我需要将Struts2与Spring Security集成。现在我成功地为我的项目添加了弹簧和弹簧安全性,但我无法登录到我的应用程序。我不知道会出现什么问题。
使用依赖项:
<properties>
<struts.version>2.3.24.1</struts.version>
<java.version>1.8</java.version>
<spring.version>4.2.1.RELEASE</spring.version>
<springsecurity.version>4.0.2.RELEASE</springsecurity.version>
<hibernate.version>4.3.8.Final</hibernate.version>
<mysqlconnector.version>5.1.34</mysqlconnector.version>
<javaee-web-api.version>7.0</javaee-web-api.version>
<servlet-api-version>3.1.0</servlet-api-version>
<jsp-api-version>2.1</jsp-api-version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Struts2 -->
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
<version>${struts.version}</version>
</dependency>
<!-- Tiles -->
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-tiles-plugin</artifactId>
<version>${struts.version}</version>
</dependency>
<!-- Struts 2 annotations -->
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-convention-plugin</artifactId>
<version>${struts.version}</version>
</dependency>
<!-- Struts 2 AJAX support -->
<dependency>
<groupId>com.jgeppert.struts2.jquery</groupId>
<artifactId>struts2-jquery-plugin</artifactId>
<version>3.7.1</version>
</dependency>
<!-- Spring -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>4.2.1.RELEASE</version>
</dependency>
<!-- struts 2 & spring -->
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-spring-plugin</artifactId>
<version>${struts.version}</version>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<!-- hibernate 4 -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
</dependency>
<!-- database pool -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
<version>2.0</version>
</dependency>
<!-- mysql java connector -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysqlconnector.version}</version>
</dependency>
<!-- Servlet -->
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId>
<version>${javaee-web-api.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${servlet-api-version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>${jsp-api-version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
我的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_1.xsd">
<display-name>Struts 2 - NSAI</display-name>
<!-- load spring configuration: -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--Struts Filter-->
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- load tiles configuration: -->
<context-param>
<param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
<param-value>/WEB-INF/classes/tiles.xml</param-value>
</context-param>
<!-- tiles listener: -->
<listener>
<listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
弹簧-config.xml中:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.2.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-4.2.xsd">
<context:annotation-config />
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/nsai" />
<property name="username" value="nsaiuser" />
<property name="password" value="nsaipassword" />
</bean>
<!--Hibernate session factory configuration -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="configLocation" value="classpath:hibernate.cfg.xml" />
<property name="packagesToScan" value="com.politechnika.models" />
</bean>
<!-- Transaction manager -->
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
<context:component-scan base-package="com.politechnika" />
<import resource="classpath*:spring-security.xml"/>
弹簧security.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/showUsersList.action" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/executeLogin.action" access="permitAll"/>
<access-denied-handler error-page="/views/accessDenied.jsp" />
<form-login
login-page="/inputLogin.action"
default-target-url="/"
username-parameter="username"
password-parameter="password"
authentication-failure-url="/login?error"/>
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
<authentication-provider user-service-ref="myUserDetailsService">
</authentication-provider>
</authentication-manager>
</beans:beans>
和login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="s" uri="/struts-tags"%>
<div id="login">
<s:form name="loginFrom" action="/j_spring_security_check" method="post">
<s:textfield key="user.login" name="username"/>
<s:password key="user.password" name="password"/>
<s:submit key="submit"/>
</s:form>
<p>
<a href="<s:url action='showUsersList'/>">List of users</a>
</p>
当我尝试登录应用程序时,会将我重定向到AccesDenied页面,当我尝试转到另一个页面时,它会自动将我重定向到登录页面。
那里有什么问题?
更新: 我为spring spring添加了log4j,当我尝试登录时,我得到了这个:
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:171 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:171 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:101 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@45e88786. A new one will be created.
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:101 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@45e88786. A new one will be created.
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-11-05 18:49:28 DEBUG HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@508596c1
2017-11-05 18:49:28 DEBUG HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@508596c1
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2017-11-05 18:49:28 DEBUG FilterChainProxy:324 - /j_spring_security_check at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2017-11-05 18:49:28 DEBUG CsrfFilter:106 - Invalid CSRF token found for http://localhost:8080/nsai-struts2/j_spring_security_check
2017-11-05 18:49:28 DEBUG CsrfFilter:106 - Invalid CSRF token found for http://localhost:8080/nsai-struts2/j_spring_security_check
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-11-05 18:49:28 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-11-05 18:49:28 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
2017-11-05 18:49:28 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
UPDATE2: 我将csrf添加到jsp文件中仍然无法正常工作。 记录(此处无法粘贴,因为限制为30000个字符):
答案 0 :(得分:0)
使用_csrf,如下所示:
<s:form name="loginFrom" action="/j_spring_security_check" method="post">
<s:textfield key="user.login" name="username"/>
<s:password key="user.password" name="password"/>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<s:submit key="submit"/>
</s:form>