我正面临一些意想不到的问题。我在Spring MVC应用程序上工作,实现了spring安全性。我设计了一个页面,我在其中提供了一个链接,该链接应该下载已经存在于项目资源中的excel文件。
<a href="CustomerUploadTemplate.xlsx" target="_blank">Click here to download template</a>
此锚标记在“http://localhost:8080/epayui/app/customer/uploadCustomer”页面上定义
为简化起见,我将excel文件放在与jsp相同的文件夹中
一旦我点击锚链接,我就会被重定向到'http://localhost:8080/epayui/app/customer/CustomerUploadTemplate.xlsx'并得到错误,例如“验证时发生错误”,这是由于弹簧安全性造成的。
但是在应用程序安全性xml中,它被定义为:
<intercept-url pattern="/app/customer/*" access="isAuthenticated() />
控制台上没有打印错误。这里的问题是,当我点击链接时,它会尝试打开“customer / CustomerUploadTemplate.xls”视图。但是没有定义这样的观点。
web-application-security.xml如下所示:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<global-method-security secured-annotations="enabled"></global-method-security>
<context:property-placeholder
location="classpath:/properties/${ENV:local}/environment.properties" />
<!-- Configuring Spring Security for authorizing the following URL patterns
based on the access(Roles) mentioned below. -->
<http auto-config='true' use-expressions="true" entry-point-ref="customAuthenticationEntryPoint" access-denied-page="/app/security/accessDenied?errorid=6" >
<intercept-url pattern="/app/security/accessDenied" filters="none" />
<intercept-url pattern="/app/home/*" access="isAuthenticated()" />
<intercept-url pattern="/app/payments/enterPayment" access="isAuthenticated() and hasRole('EPAY_ENTER_PAYMENT_VIEW')" />
<intercept-url pattern="/app/payments/enterProfilePayment" access="isAuthenticated() and hasRole('EPAY_ENTER_PAYMENT_VIEW')" />
<intercept-url pattern="/app/payments/searchPayment" access="hasRole('EPAY_SEARCH_PAYMENT_VIEW')" />
<intercept-url pattern="/app/ccpayments/cardPayment" access="isAuthenticated()" />
<intercept-url pattern="/app/payments/editPayment" access="isAuthenticated()" />
<intercept-url pattern="/app/payments/enterManualPayment" access="hasRole('EPAY_ENTER_ACH_MANUAL_PAYMENT') or hasRole('EPAY_ENTER_CRT_MANUAL_PAYMENT')" />
<intercept-url pattern="/app/payments/*" access="isAuthenticated()" />
<intercept-url pattern="/app/queuedPayments/viewQueued" access="hasRole('EPAY_QUEUE_APPROVE')" />
<intercept-url pattern="/app/queuedPayments/*" access="isAuthenticated()" />
<intercept-url pattern="/app/admin/userSetup" access="hasRole('EPAY_USER_SETUP')" />
<intercept-url pattern="/app/admin/insertUser" access="hasRole('EPAY_USER_SETUP')" />
<intercept-url pattern="/app/admin/roleSetup" access="hasRole('EPAY_ROLE_SETUP')" />
<intercept-url pattern="/app/admin/viewLogs" access="hasRole('EPAY_LOG_VIEW')" />
<intercept-url pattern="/epayui/app/reports/enterReport" access="hasRole('EPAY_REPORT_MENU')" />
<intercept-url pattern="/epayui/app/reports/enterReport/*" access="hasRole('EPAY_REPORT_MENU')" />
<intercept-url pattern="/app/admin/unauthorizedAccounts" access="hasRole('EPAY_UNAUTH_ACCOUNT')" />
<intercept-url pattern="/app/admin/*" access="isAuthenticated()" />
<intercept-url pattern="/app/recurring/enterRecurringSchedules" access="hasRole('EPAY_RECURRING_CRT') or hasRole('EPAY_RECURRING_READ_ONLY') or hasRole('EPAY_RECURRING_CRT_REC_WEB') or hasRole('EPAY_RECURRING_CRT_ENA')"/>
<intercept-url pattern="/app/recurring/searchRecurringSchedules" access="hasRole('EPAY_RECURRING_CRT_REC') or hasRole('EPAY_RECURRING_ACH_REC')"/>
<intercept-url pattern="/app/recurring/*" access="isAuthenticated()" />
<intercept-url pattern="/app/reports/*" access="isAuthenticated()" />
<intercept-url pattern="/app/customer/*" access="isAuthenticated() and hasRole('MANAGE_CUSTOMERS')" />
<!-- <intercept-url pattern="/app/ccpayments/cardPayment" access="isAuthenticated() and (hasRole('EPAY_PROFILE_CREATE') or hasRole('EPAY_PROFILE_UPDATE') or hasRole('EPAY_PAYMENT_CRT_SAVE'))"/> -->
<intercept-url pattern="/app/*" access="isAuthenticated()" />
<intercept-url pattern="/images/*" filters="none" />
<intercept-url pattern="/css/images/*" filters="none" />
<intercept-url pattern="/css/*" filters="none" />
<intercept-url pattern="/js/*" filters="none" />
<intercept-url pattern="/resources/*" filters="none" />
<intercept-url pattern="/logout.jsp" filters="none" />
<intercept-url pattern="/*" access="isAuthenticated()" />
<custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
<session-management>
<concurrency-control expired-url="/app/security/accessDenied?errorid=7"/>
</session-management>
</http>
<beans:bean id="siteminderFilter" class="com.ge.epay.web.security.filters.CustomRequestHeaderAuthenticationFilter">
<beans:property name="principalRequestHeader" value="georaclehrid"/>
<beans:property name="firstNameHeader" value="givenname"/>
<beans:property name="lastNameHeader" value="sn"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="referSsoURL" value="${gecars.sso.logout.refer}"/>
</beans:bean>
<authentication-manager alias="authenticationManager" >
<authentication-provider ref="preauthAuthProvider"/>
</authentication-manager>
<beans:bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService" ref="userDetailsService"/>
</beans:bean>
<beans:bean id="userDetailsService" class="com.ge.epay.web.security.services.AuthenticationUserDetailsServiceImpl"/>
<beans:bean id="customAuthenticationEntryPoint" class="com.ge.epay.web.security.services.CustomAuthenticationEntryPoint"></beans:bean>
我做错了什么。任何指导将不胜感激。提前谢谢。