Question

我正处于将项目升级到spring 3.2和spring security 3.1的过程中。 site mesh是2.4.2版本。行为是下一个。如果我写下一个网址http://localhost:8081/erp-web/，服务器只给我一个登录页面。 page not decorated by sitemesh

但如果我写下一个网址http://localhost:8081/erp-web/login.mavi，服务器会给我正确装饰的登录页面。像这样 page properly decorated.

这是我的安全问题

<security:intercept-url pattern="/decorators/**" access="permitAll"/>
<security:intercept-url pattern="/resources/**" access="permitAll" />      
<security:intercept-url pattern="/login.do" access="permitAll" />

<security:form-login login-page="/login.do"
    default-target-url="/home.do" authentication-failure-url="/login.do?login_error=1" />
<security:logout logout-success-url="/logout.do" delete-cookies="JSESSIONID"/>

并在web.xml中

<!-- SECURITY -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- SITEMESH -->
<filter>
    <filter-name>sitemesh</filter-name>
    <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>sitemesh</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
</filter-mapping>

这是视图解析器。

        <bean
            class="org.springframework.web.servlet.view.InternalResourceViewResolver"
            p:viewClass="org.springframework.web.servlet.view.JstlView"
            p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" />

欢呼声。

Answer 1

确定。解决方案很简单。我刚刚添加到我的decorators.xml这一行

<pattern>/</pattern>

现在看起来像这样。

<decorator name="login" page="login.jsp">
    <pattern>/</pattern>
    <pattern>/login.do</pattern>
    <pattern>/spring_security_login</pattern>
</decorator>

Spring security 3.1 sitemesh没有装饰页面

1 个答案: