我正处于将项目升级到spring 3.2和spring security 3.1的过程中。 site mesh是2.4.2版本。行为是下一个。
如果我写下一个网址http://localhost:8081/erp-web/
,服务器只给我一个登录页面。
但如果我写下一个网址http://localhost:8081/erp-web/login.mavi
,服务器会给我正确装饰的登录页面。像这样
这是我的安全问题
<security:intercept-url pattern="/decorators/**" access="permitAll"/>
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/login.do" access="permitAll" />
<security:form-login login-page="/login.do"
default-target-url="/home.do" authentication-failure-url="/login.do?login_error=1" />
<security:logout logout-success-url="/logout.do" delete-cookies="JSESSIONID"/>
并在web.xml中
<!-- SECURITY -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- SITEMESH -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
这是视图解析器。
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:viewClass="org.springframework.web.servlet.view.JstlView"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" />
欢呼声。
答案 0 :(得分:3)
确定。解决方案很简单。我刚刚添加到我的decorators.xml
这一行
<pattern>/</pattern>
现在看起来像这样。
<decorator name="login" page="login.jsp">
<pattern>/</pattern>
<pattern>/login.do</pattern>
<pattern>/spring_security_login</pattern>
</decorator>