我已经阅读了很多关于在Struts 2上使用Spring Security 3的教程。但我无法使其工作:/。
关于在Struts 2上实现这个框架,我找不到“Dummy step by step guide”。
这就是我所拥有的:
的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<display-name>cv</display-name>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>example/HelloWorld.jsp</welcome-file>
</welcome-file-list>
</web-app>
的security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context/spring-context-2.5.xsd"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context/spring-context-2.5.xsd http://www.springframework.org/schema/context/spring-context-2.5.xsd/spring-spring-context-2.5.xsd-3.1.1.RELEASE.xsd
">
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http realm="Project Realm" auto-config="true" use-expressions="true">
<intercept-url pattern="/auth/**" filters="none"/>
<intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>
<form-login login-page="/auth/login.jsp" authentication-failure-url="/auth/login.jsp?login_error=1"/>
<logout logout-success-url="/auth/login.jsp"/>
<remember-me />
</http>
<http>
<intercept-url pattern="/login*" filters="none" />
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/img/**" filters="none" />
<intercept-url pattern="/search.action*" access="ROLE_ADMIN" /><!-- Never reach -->
<intercept-url pattern="/user/**" access="ROLE_ADMIN" /><!-- Never reach -->
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-page="/login.action" />
<logout logout-url="/logout.action" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN"/>
<user name="customer" password="customer" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</b:beans>
</beans>
我的HelloWorld.jsp
<body>
<h1>Welcome!</h1><br />
<sec:authorize access="isAnonymous()">
This session will be visible to an admin only.<br/>
You are an Administrator.<br/>
</sec:authorize>
<sec:authorize access="hasRole('ROLE_USER')">
This session will be visible to an Customer only.<br/>
You are an Customer.<br/>
</sec:authorize>
${HelloMessage}<br />
<a href="<c:url value="/j_spring_security_logout"/>">Logout</a>
</body>
我想测试权限如何使用标记“isAnonymous”显示该文本块,但我无法使其工作
:(
答案 0 :(得分:2)
您需要将Spring Security的过滤器链添加到web.xml。
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是在你的Struts过滤器之后。这将允许Spring Security在Struts提交请求之前检查/阻止请求。
假设允许用户访问内容,Spring Security将设置一个SecurityContext对象,以允许JSP标记工作。