Spring安全配置和web.xml映射

时间:2012-09-13 20:13:46

标签: spring java-ee spring-security

我是Spring Security的新手,并试图找出Spring-Security模块的确切流程,

请建议正确的流程。

的web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>OnlineTestProject</display-name>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/security/applicationContext-security.xml
            /WEB-INF/db/applicationContext.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <welcome-file-list>
        <welcome-file>jsp/index.jsp</welcome-file>
    </welcome-file-list>

</web-app>

的applicationContext-security.xml文件

<http use-expressions="true">
    <form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
        authentication-failure-url="/jsp/login.jsp?login_error=1"
        always-use-default-target="true" />

    <intercept-url pattern="/jsp/login.jsp" access="permitAll" />

    <logout logout-url="/j_spring_security_logout"
        invalidate-session="true" />

    <remember-me />

    <session-management invalid-session-url="/jsp/login.jsp?loggedout=true">
        <concurrency-control max-sessions="1"
            error-if-maximum-exceeded="false" />
    </session-management>

    <anonymous enabled='false'/>
</http>

我所知道的是,当请求来到应用程序时,它将进入welcome-file-list,在我的情况下打开jsp / login.jsp,所以它会直接打开jsp / login.jsp页面,但是as我们保持安全性,所以它将进入applicationContext-security.xml并检查jsp / login.jsp是否需要过滤等等......然后在哪里

<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
            authentication-failure-url="/jsp/login.jsp?login_error=1"
            always-use-default-target="true" />

会出现在图片中,另据我所知,它应该转到“/jsp/login.jsp”页面进行登录,如果凭据成功那么它应该转到/jsp/index.jsp,但它是打开的/jsp/index.jsp第一页......

有人可以指导我正确的流程。

感谢

0 个答案:

没有答案
相关问题
最新问题