我对玉兰花用户有关弹簧安全性的质疑 我试图遵循玉兰cms页面上提供的所有指南,但其中没有一个适合我。我已经按照描述的方式配置了web.xml和spring安全上下文+我自己从db中检索用户的配置。我可以使用jetty(eclipse)启动应用程序而没有关于bean etx的任何错误,但是当登录页面出现时我无法实现这种情况。 在我的开发人员Magnolia jetty实例上运行时,我要求使用magnolia页面登录,成功登录后没有弹簧安全性,迫使我再次登录。这是示例网址
http://localhost:9999/magnolia-blossom-sample-webapp/home/tours/statues-tour.html
当在tomcat上部署到公共木兰实例时,我没有被要求登录到玉兰花,但是我的页面没有登录页面,有弹簧安全性。
http://localhost:8080/magnoliaPublic/home/tours.html
问题是我可以错过那些我无法获得授权页面以使用spring security登录。
这是我的配置
Magnolia public / author web.xml(因为web.xml没有放在我的开花模块中)
<filter>
<display-name>Magnolia global filters</display-name>
<filter-name>magnoliaFilterChain</filter-name>
<filter-class>info.magnolia.cms.filters.MgnlMainFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>magnoliaFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>info.magnolia.module.blossom.web.InstallationAwareDelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/home/*</url-pattern> // /* doesn't work neither
</filter-mapping>
<listener>
<listener-class>info.magnolia.init.MagnoliaServletContextListener</listener-class>
</listener>
<context-param>
<description>Vaadin production mode</description>
<param-name>productionMode</param-name>
<param-value>true</param-value>
</context-param>
Spring安全上下文applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"
default-autowire="byType">
<beans:bean id="authSuccessHandler" class="security.auth.AuthenticationSuccessHandler">
<beans:property name="userLogic" ref="userLogic"/>
</beans:bean>
<beans:bean id="authFailureHandler" class="security.auth.AuthenticationFailureHandler">
</beans:bean>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()" />
<intercept-url pattern="/*" access="hasRole('adminMLM')" />
<form-login login-page="/login"
authentication-success-handler-ref="authSuccessHandler"
authentication-failure-handler-ref="authFailureHandler"
default-target-url="/"
/>
<logout />
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userLogic"/>
<beans:property name="passwordEncoder" ref="userLogic"/>
<beans:property name="saltSource" ref="userLogic"/>
</beans:bean>
<authentication-manager>
<authentication-provider ref="daoAuthenticationProvider" />
</authentication-manager>
</beans:beans>
的applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:blossom="http://www.magnolia-cms.com/schema/blossom"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.magnolia-cms.com/schema/blossom
http://www.magnolia-cms.com/schema/blossom.xsd ">
<bean class="info.magnolia.blossom.sample.module.service.SalesApplicationWebServiceImpl" />
<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>
</beans>
开花-servlet.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config/>
<context:component-scan base-package="logic.impl" />
<context:component-scan base-package="info.magnolia.blossom.sample.module" use-default-filters="false">
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.Template"/>
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.Area"/>
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.DialogFactory"/>
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.VirtualURIMapper"/>
<context:include-filter type="assignable" expression="info.magnolia.cms.beans.config.VirtualURIMapping"/>
</context:component-scan>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
<property name="customArgumentResolvers">
<list>
<bean class="info.magnolia.module.blossom.web.BlossomHandlerMethodArgumentResolver" />
</list>
</property>
<!-- For @Valid - JSR-303 Bean Validation API -->
<property name="webBindingInitializer">
<bean class="org.springframework.web.bind.support.ConfigurableWebBindingInitializer">
<property name="validator">
<bean class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean" />
</property>
</bean>
</property>
</bean>
<bean class="info.magnolia.module.blossom.preexecution.BlossomHandlerMapping">
<property name="targetHandlerMappings">
<list>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
<property name="useSuffixPatternMatch" value="false" />
</bean>
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping" />
</list>
</property>
</bean>
<bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter" />
<bean class="info.magnolia.module.blossom.view.UuidRedirectViewResolver">
<property name="order" value="1" />
</bean>
<!-- JSP - renders all views that end with .jsp -->
<bean class="info.magnolia.module.blossom.view.TemplateViewResolver">
<property name="order" value="2"/>
<property name="prefix" value="/templates/blossomSampleModule/"/>
<property name="viewNames" value="*.jsp"/>
<property name="viewRenderer">
<bean class="info.magnolia.module.blossom.view.JspTemplateViewRenderer">
<property name="contextAttributes">
<map>
<entry key="damfn">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="damfn"/>
<property name="componentClass" value="info.magnolia.dam.asset.functions.DamTemplatingFunctions"/>
</bean>
</entry>
</map>
</property>
</bean>
</property>
</bean>
<!-- Freemarker - renders all views that end with .ftl -->
<bean class="info.magnolia.module.blossom.view.TemplateViewResolver">
<property name="order" value="3"/>
<property name="prefix" value="/blossomSampleModule/"/>
<property name="viewNames" value="*.ftl"/>
<property name="viewRenderer">
<bean class="info.magnolia.module.blossom.view.FreemarkerTemplateViewRenderer">
<property name="contextAttributes">
<map>
<entry key="cms">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="cms"/>
<property name="componentClass" value="info.magnolia.templating.freemarker.Directives"/>
</bean>
</entry>
<entry key="cmsfn">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="cmsfn"/>
<property name="componentClass" value="info.magnolia.templating.functions.TemplatingFunctions"/>
</bean>
</entry>
<entry key="damfn">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="damfn"/>
<property name="componentClass" value="info.magnolia.dam.asset.functions.DamTemplatingFunctions"/>
</bean>
</entry>
</map>
</property>
</bean>
</property>
</bean>
</beans>
BlossomSampleModule.java
public class BlossomSampleModule extends BlossomModuleSupport implements ModuleLifecycle {
public void start(ModuleLifecycleContext moduleLifecycleContext) {
if (moduleLifecycleContext.getPhase() == ModuleLifecycleContext.PHASE_SYSTEM_STARTUP) {
super.initRootWebApplicationContext("classpath:/applicationContext.xml");
super.initBlossomDispatcherServlet("blossom", "classpath:/blossom-servlet.xml, classpath:/applicationContext-security.xml");
}
}
public void stop(ModuleLifecycleContext moduleLifecycleContext) {
if (moduleLifecycleContext.getPhase() == ModuleLifecycleContext.PHASE_SYSTEM_SHUTDOWN) {
super.destroyDispatcherServlets();
super.closeRootWebApplicationContext();
}
}
}
最好的问候
答案 0 :(得分:2)
Magnolia的过滤器链中的最后一个过滤器 - RenderingFilter在过滤器链中充当终结符。如果它找到要从Magnolia(或通过Blossom)渲染的内容,它将不会继续处理过滤器链,因此您的其他过滤器(弹簧安全性)将不会被执行。您需要确保在Magnolia过滤器链之前或Magnolia过滤器链内部执行过滤器。为了实现更好的目标,请在config:/server/filters下的Magnolia管理中心内定义您的过滤器... ContextFilter之后和CacheFilter之前的任何地方应该没问题。请使用其他过滤器作为如何配置您的过滤器或查看here或here的示例。
HTH,
扬