Spring安全性只返回控制器的根

时间:2013-03-05 18:57:17

标签: spring tomcat spring-mvc spring-security

在我的应用程序中添加spring security后,它似乎只返回我的控制器的根目录。

当我在其中放入一个URL时,应该在“working”版本中返回json,它会按预期返回json。在我使用spring版本的版本中,它只返回我的控制器的根目录。

下面是我的tomcat输出。

DEBUG - Converted URL to lowercase, from: '/service/products/2'; to: '/service/products/2'
DEBUG - Candidate is: '/service/products/2'; pattern is /**; matched=true
DEBUG - /service/products/2 at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG - No HttpSession currently exists
DEBUG - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG - /service/products/2 at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG - /service/products/2 at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
DEBUG - /service/products/2 at position 4 of 11 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
DEBUG - /service/products/2 at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG - /service/products/2 at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG - /service/products/2 at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG - /service/products/2 at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG - /service/products/2 at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG - Requested session ID8FA5D77A75BFF4D7EBDD063710EFF5F4 is invalid.
DEBUG - /service/products/2 at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG - /service/products/2 at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG - Converted URL to lowercase, from: '/service/products/2'; to: '/service/products/2'
DEBUG - Candidate is: '/service/products/2'; pattern is /service/products/removeproduct**; matched=false
DEBUG - Public object - authentication not attempted
DEBUG - /service/products/2 reached end of additional filter chain; proceeding with original chain
DEBUG - DispatcherServlet with name 'cr' processing GET request for [/service/products/2]
DEBUG - Matching patterns for request [/service/products/2] are [/service/products/{productId}]
DEBUG - URI Template variables for request [/service/products/2] are {productId=2}
DEBUG - Mapping [/service/products/2] to HandlerExecutionChain with handler [com.cr.controllers.ProductsController@60326032] and 3 interceptors
DEBUG - Last-Modified value for [/service/products/2] is: -1
DEBUG - Invoking request handler method: public void com.cr.controllers.ProductsController.get(javax.servlet.ServletResponse) throws java.io.IOException
DEBUG - Returning cached instance of singleton bean 'org.springframework.transaction.interceptor.TransactionInterceptor#0'
DEBUG - Null ModelAndView returned to DispatcherServlet with name 'cr': assuming HandlerAdapter completed request handling
DEBUG - Successfully completed request
DEBUG - Chain processed normally
DEBUG - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
DEBUG - SecurityContextHolder now cleared, as request processing completed

我将以下内容添加到我的web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:applicationContext.xml
        classpath:spring-security.xml
    </param-value>
</context-param>
<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>

弹簧security.xml文件

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <http auto-config="true" path-type="ant">
        <intercept-url pattern="/service/products/removeProduct**" access="ROLE_USER" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="user" password="user" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

我也将春季版本降至3.0.5版本。这是我的pom.xml中的spring依赖项。工作版本为3.2.0 / 3.1.3

<properties>
        <spring.version>3.0.5.RELEASE</spring.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.data</groupId>
            <artifactId>spring-data-jpa</artifactId>
            <version>1.0.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-orm</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-tx</artifactId>
            <version>${spring.version}</version>
        </dependency>

2 个答案:

答案 0 :(得分:1)

如果你在你的POM文件(特别是3.2.0.RELEASE)中包含Spring 3.2,那么你的配置文件应该以:

开头
<beans:beans 
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.2.xsd"
>

请注意,架构位置上的版本号与您正在使用的Spring Framework的版本号(主要/次要)相匹配。

[我试图将此作为评论添加到您的答案中,zmanc,但是类似URL的字符串被系统重新解释并转换为链接(减去协议,并且更长的被截断)。]

答案 1 :(得分:0)

我发现这是我使用的弹簧版组合的一个问题。我对我的Pom进行了以下更改,并对spring-security.xml进行了一次更改,它解决了问题。

<properties>
    <spring.version>3.2.0.RELEASE</spring.version>
</properties>
<dependencies>
    <dependency>
        <groupId>org.springframework.data</groupId>
        <artifactId>spring-data-jpa</artifactId>
        <version>1.0.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-web</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-webmvc</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-orm</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-tx</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
        <version>3.6.10.Final</version>
    </dependency>

Spring security xml update

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">