我有一个Spring WebApp使用自定义用户,角色,权限表自定义(读取“天真”)身份验证。
我正在迁移代码以立即使用Spring Security。我阅读了教程并且达到了我的login.jsp页面,css,js,png文件可以匿名访问的程度。我有一个action属性为“j_spring_security_check”的表单。在提交表单时,浏览器会对此URL执行HTTP发布,从而生成404。
现在我没有使用RequestMapping映射j_spring_security_check。这需要吗?我们什么时候应该为此URL设置请求?
在我的身份验证提供程序中,我提供了对实现UserDetailsService的类的bean的引用。我期望Spring通过调用loadUserByUserName来执行身份验证,但是这个方法永远不会被调用。为什么不调用该方法?我误解了身份验证应该如何工作?我是否需要为j_spring_security_check提供自定义请求映射才能使其正常工作?
以下是我的自定义用户详细信息服务:
@Service(value="myUserDetailsService")
public class LoginUserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
System.out.println("here");
User user = userRepository.findUser(username);
if (user != null)
return new V2VUserDetails(user);
else
return null;
}
}
这是我的安全XML:
<http pattern="/**/*.css" security="none" />
<http pattern="/**/*.js" security="none" />
<http pattern="/**/*.png" security="none" />
<http auto-config="true">
<intercept-url pattern="/login.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/login.html"
login-processing-url="/j_spring_security_check"
default-target-url="/welcomePage.html"
authentication-failure-url="/welcomePage.html"
always-use-default-target="true" />
</http>
<authentication-manager>
<authentication-provider user-service-ref='myUserDetailsService'/>
</authentication-manager>
<beans:bean id="myUserDetailsService"
class="security.LoginUserService">
</beans:bean>
我在Stackoverflow和其他网站上检查了几个答案,但无法解决问题。
修改 尝试了here给出的建议。现在让BeanFactory没有初始化错误。
修改 contextConfigLocation的 /WEB-INF/security-v2v-servlet.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
更新
当前的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Spring3MVC</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security-v2v-servlet.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/errorPage.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/errorPage.jsp</location>
</error-page>
<servlet>
<servlet-name>v2v</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.ResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>v2v</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>v2v</servlet-name>
<url-pattern>*.zip</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.jpeg</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.gif</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.png</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/j_spring_security_check</url-pattern>
</servlet-mapping>
<filter>
<filter-name>UserAddFilter</filter-name>
<filter-class>
filter.UserInfoAddToThreadFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>UserAddFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
</web-app>
答案 0 :(得分:4)
您不需要为@RequestMapping创建/j_spring_security_check,该模式会被Spring Security Filter截获,并应引导您进入登录页面。
我对出现问题的猜测可能就是你设置Spring Security Filter的方式。您的web.xml中应该有以下条目用于过滤器:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
并且安全配置文件应该通过Root Web应用程序上下文加载 - 一个通过ContextLoaderListener加载,而不是通过DispatcherServlet加载,例如:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/META-INF/context-security.xml</param-value>
</context-param>
如果您的配置符合这些条款,那么它应该可以正常工作。
答案 1 :(得分:0)
j_spring_security_check /j_spring_security_check删除匿名权限(删除以下行)。只有登录表单才具有匿名权限。 <intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <强>更新 请从web.xml中删除
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/j_spring_security_check</url-pattern>
</servlet-mapping>