我目前正在编写一个由Spring Security保护的Spring MVC应用程序。对于登录,使用基本表单身份验证,因为我没有添加进一步的配置,所以凭据被POST到http://www.localhost:8080/myWebApp/j_spring_security_check
。
到目前为止一切顺利,但现在我已经引入了第二个servlet(CometD),它不受Spring和Spring Security的影响。为此,我尝试更改servlet-mappings
以分别针对/app
/app/*
映射Spring和Spring安全性,并针对cometd/*
更改其他Servlet。我的web.xml
看起来如下:
<!-- Spring security -->
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<!-- Spring MVC -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/app</url-pattern>
</servlet-mapping>
<!-- CometD -->
<servlet>
<servlet-name>cometd</servlet-name>
<servlet-class>org.cometd.server.CometdServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>cometd</servlet-name>
<url-pattern>/cometd/*</url-pattern>
</servlet-mapping>
问题在于,经过这次更改后我就可以再登录了。服务器无法找到任何请求映射,客户端告诉我
NetworkError: 404 Not Found - http://localhost:8080/myWebApp/app/j_spring_security_check
。
这个映射有什么问题?如何将Spring和Spring Security配置为仅处理特定映射的请求,而不是文档中描述的/
和/*
?
提前多多感谢!
最佳, 勒
答案 0 :(得分:1)
将springSecurityFilterChain映射到/。更改您的安全配置:
<http use-expressions="true">
<intercept-url pattern="/cometd/**" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</http>