Question

我在成功登录后尝试访问受Spring Protection保护的URL时遇到404错误，但在我不使用Spring Security保护URL时没有收到错误。

我正在使用Spring-MVC，Spring Security和Hibernate。我试图解决问题所在，但完全失败了。我需要你的帮助。

我的spring-security.xml文件如下：

<http auto-config="true">
    <intercept-url pattern="/sec/*" access="ROLE_USER" />
    <form-login login-page="/login"  
                authentication-success-handler-ref="successHandler" authentication-failure-handler-ref="failureHandler" 
                authentication-failure-url="/login/error" />
    <remember-me/>
    <logout logout-success-url="/login" />
    <access-denied-handler error-page="/403"/>
</http>

dispatcher-servlet.xml如下：

<mvc:annotation-driven/>

<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer" p:definitions="/WEB-INF/tiles.xml" />

<bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
    <property name="viewClass" value="org.springframework.web.servlet.view.tiles2.TilesView"/>
</bean>

<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="/WEB-INF/application"/>
<property name="cacheSeconds" value="1"/>

和web.xml如下：

<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/dispatcher-servlet.xml,                      
            /WEB-INF/spring-security.xml,                     
            /WEB-INF/applicationContext.xml,
            /WEB-INF/spring-db.xml
        </param-value>
    </context-param>
    <filter>
        <filter-name>hibernateSessionInViewFilter</filter-name>
        <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
        <init-param>
            <param-name>sessionFactoryBeanName</param-name>
            <param-value>sessionFactory</param-value>
        </init-param>
        <init-param>
            <param-name>flushMode</param-name>
            <param-value>ALWAYS</param-value>
        </init-param>
        <init-param>
            <param-name>singleSession</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>hibernateSessionInViewFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <welcome-file-list>
        <welcome-file>redirect.jsp</welcome-file>
    </welcome-file-list>

请注意，Spring Security身份验证工作正常。它保护的网址不再由调度员映射。有人请帮我解决这个问题。提前谢谢。

Answer 1

我遇到了问题。我在数据库中为我尝试登录的用户设置了错误的角色。所以基本上是403错误，我没有映射403处理页面因此抛出404错误。对所有试图帮助的人表示感谢。

Spring Security Intercepted URL引发404错误

1 个答案: