Security 3和JSF2 Primefaces。然后,我为欢迎页面创建一个index.xhtml,为登录页面创建login.xhtml
当我访问根网站时,它会将我重定向到login.xhtml页面。为什么不呢?
如何将欢迎页面设置为index.xhtml
这是web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
这是spring-security.xml
<global-method-security secured-annotations="enabled"
jsr250-annotations="enabled" />
<!-- Resource Security -->
<http access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/pages/**" access="ROLE_ADMIN" />
<form-login login-page="/login.jsf" default-target-url="/pages/index.jsf" />
<logout logout-success-url="/login.jsf" invalidate-session="true" />
<session-management invalid-session-url="/login.jsf">
<concurrency-control max-sessions="10"
error-if-maximum-exceeded="true" />
</session-management>
</http>
答案 0 :(得分:1)
对于使用JSF,Spring和Spring-Security的基本应用程序,您需要按如下方式配置web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
version="3.0">
<welcome-file-list>
<welcome-file>pages/index.jsf</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
并配置faces-config.xml,如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<faces-config
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"
version="2.0">
<application>
<el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
</application>
</faces-config>
和您的applicationContext-security.xml如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<global-method-security secured-annotations="enabled"
jsr250-annotations="enabled" />
<http auto-config="true" >
<intercept-url pattern="/login.jsf*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/pages/*" access="ROLE_USER,ROLE_ADMIN" />
<intercept-url pattern="/pages/super/**" access="ROLE_ADMIN" />
<access-denied-handler error-page="/accessDenied.jsf" />
<form-login login-page='/login.jsf' default-target-url='/pages/index.jsf'
always-use-default-target='true'/>
<logout logout-success-url="/" logout-url="/j_spring_security_logout" invalidate-session="true" />
<session-management invalid-session-url="/login.jsf">
<concurrency-control max-sessions="10"
error-if-maximum-exceeded="true" />
</session-management>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="ravi" password="password" authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
最后,如果您有任何spring bean,则基于注释的配置的applicationContext.xml将为:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config/>
<context:component-scan base-package="com.examples" />
</beans>
并像这样注释你的bean:
@Component
@Scope("request")
因此,所有这些都与您的页面一起应该没有问题。