Question

我是Spring安全新手并尝试将其与现有应用程序集成。此遗留应用程序部署在IIS后面的tomcat 7服务器中。 ISAPI过滤器用于将请求分派给此tomcat实例。

由于我早期尝试将Spring安全性集成到此遗留应用程序并不成功，因此我将一个正在运行的spring安全应用程序（已测试）的示例复制到tomcat实例并完全删除了旧应用程序。令我惊讶的是，它仍然无法拦截安全网址。（但是当我使用maven tomcat插件运行时，这个示例应用程序工作正常。），所以我想知道为什么我的应用程序不能在配置了ISAPI和IIS的tomcat实例中工作。

我已经将url模式添加到url worker map中，并且我可以成功点击安全控制器而不首先进行身份验证。

请找到我的tomcat日志

Jul 06, 2016 11:32:13 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [C:\Server_APP_Location\XYZ_APP\Tomcat\7.0.30\shared\classes], exists: [false], isDirectory: [false], canRead: [false]
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'minProcessors' to '5' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxProcessors' to '300' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING:   No rules found matching 'Server/Service/Engine/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlValidation' to 'false' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlNamespaceAware' to 'false' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING:   No rules found matching 'Server/Service/Engine/Host/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING:   No rules found matching 'Server/Service/Engine/Host/Context/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 575 ms
Jul 06, 2016 11:32:14 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 06, 2016 11:32:14 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.30
Jul 06, 2016 11:32:15 PM org.apache.catalina.util.SessionIdGenerator createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [158] milliseconds.
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext resourcesStart
SEVERE: Error starting static Resources

Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error in resourceStart()
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error getConfigured
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal

Jul 06, 2016 11:32:15 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Server_APP_Location\XYZ_APP\Tomcat\7.0.30\webapps\someWebApplication
Jul 06, 2016 11:32:16 PM org.apache.catalina.core.ApplicationContext log
INFO: No Spring WebApplicationInitializer types detected on classpath
Jul 06, 2016 11:32:16 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
    INFO  ContextLoader:273 - Root WebApplicationContext: initialization started
    INFO  XmlWebApplicationContext:510 - Refreshing Root WebApplicationContext: startup date [Wed     Jul 06 23:32:16 AEST 2016]; root of context hierarchy

    INFO  XmlBeanDefinitionReader:315 - Loading XML bean definitions from URL [file:/C:/Server_APP_Location/XYZ_APP/Tomcat/7.0.30/webapps/someWebApplication/WEB-INF/classes/application-context.xml]
DEBUG DefaultDocumentLoader:72 - Using JAXP provider [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
DEBUG PluggableSchemaResolver:140 - Loading schema mappings from [META-INF/spring.schemas]
DEBUG PluggableSchemaResolver:118 - Found XML schema [http://www.springframework.org/schema/security/spring-security-3.2.xsd] in classpath: org/springframework/security/config/spring-security-3.2.xsd

 DEBUG BeanUtils:443 - No property editor [org.springframework.web.context.request.WebRequestInterceptorEditor] found for type org.springframework.web.context.request.WebRequestInterceptor according to 'Editor' suffix convention
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.web.servlet.handler.MappedInterceptor#0' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.handler.MappedInterceptor#0'
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0'
 DEBUG RequestMappingHandlerMapping:105 - Looking for request mappings in application context: Root WebApplicationContext: startup date [Wed     Jul 06 23:32:16 AEST 2016]; root of context hierarchy
     INFO  RequestMappingHandlerMapping:185 - Mapped "{[/api/json/{id}],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public rest.demo.JsonRestObject rest.demo.RestController.getJsonRestObject(java.lang.Integer)
     INFO  RequestMappingHandlerMapping:185 - Mapped "{[/apiv2/json/{id}],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public rest.demo.JsonRestObject rest.demo.RestController2.getJsonResponse(java.lang.Integer)
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.format.support.FormattingConversionServiceFactoryBean#0'

 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.filterChains': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.filterChainProxy': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.PortMapperImpl#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.PortResolverImpl#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.ProviderManager#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.context.NullSecurityContextRepository#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.savedrequest.NullRequestCache#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.access.vote.AffirmativeBased#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.userDetailsServiceFactory': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.DefaultSecurityFilterChain#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'authenticationEntryPoint': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'customRestFilter': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authenticationManager': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'restAuthenticationProvider': no URL paths identified
 DEBUG BNUHM:86 - Rejected bean name 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor': no URL paths identified

 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.filterChains'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.filterChains'

 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'

 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.context.NullSecurityContextRepository#0' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
 DEBUG StandardServletEnvironment:112 - Initializing new StandardServletEnvironment

 DEBUG DLBF:215 - Creating shared instance of singleton bean 'customRestFilter'
 DEBUG DLBF:435 - Creating instance of bean 'customRestFilter'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authenticationManager'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authenticationManager'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'restAuthenticationProvider'

 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authenticationManager' to allow for resolving potential circular references
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authenticationManager'
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authenticationManager'

 DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.ProviderManager#0'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0' to allow for resolving potential circular references
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.ProviderManager#0' to allow for resolving potential circular references
 DEBUG DLBF:435 - Creating instance of bean '(inner bean)#19'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name '(inner bean)#19'
 DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#19'
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authentication.ProviderManager#0'
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.ProviderManager#0'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'authenticationEntryPoint'

 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.savedrequest.NullRequestCache#0' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'

 DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#21'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' to allow for resolving potential circular references
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.access.vote.AffirmativeBased#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.access.vote.AffirmativeBased#0'
 DEBUG DLBF:435 - Creating instance of bean '(inner bean)#22'
 DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#22'
 DEBUG DLBF:435 - Creating instance of bean '(inner bean)#23'
 DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#23'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.access.vote.AffirmativeBased#0' to allow for resolving potential circular references
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.access.vote.AffirmativeBased#0'
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.access.vote.AffirmativeBased#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'

 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
 DEBUG FilterSecurityInterceptor:159 - Validated configuration attributes
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'

     INFO  DefaultSecurityFilterChain:28 - Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@3ba71e33, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@58afc4dd, rest.demo.CustomRestSecurityFilter@7ba5b6a7, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3c7acd5c, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@22407209, org.springframework.security.web.access.ExceptionTranslationFilter@34febe70, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4088c63e]
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.filterChains'
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.filterChains'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.filterChainProxy'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.filterChainProxy'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.filterChains'

 DEBUG StandardEnvironment:116 - Initialized StandardEnvironment with PropertySources [systemProperties,systemEnvironment]
 DEBUG BeanUtils:443 - No property editor [org.springframework.security.web.SecurityFilterChainEditor] found for type org.springframework.security.web.SecurityFilterChain according to 'Editor' suffix convention
 DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.filterChainProxy' to allow for resolving potential circular references
 DEBUG DLBF:435 - Creating instance of bean '(inner bean)#26'
 DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#26'
 DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.filterChainProxy'
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.filterChainProxy'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.PortMapperImpl#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.PortMapperImpl#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.PortMapperImpl#0' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.PortMapperImpl#0'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.PortResolverImpl#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.PortResolverImpl#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.PortResolverImpl#0' to allow for resolving potential circular references
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.PortMapperImpl#0'
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.PortResolverImpl#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.access.vote.AffirmativeBased#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
 DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.userDetailsServiceFactory'
 DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.userDetailsServiceFactory'
 DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.userDetailsServiceFactory' to allow for resolving potential circular references
 DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.userDetailsServiceFactory'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'authenticationEntryPoint'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'customRestFilter'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'restAuthenticationProvider'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor'
 DEBUG XmlWebApplicationContext:858 - Unable to locate LifecycleProcessor with name 'lifecycleProcessor': using default [org.springframework.context.support.DefaultLifecycleProcessor@3b6ecdb3]

 DEBUG ContextLoader:308 - Published root WebApplicationContext as ServletContext attribute with name [org.springframework.web.context.WebApplicationContext.ROOT]
 INFO  ContextLoader:313 - Root WebApplicationContext: initialization completed in 2371 ms
 DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
 DEBUG DelegatingFilterProxy:172 - Initializing filter 'springSecurityFilterChain'
 DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.filterChainProxy'

当我按下安静的控制器时，我可以看到以下日志，

DEBUG DispatcherServlet:823 - DispatcherServlet with name 'RestFulServlet' processing GET request for [/retail/online/api/json/1]
DEBUG RequestMappingHandlerMapping:226 - Looking up handler method for path /api/json/1
DEBUG RequestMappingHandlerMapping:233 - Returning handler method [public rest.demo.JsonRestObject rest.demo.RestController.getJsonRestObject(java.lang.Integer)]
DEBUG DefaultListableBeanFactory:246 - Returning cached instance of singleton bean 'restController'
DEBUG DispatcherServlet:912 - Last-Modified value for [/retail/online/api/json/1] is: -1
DEBUG RequestResponseBodyMethodProcessor:150 - Written [rest.demo.JsonRestObject@1493b4f0] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJacksonHttpMessageConverter@6d4c031d]
DEBUG DispatcherServlet:999 - Null ModelAndView returned to DispatcherServlet with name 'RestFulServlet': assuming HandlerAdapter completed request handling
DEBUG DispatcherServlet:966 - Successfully completed request

Web.xml中

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:application-context.xml</param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
    <servlet-name>RestFulServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value></param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>RestFulServlet</servlet-name>
    <url-pattern>/online/*</url-pattern>
</servlet-mapping>

应用程序上下文

<context:component-scan base-package="rest.demo" />
<mvc:annotation-driven />
<security:http create-session="stateless" entry-point-ref="authenticationEntryPoint" authentication-manager-ref="authenticationManager">
    <security:custom-filter ref="customRestFilter" position="BASIC_AUTH_FILTER" />
    <security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
    <property name="realmName" value="Username: jack Password: jill" />
</bean>
<bean id="customRestFilter" class="rest.demo.CustomRestSecurityFilter">
    <constructor-arg name="authenticationManager" ref="authenticationManager" />
</bean>
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="restAuthenticationProvider" />
</security:authentication-manager>
<bean id="restAuthenticationProvider" class="rest.demo.RestAuthenticationProvider" />

我正在运行spring security和framework版本3.2.2。

Answer 1

这个问题的原因是由于来自tomcat的请求被另一个Web应用程序转发到我试图实现spring安全性的应用程序，如下所示

RequestDispatcher dispatcher = context.getRequestDispatcher(uri);
dispatcher.forward(req, rsp);

所以我所要做的就是向Spring安全过滤器添加调度程序标志

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

因此，如果您遇到类似问题，请确保将请求分派给您的应用程序。

Spring安全性不拦截在使用IIS ISAPI

1 个答案: