我需要在我的网络中使用2种类型的URL,一种具有访问限制,另一种没有访问限制。 这是架构:
myApp:
(1)网址工作正常,但我不知道如何为(2)实现/配置spring。这是我对servlet-mapping的实际配置:
Web.xml中
<servlet>
<servlet-name>myApp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>myApp</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
在 context-security.xml 中,我有以下内容供公众访问:
<http pattern="/public/**" security="none"/>
我尝试在Web.xml中再添加一个url-pattern:
<url-pattern>/public/*</url-pattern>
但是这不能正常工作,我可以访问所有需要授权的网址,而无需使用以下方式登录:myApp / public / xxx.do。
我应该只为公共网址创建另一个servlet,还是有更简单的东西?
编辑:
我的 context-security.xml :
<?xml version="1.0" encoding="UTF-8"?>
<!--
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Debug -->
<!--
<debug />
-->
<global-method-security pre-post-annotations="enabled" />
<!-- No securizamos los recursos públicos -->
<http pattern="/public/**" security="none"/>
<http use-expressions="true" entry-point-ref="myAppAuthenticationEntryPoint">
<intercept-url pattern="/ProcessResponseServlet" access="permitAll" />
<intercept-url pattern="/CallAuthenticationServlet" access="permitAll" />
<intercept-url pattern="/ReturnAuthenticationServlet" access="permitAll" />
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login
login-page="/login.jsp"
default-target-url="/index.jsp"
authentication-failure-url="/login.jsp?login_error"
/>
<logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID"/>
<remember-me />
</http>
<!-- myApp authentication entry point -->
<beans:bean id="myAppAuthenticationEntryPoint"
class="com.home.myApp.webapp.security.myAppAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp" />
</beans:bean>
<!-- Autenticación de pruebas-->
<authentication-manager>
<authentication-provider ref="mockProvider">
</authentication-provider>
</authentication-manager>
<beans:bean id="mockProvider" class="com.home.myApp.webapp.security.MockAuthenticationProvider" >
</beans:bean>
答案 0 :(得分:0)
您应该使用Spring安全性。 1.添加到您的web.xml过滤器以获取Spring Security(例如)
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/dispatcher.xml
/WEB-INF/context-security.xml
</param-value>
</context-param>
添加到您的context-security.xml
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/public/**" access="permitAll"/>
<intercept-url pattern="/res/**" access="permitAll"/>
<intercept-url pattern="/*.do" access="isAuthenticated()"/>
</http>