在我的应用程序中添加spring security后,它似乎只返回我的控制器的根目录。
当我在其中放入一个URL时,应该在“working”版本中返回json,它会按预期返回json。在我使用spring版本的版本中,它只返回我的控制器的根目录。
下面是我的tomcat输出。
DEBUG - Converted URL to lowercase, from: '/service/products/2'; to: '/service/products/2'
DEBUG - Candidate is: '/service/products/2'; pattern is /**; matched=true
DEBUG - /service/products/2 at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG - No HttpSession currently exists
DEBUG - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG - /service/products/2 at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG - /service/products/2 at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
DEBUG - /service/products/2 at position 4 of 11 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
DEBUG - /service/products/2 at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG - /service/products/2 at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG - /service/products/2 at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG - /service/products/2 at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG - /service/products/2 at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG - Requested session ID8FA5D77A75BFF4D7EBDD063710EFF5F4 is invalid.
DEBUG - /service/products/2 at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG - /service/products/2 at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG - Converted URL to lowercase, from: '/service/products/2'; to: '/service/products/2'
DEBUG - Candidate is: '/service/products/2'; pattern is /service/products/removeproduct**; matched=false
DEBUG - Public object - authentication not attempted
DEBUG - /service/products/2 reached end of additional filter chain; proceeding with original chain
DEBUG - DispatcherServlet with name 'cr' processing GET request for [/service/products/2]
DEBUG - Matching patterns for request [/service/products/2] are [/service/products/{productId}]
DEBUG - URI Template variables for request [/service/products/2] are {productId=2}
DEBUG - Mapping [/service/products/2] to HandlerExecutionChain with handler [com.cr.controllers.ProductsController@60326032] and 3 interceptors
DEBUG - Last-Modified value for [/service/products/2] is: -1
DEBUG - Invoking request handler method: public void com.cr.controllers.ProductsController.get(javax.servlet.ServletResponse) throws java.io.IOException
DEBUG - Returning cached instance of singleton bean 'org.springframework.transaction.interceptor.TransactionInterceptor#0'
DEBUG - Null ModelAndView returned to DispatcherServlet with name 'cr': assuming HandlerAdapter completed request handling
DEBUG - Successfully completed request
DEBUG - Chain processed normally
DEBUG - SecurityContext is empty or anonymous - context will not be stored in HttpSession.
DEBUG - SecurityContextHolder now cleared, as request processing completed
我将以下内容添加到我的web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml
classpath:spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
弹簧security.xml文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true" path-type="ant">
<intercept-url pattern="/service/products/removeProduct**" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
我也将春季版本降至3.0.5版本。这是我的pom.xml中的spring依赖项。工作版本为3.2.0 / 3.1.3
<properties>
<spring.version>3.0.5.RELEASE</spring.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-jpa</artifactId>
<version>1.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
答案 0 :(得分:1)
如果你在你的POM文件(特别是3.2.0.RELEASE)中包含Spring 3.2,那么你的配置文件应该以:
开头<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd"
>
请注意,架构位置上的版本号与您正在使用的Spring Framework的版本号(主要/次要)相匹配。
[我试图将此作为评论添加到您的答案中,zmanc,但是类似URL的字符串被系统重新解释并转换为链接(减去协议,并且更长的被截断)。]
答案 1 :(得分:0)
我发现这是我使用的弹簧版组合的一个问题。我对我的Pom进行了以下更改,并对spring-security.xml进行了一次更改,它解决了问题。
<properties>
<spring.version>3.2.0.RELEASE</spring.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-jpa</artifactId>
<version>1.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>3.6.10.Final</version>
</dependency>
Spring security xml update
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">