Question

我想在m web应用程序中使用spring的spring security，所以这里是配置：

这是spring-security.xml：

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true" use-expressions="false">
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login login-page="/authentication"  login-processing-url="/static  
              /j_spring_security_check" authentication-failure 
              url="/login?login_error=t" />

</http>

<authentication-manager>
  <authentication-provider>
     <jdbc-user-service id="userService"
       data-source-ref="DataSource"
       users-by-username-query="select name, password, true from person where name=?"
       authorities-by-username-query="select name,'ROLE_USER' from person where    
       name=?" />
  </authentication-provider>
</authentication-manager>

Web.xml：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns  
 /javaee/web-app_2_5.xsd"
 id="WebApp_ID" version="2.5">

  <display-name>OTV_JSF_PrimeFaces_Spring_Hibernate</display-name>

  <!-- Spring Context Configuration' s Path definition -->
  <context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>
  /WEB-INF/applicationContext.xml
  /WEB-INF/spring-security.xml
  </param-value>
 </context-param>

 <!-- The Bootstrap listener to start up and shut down Spring's root  
   WebApplicationContext. It is registered to Servlet Container -->
 <listener>
  <listener-class>
    org.springframework.web.context.ContextLoaderListener
  </listener-class>
 </listener>
 <listener>
 <listener-class>
     org.springframework.web.context.request.RequestContextListener
 </listener-class>
 </listener>

<!-- Project Stage Level -->
 <context-param>
  <param-name>javax.faces.PROJECT_STAGE</param-name>
  <param-value>Development</param-value>
 </context-param>

<!-- Welcome Page -->
<welcome-file-list>
  <welcome-file>/home.xhtml</welcome-file>
</welcome-file-list>

<!-- JSF Servlet is defined to container -->
 <servlet>
 <servlet-name>Faces Servlet</servlet-name>
 <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
 <load-on-startup>1</load-on-startup>
</servlet>

<!-- Mapping with servlet and url for the http requests. -->
<servlet-mapping>
 <servlet-name>Faces Servlet</servlet-name>
 <url-pattern>*.jsf</url-pattern>
 </servlet-mapping>
 <servlet-mapping>
   <servlet-name>Faces Servlet</servlet-name>
   <url-pattern>*.faces</url-pattern>
 </servlet-mapping>
<servlet-mapping>
 <servlet-name>Faces Servlet</servlet-name>
 <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>

   <!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>  org.springframework.web.filter.DelegatingFilterProxy   
            </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

这是应用程序： enter image description here

运行应用程序时，会打开此URL http://localhost:8089/MVNOONPProject/authentication我收到此错误：

 `The page isn't redirecting properly
  Firefox has detected that the server is redirecting the request for this address in 
  a way that will never complete.`

我确定这是web.xml的一个问题。但我没有找到解决方法。

提前谢谢

Answer 1

尝试2件事

添加

＆LT; intercept-url pattern =“/ authentication”access =“IS_AUTHENTICATED_ANONYMOUSLY”/＆gt;

在表单登录标记中添加default-target-url

默认目标-URL = '/ home.xhtml'

如果您使用自定义登录页面，则使用自定义登录页面并且http auto-config =“true”还会将其更改为false

所以你的安全配置应该是这样的（也不需要login-processing-url）

<http auto-config="false" use-expressions="false">
<intercept-url pattern="/**" access="ROLE_USER" />
 < intercept-url pattern="/authentication" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-page="/authentication"   authentication-failure 
          url="/login?login_error=t" default-target-url='/home.xhtml'/>

Answer 2

通常只保护适当的网页，这将是JSF渲染的网页。当然，您不应该拦截所有网址，否则无法登录。这假设您在/ authentication下有一个工作登录页面。

<http auto-config="true" use-expressions="false">
    <intercept-url pattern="/**/*.faces" access="ROLE_USER" />
    <intercept-url pattern="/**/*.jsf" access="ROLE_USER" />
    <intercept-url pattern="/**/*.xhtml" access="ROLE_USER" />
    <form-login login-page="/authentication"  login-processing-url="/static  
              /j_spring_security_check" authentication-failure 
              url="/login?login_error=t" />

</http>

Answer 3

多数民众赞成因为，春天安全配置会循环重定向。

试试这个，

<http auto-config="true" use-expressions="false">
     <intercept-url pattern="/login.jsp*" filters="none"/>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login login-page="/authentication"  login-processing-url="/static  
              /j_spring_security_check" authentication-failure 
              url="/login?login_error=t" />

</http>

修改

<http auto-config="true" use-expressions="false"> <intercept-url pattern="/authentication" filters="none"/> <intercept-url pattern="/login.jsp*" filters="none"/> <intercept-url pattern="/**" access="ROLE_USER" /> <form-login login-page="/authentication" login-processing-url="/static /j_spring_security_check" authentication-failure url="/login?login_error=t" /> </http>

Answer 4

由于模式=＆＃34; / **＆＃34;拦截所有URL请求，包括登录页面本身，任何用户都必须登录甚至访问登录页面..所以经过几个小时的尝试，以下为我做了诀窍..

<intercept-url pattern="/login**" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/resources/**" access="ROLE_ANONYMOUS, ROLE_USER, ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />

<form-login 
    login-page="/login" 
    default-target-url="/home"
    authentication-failure-url="/login?error=true" />

注意，

intercept-url标签的顺序
图案=＆＃34; / **＆＃34;基本上拦截所有网址请求，甚至是css和图像文件等资源。这就是为什么需要第二行的原因。

其他答案非常接近，但没有使用Spring MVC 3.2.3.RELEASE版本

我认为这可能会在将来引起其他问题，因此更好的方法可能是，

<intercept-url pattern="/admin*" access="ROLE_ADMIN" />
<intercept-url pattern="/user*" access="ROLE_USER, ROLE_ADMIN" />
<form-login 
    login-page="/login" 
    default-target-url="/home"
    authentication-failure-url="/login?error=true" />

Spring-security：页面没有正确重定向

4 个答案: