Spring应用程序没有安全保障

时间:2013-03-27 16:36:48

标签: spring spring-security

***嗨,我正在尝试保护我的Spring MVC应用程序。问题是myurl / myapp /viewAllPersons.do没有安全保障。

提前感谢您的帮助。 *

这是我的配置

Here is my web.xml
---------------------

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
          version="2.5">

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener> 
    <listener>
        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>    

    <!--  we've already configured Spring-MVC for you - nothing to do here! -->         
    <servlet>
       <servlet-name>Dispatcher</servlet-name>
       <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
       <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
       <servlet-name>Dispatcher</servlet-name>
       <url-pattern>*.do</url-pattern>
    </servlet-mapping>



</web-app>

这是我的Dispatcher-servlet.xml     ----------------------------

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:p="http://www.springframework.org/schema/p" 
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"    

    xsi:schemaLocation="
        http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

        <!--  Message bundle -->
        <bean id="messageSource" 
            class="org.springframework.context.support.ResourceBundleMessageSource">
           <property name="basename" value="messages"/>
        </bean>

        <import resource="/application.xml"/>

        <import resource="/spring-security.xml"/>

        <bean class="org.springframework.web.servlet.view.ResourceBundleViewResolver">
            <property name="basename" value="views"/>
            <property name="order" value="1"/>
        </bean>

        <bean class="org.springframework.web.servlet.view.UrlBasedViewResolver">
            <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
            <property name="prefix" value="/"/>
            <property name="suffix" value=".jsp"/>
            <property name="order" value="2"/>
        </bean>

        <context:component-scan base-package="com.bookme.control"/>

        <mvc:annotation-driven/>

</beans>

Here is my spring-security.xml
-------------------------
<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http auto-config='true' use-expressions="true">
        <intercept-url pattern="/index.jsp" access="permitAll" />
        <intercept-url pattern="/secure/extreme/**" access="hasRole('administrator')" />    
        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/viewAllPersons" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/viewCalendar" access="hasAnyRole('administrator','staff')" />
        <intercept-url pattern="/**" access="denyAll" />
        <form-login />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="sanju" password="sanju" authorities="staff, user" />
                <user name="admin" password="admin" authorities="administrator" />
                <user name="peter" password="opal" authorities="user" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

1 个答案:

答案 0 :(得分:0)

添加以下内容解决了问题

<context-param>
        <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/spring-security.xml
        </param-value>
    </context-param>