isAnonymous()和isAuthenticated()都返回false

时间:2014-03-21 00:57:55

标签: java spring jsp spring-security

我有一个简单的页面,根据用户是否登录显示简单文本。

<sec:authorize access="isAnonymous()">
    No, you failed!
</sec:authorize>
<sec:authorize access="isAuthenticated()">
   yes, logged in. Well done!
</sec:authorize>

上面的代码什么都没显示!这意味着isAuthenticated()和isAnonymous()都返回false。

这里建议(Both isAnonymous() and isAuthenticated() return false on error page)我必须将此配置用于我的过滤器映射:

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <!-- apply Spring Security authentication to error-pages -->
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

我没有使用XML,但我的配置是相同的:

EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD);
characterEncoding.addMappingForUrlPatterns(dispatcherTypes, true, "/*");

FilterRegistration.Dynamic security = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
security.addMappingForUrlPatterns(dispatcherTypes, true, "/*");

为什么会发生这种情况?

编辑: 这是我的安全背景:

@Configuration
@EnableWebSecurity
public class SecurityContext extends WebSecurityConfigurerAdapter {

@Autowired
private UserRepository userRepository;

@Override
public void configure(WebSecurity web) throws Exception {
    web
            //Spring Security ignores request to static resources such as CSS or JS files.
            .ignoring()
                .antMatchers("/static/**");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            //Configures form login
            .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/login/authenticate")
                .failureUrl("/login?error=bad_credentials")
            //Configures the logout function
            .and()
                .logout()
                    .deleteCookies("JSESSIONID")
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/login")
            //Configures url based authorization
            .and()
                .authorizeRequests()
                    //Anyone can access the urls
                    .antMatchers(
                            "/auth/**",
                            "/login",
                            "/signin/**",
                            "/signup/**",
                            "/user/register/**"
                    ).permitAll()
                    //The rest of the our application is protected.
                    .antMatchers("/**").hasRole("USER")
            //Adds the SocialAuthenticationFilter to Spring Security's filter chain.
            .and()
                .apply(new SpringSocialConfigurer());
}

/**
* Configures the authentication manager bean which processes authentication
* requests.
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .userDetailsService(userDetailsService())
            .passwordEncoder(passwordEncoder());
}

/**
* This is used to hash the password of the user.
*/
@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder(10);
}

/**
* This bean is used to load the user specific data when social sign in
* is used.
 */
@Bean
public SocialUserDetailsService socialUserDetailsService() {
    return new SimpleSocialUserDetailsService(userDetailsService());
}

/**
* This bean is load the user specific data when form login is used.
*/
@Bean
public UserDetailsService userDetailsService() {
    return new RepositoryUserDetailsService(userRepository);
 }
}  

这是页面控制器:

@Controller
public class LoginController {

private static final Logger LOGGER = LoggerFactory.getLogger(LoginController.class);

protected static final String VIEW_NAME_LOGIN_PAGE = "user/login";

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String showLoginPage() {
    LOGGER.debug("Rendering login page.");
    return VIEW_NAME_LOGIN_PAGE;
 }
}

2 个答案:

答案 0 :(得分:1)

确保您没有绕过该URL的安全性,如下所示:

<http pattern="/xyz.xx" security="none" />

答案 1 :(得分:0)

ApplicationContext必须包含

@ComponentScan(basePackages = {
    "com.social.user.detail.service"
})

在这个包中,我的用户类包含以下内容:     public interface UserService {

public User registerNewUserAccount(RegistrationForm userAccountData) throws DuplicateEmailException;
}