添加Spring Security过滤器后,这已停止工作。
春季3.1.4.RELEASE
Spring Security 3.1.2.RELEASE
Tomcat 7.0.37
在部署应用程序时,映射按预期配置
INFO annotation.RequestMappingHandlerMapping: Mapped "{[/countries],methods=[GET],params=[!countryCode],headers=[],consumes=[],produces=[application/json],custom=[]}" onto public com.purpleleaf.proxy.rest.data.ProxyResponse com.purpleleaf.proxy.rest.service.reference.DefaultCountry.findAll()
提交GET请求。
GET http://localhost:8081/purpleleaf-admin-1.0.0/countries?page=1&start=0&limit=25
请求参数由ExtJS添加,这不是问题,因为它没有安全性。
GET请求的日志
DEBUG util.AntPathRequestMatcher: Checking match of request : '/countries'; against '/*'
DEBUG web.FilterChainProxy: /countries?page=1&start=0&limit=25 has an empty filter list
DEBUG servlet.DispatcherServlet: DispatcherServlet with name 'admin-spring' processing GET request for [//purpleleaf-admin-1.0.0/countries]
DEBUG annotation.RequestMappingHandlerMapping: Looking up handler method for path //purpleleaf-admin-1.0.0/countries
DEBUG annotation.RequestMappingHandlerMapping: Did not find handler method for [//purpleleaf-admin-1.0.0/countries]
DEBUG handler.SimpleUrlHandlerMapping: Matching patterns for request [//purpleleaf-admin-1.0.0/countries] are [/**]
DEBUG handler.SimpleUrlHandlerMapping: URI Template variables for request [//purpleleaf-admin-1.0.0/countries] are {}
DEBUG handler.SimpleUrlHandlerMapping: Mapping [//purpleleaf-admin-1.0.0/countries] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler@3f8050cf] and 1 interceptor
DEBUG servlet.DispatcherServlet: Last-Modified value for [//purpleleaf-admin-1.0.0/countries] is: -1
DEBUG servlet.DispatcherServlet: Null ModelAndView returned to DispatcherServlet with name 'admin-spring': assuming HandlerAdapter completed request handling
DEBUG servlet.DispatcherServlet: Successfully completed request
当web.filterChainProxy处理请求时,它是 / countries ,但是当它由annotation处理时..RequestMappingHandlerMapping它是 // purpleleaf-admin-1.0.0 / countires
purpleleaf-admin-1.0.0 是展开war文件的文件夹。
web.xml具有以下servlet和过滤器映射
<servlet-mapping>
<servlet-name>admin-spring</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
有关如何解决此映射的任何建议吗?
编辑1:Spring安全配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:import resource="classpath*:applicationContext-CrowdClient.xml" />
<beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
<beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
<beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
<beans:property name="userManager" ref="crowdUserManager"/>
<beans:property name="authorityPrefix" value="ROLE_"/>
</beans:bean>
<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
<beans:constructor-arg ref="crowdAuthenticationManager"/>
<beans:constructor-arg ref="httpAuthenticator"/>
<beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref='crowdAuthenticationProvider' />
</authentication-manager>
<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg value="/login.jsp" />
</beans:bean>
<beans:bean id="crowdAuthenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="filterProcessesUrl" value="/j_security_check"/>
<beans:property name="authenticationFailureHandler">
<beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.jsp?error=true"/>
</beans:bean>
</beans:property>
<beans:property name="authenticationSuccessHandler">
<beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>
<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/index.html"/>
<beans:constructor-arg index="1">
<beans:list>
<beans:ref bean="crowdLogoutHandler"/>
<beans:ref bean="securityContextLogoutHandler"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout.html"/>
</beans:bean>
<http pattern='/*' security='none'/>
<!--http pattern='/scripts/*' security='none'/-->
<http auto-config="false" entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
<custom-filter position="FORM_LOGIN_FILTER" ref='crowdAuthenticationProcessingFilter'/>
<custom-filter position="LOGOUT_FILTER" ref='logoutFilter'/>
<!--intercept-url pattern="/admin/*" access="ROLE_application-administrators"/-->
<!--intercept-url pattern="/passwordHint.html" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/-->
<!--security:intercept-url pattern="/**/*.html*" access="IS_AUTHENTICATED_FULLY"/-->
</http>
</beans:beans>
答案 0 :(得分:0)
根本原因是网址上的purpleleaf-admin- 1.0.0 。 util.AntPathRequestMatcher 在包含点(。)时无法正确解析路径。
在添加安全过滤器之前,该类不在路径中。