在我的初始实现中,我在web.xml
中有简单的过滤器定义,它对我来说很好。
<filter>
<filter-name>myCustomFilter</filter-name>
<filter-class>some.package.MyCustomFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>myCustomFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我的目标是更换上面的过滤器以提高安全性。
我根据spring文档添加了springSecurityFilterChain
:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/security-filter-chain.html
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
然后我将filterChainProxy
定义添加到我的spring-security.xml
<alias name="filterChainProxy" alias="springSecurityFilterChain"/>
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**" filters="myCustomFilter"/>
</security:filter-chain-map>
</bean>
<bean id="myCustomFilter" class="some.package.MyCustomFilter"/>
现有的spring-security.xml配置:
<security:http pattern="/**/*.some_extension" security="none"/>
<security:http auto-config="false" entry-point-ref="entryPoint" authentication-manager-ref="manager" use-expressions="true">
<security:intercept-url pattern="/**" access="hasRole('SOME_ROLE')"/>
<security:custom-filter ref="map_filter" position="FORM_LOGIN_FILTER"/>
<security:logout
logout-url="/my/logout.controller"
delete-cookies="JSESSIONID"
/>
</security:http>
<util:map id="map_filter">
<entry key="/my/first/login/.controller" value-ref="filter1"/>
<entry key="/my/second/login/.controller" value-ref="filter2"/>
</util:map>
现在,当我尝试登录时,我收到以下异常:
org.springframework.web.servlet.mvc.multiaction.NoSuchRequestHandlingMethodException: No matching handler method found for servlet request: path '/my/first/login/.controller', method 'POST'