我需要为我的webapp添加spring security。我的应用程序使用spring和vaadin作为管理部分。我正在使用form-login作为auth模式。所以我正在努力解决的问题是,当我尝试发布以下表格时:
<form name='f' action="j_spring_security_check"
method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
我获得了404重定向。所以我在这里粘贴我的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<context-param>
<description>Vaadin production mode</description>
<param-name>productionMode</param-name>
<param-value>false</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Enables Spring internationalization -->
<filter>
<filter-name>encoding-filter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Vaadin Application Servlet</servlet-name>
<servlet-class>com.vaadin.terminal.gwt.server.ApplicationServlet</servlet-class>
<init-param>
<description>Vaadin application class to start</description>
<param-name>application</param-name>
<param-value>com.windy.server.admin.MyVaadinApplication</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Vaadin Application Servlet</servlet-name>
<url-pattern>/admin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Vaadin Application Servlet</servlet-name>
<url-pattern>/VAADIN/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/views/page404.jsp</location>
</error-page>
</web-app>
这里是我的春季安全配置:
<security:http authentication-manager-ref="authenticatioManager" auto-config="true" pattern="/web/**">
<security:intercept-url pattern="/web/**" access="ROLE_AUTH" />
<security:form-login login-page="/loginTest.do" default-target-url="/loginWelcome.do"
authentication-failure-url="/loginfailed.do" />
<security:logout logout-success-url="/logout.do" invalidate-session="true"/>
<security:session-management>
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/web/login" />
</security:session-management>
</security:http>
<bean id="userDetailsService" class="com.ddelizia.server.service.core.impl.UserDetailsServiceImpl"/>
<security:authentication-manager id="authenticatioManager">
<security:authentication-provider user-service-ref="userDetailsService">
<!-- <security:password-encoder hash="md5"/> -->
</security:authentication-provider>
</security:authentication-manager>
我还尝试在表单中添加login参数login-processing-url =“/ login_spring”并在表单操作中将其更改为login_spring
我的应用程序在tomcat上运行,地址为localhost:8080 / myapp,登录操作在localhost:8080 / myapp / login_spring上调用,但我仍然遇到同样的错误。
我还尝试修改我的web.xml,更改spring安全过滤器映射,如下所示:
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>*.log</url-pattern>
</filter-mapping>
并更改login-processing-url =“/ login_spring.log”,但仍然可以获得404页面。
然后我尝试切换到http-basic authenticntcation,但在这种情况下它可以工作......我不明白我做错了什么......
提前感谢您的帮助
答案 0 :(得分:1)
将表单元素更改为:
<form name='f' action='<c:url value="/j_spring_security_check" />' method='POST'>
如果您没有JSTL Core taglib,请在文件的开头添加:
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
修改:
我想我发现了问题的根源。从pattern="/web/**"元素中移除<http>,只留下<security:http authentication-manager-ref="authenticatioManager" auto-config="true">。
此外,j_spring_security_check 必须位于springSecurityFilterChain,因此请将映射更改为:
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
现在在login-processing-url中使用<form-login>但<c:url>进行免费试用。我们在Vaadin应用程序中有类似的配置,它工作得很好。