我试图复制其他一些可能由使用Spring Security引起的问题。但是,我甚至没有成功保护一个简单的servlet。出于复制问题的目的,我需要使用基于URL的跟踪,而不是基于COOKIE的跟踪。这是我的代码:
的src / MyServlet.java
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public final class MyServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
public void init() throws ServletException
{
}
@Override
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
out.println("Hi!");
}
@Override
public void destroy()
{
}
}
的WebContent / WEB-INF / web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/*.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<description>Spring Secured</description>
<display-name>Spring Secured</display-name>
<servlet-name>SpringSecured</servlet-name>
<servlet-class>MyServlet</servlet-class>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>SpringSecured</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<session-config>
<tracking-mode>URL</tracking-mode>
</session-config>
</web-app>
的WebContent / WEB-INF /弹簧/ security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<http disable-url-rewriting="false">
<intercept-url pattern="/**" access="hasRole('USER')" />
<form-login />
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
如果我将<tracking-mode>URL</tracking-mode>更改为<tracking-mode>COOKIE</tracking-mode>,这样可以正常工作,但为了复制其他一些错误,我需要将其设置为URL。它向我显示了一个登录表单,但当我点击&#34;登录&#34;时,我收到一条消息&#34;无法验证提供的CSRF令牌,因为找不到您的会话。&#34; 。我在这里缺少什么?