设置Spring安全性后无法再访问jsp

时间:2013-07-03 14:46:50

标签: java spring spring-mvc spring-security

我最近添加了使用spring security的过滤器来弹簧mvc应用程序。过滤器运行良好,但spring无法再找到.jsp文件。例如,我在/autoPA/WEB-INF/views/csvuploadform.jsp中有一个jsp绑定到映射到/upload的控制器。 当我尝试访问/upload时,我必须进行身份验证。一旦我,我访问控制器(日志证明它)但我在日志中得到404和No mapping found for HTTP request with URI [/autoPA/WEB-INF/views/csvuploadform.jsp] in DispatcherServlet with name 'SocialServlet'

由于除了web.xml之外我的代码没有任何变化,我认为这里有一个麻烦,但我看不到哪里。

以上是上述文件:

<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>spring.profiles.active</param-name>
    <param-value>dev</param-value>
</context-param>

<filter>
    <filter-name>encodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>encodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>SocialServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        /WEB-INF/social-context.xml         
        </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    <async-supported>true</async-supported>
</servlet>
<servlet-mapping>
    <servlet-name>SocialServlet</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>

<servlet>
    <servlet-name>RESTServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/restapi-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>RESTServlet</servlet-name>
    <url-pattern>/api/*</url-pattern>
</servlet-mapping>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/applicationContext.xml,
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>

这是spring-security.xml文件:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/api/**" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="test" password="test" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

这是social-context.html:

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">


    <import resource="properties/socialProperties.xml" />


    <context:component-scan base-package="com.dynamease.web.social" />
    <context:annotation-config />

    <mvc:annotation-driven />


    <mvc:interceptors>
        <bean class="com.dynamease.entity.springsocialentities.UserInterceptor">
            <constructor-arg ref="usersConnectionRepository" />
        </bean>
    </mvc:interceptors>

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/views/" />
        <property name="suffix" value=".jsp" />
    </bean>

    <!-- Allows users to sign-in with their provider accounts. -->
    <bean class="org.springframework.social.connect.web.ProviderSignInController">
        <constructor-arg ref="connectionFactoryLocator" />
        <constructor-arg ref="usersConnectionRepository" />
        <constructor-arg>
            <bean class="com.dynamease.entity.springsocialentities.SimpleSignInAdapter" />
        </constructor-arg>
    </bean>


    <mvc:view-controller path="/signin" />
    <mvc:view-controller path="/signout" />
    <mvc:view-controller path="/choice" />

    <!-- Upload -->
    <!-- <bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping" 
        /> -->
    <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />


</beans>

我的一个控制器:`

@Controller
@RequestMapping(value = "/upload")
public class CSVUploadController {
@Autowired
private DynClassifierCSV csvClassifier;
@Autowired
private DynDirectoryServiceImpl dynDirectoryServiceImpl;

@Autowired
private DynCSVService csvService;

private final Logger logger = LoggerFactory.getLogger(FileUpload.class);

@RequestMapping(method = RequestMethod.GET)
public String getUploadForm(Model model) {
    model.addAttribute(new UploadItem());
    return "csvuploadform";
}

}`

有什么想法吗?

2 个答案:

答案 0 :(得分:1)

我发现了问题:我将<url-pattern>/*</url-pattern>替换为<url-pattern>/</url-pattern>并且有效。

答案 1 :(得分:0)

您可以尝试通过添加行

来更改spring-security.xml

&lt; intercept-url pattern =&#34; / views / **&#34;存取=&#34; hasRole(&#39; ROLE_USER&#39;)&#34; /&GT;

以便具有ROLE_USER角色的用户可以使用/ autoPA / WEB-INF / views目录。

希望有所帮助