Spring Security 3.1拦截网址不拦截任何网址

时间:2013-04-30 16:30:44

标签: jsf-2 spring-security

当直接访问“登录”页面时,我将Spring Security 3.1连接并验证用户,但未对用户进行身份验证时,不会发生重定向。

以下是我为Spring Security添加或更新的配置文件。我已经阅读了大部分(如果不是全部)关于订单拦截网址的帖子。适当的EL,访问权限等,我肯定在这里遗漏了一些东西。

我最终在我的应用程序中将intecept-urls简化为一个不存在的角色进行故障排除,但仍然没有取得任何成功。 @PreFilters也会被忽略,所以我认为它在某个地方的配置中,但根本没有看到它。

环境是    Tomcat 7.0.22,Mojarra 2.1.21,Spring Security 3.1,Java7

启动服务器时没有错误。

感谢您的帮助!

此致

麦克

security.xml文件 

<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xsi:schemaLocation="http://www.springframework.org/schema/beans   
 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd   
 http://www.springframework.org/schema/security 
 http://www.springframework.org/schema/security/spring-security-3.1.xsd"    
  xmlns="http://www.springframework.org/schema/security" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:bean="http://www.springframework.org/schema/beans">
<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"/>
<http pattern="/resources/**" security="none" />
<http pattern="/images/**" security="none"/>
<http pattern="/templates/**" security="none"/>
<http pattern="/security/**" security="none"/>
<http use-expressions="true" auto-config="true" access-denied-page="/error/access-denied.xhtml">
<intercept-url pattern="/home/**" access="hasRole('ROLE_BLAH')"/>
<form-login default-target-url="/login.xhtml" authentication-failure-url="/login.xhtml" />
<logout logout-success-url="/login.xhtml" logout-url="/logout.xhtml" invalidate-session="true"/>
<session-management>
    <concurrency-control max-sessions="1" />
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="consummateUserAuthenticationProvider">
</authentication-provider>
</authentication-manager>
</bean:beans>

的services.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/jdbc     
 http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context     
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<context:component-scan base-package="com.comanche.authentication">
</context:component-scan>
</beans>

的web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee    
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
    org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
  </filter>
  <filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
  </filter-mapping>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>PrimeFaces FileUpload Filter</filter-name>
    <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
    <init-param>
        <param-name>thresholdSize</param-name>
        <param-value>51200</param-value>
    </init-param>
    <init-param>
        <param-name>uploadDirectory</param-name>
        <param-value>/home/provider/temp-fu</param-value>
    </init-param>

</filter>
<filter-mapping>
    <filter-name>PrimeFaces FileUpload Filter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<filter>
    <filter-name>Custom Page Filter</filter-name>
    <filter-class>com.comanche.web.filter.CustomPageFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>Custom Page Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<context-param>
    <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
</context-param>
<context-param>
    <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
    <param-value>resources.application</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.expressionFactory</param-name>
    <param-value>com.sun.el.ExpressionFactoryImpl</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.enableMissingResourceLibraryDetection</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/custom.taglib.xml</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
    <param-value>true</param-value>
</context-param>
<listener>
    <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<session-config>
    <session-timeout>120</session-timeout>
</session-config>
<error-page>
    <error-code>500</error-code>
    <location>/faces/content/error/error.xhtml</location>
</error-page>
<error-page>
    <error-code>404</error-code>
    <location>/faces/content/error/error.xhtml</location>
</error-page>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/classes/application-context.xml
        /WEB-INF/spring/security.xml
        /WEB-INF/spring/services.xml
    </param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

1 个答案:

答案 0 :(得分:0)

要允许匿名用户访问,您需要在intercept-url上指定access =“permitAll”。

除此之外,

您可能希望将表单登录元素更改为以下内容:

 <form-login login-page='/login.xhtml' default-target-url='/home/index.xhtml'
        always-use-default-target='true' />

作为default-target-url是用户在身份验证后重定向的那个,或者如果你不需要它,那么删除它以及always-use-default-target标志。

此外,您在web.xml中缺少RequestContextListener,这些Spring侦听器应该是第一个侦听器。

并使用

<access-denied-handler error-page="/error/access-denied.xhtml" />

不推荐使用access-denied-page属性。

相关问题
最新问题