在GAE中使用Spring Security时遇到的问题

时间:2011-02-13 00:33:06

标签: spring google-app-engine spring-security

我正在关注这篇文章,以便在我的GAE项目http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/

中实现spring security

我无法使其正常工作,我已配置为受保护的网址未受到保护且应用程序未将我重定向到Google登录页面。这是我的web.xml和security-config.xml。请帮忙,因为我已经花了很多时间在这上面。我认为有一些小问题我无法抓住。

的web.xml 

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/security-config.xml
    </param-value>
</context-param>

<!-- Enables Spring Security -->
<filter>
    <filter-name>authenticationFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<!-- Reads request input using UTF-8 encoding -->
<filter>
    <filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>authenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>characterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>controller</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>controller</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

安全-config.xml中

   <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http pattern="/static/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />

<security:http use-expressions="true" entry-point-ref="entryPoint"
    access-denied-page="/">
    <security:intercept-url pattern="/" access="isAuthenticated()" />
    <security:intercept-url pattern="/sample"
        access="isAuthenticated()" />
    <security:custom-filter position="PRE_AUTH_FILTER"
        ref="authenticationFilter" />
</security:http>

<bean id="entryPoint"
    class="com.generic.gae.security.GoogleAccountsAuthenticationEntryPoint" />

<bean id="authenticationFilter" class="com.generic.gae.security.GaeAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="authenticationProvider" />
</security:authentication-manager>

<bean id="authenticationProvider"
    class="com.generic.gae.security.GoogleAccountsAuthenticationProvider" />

由于

1 个答案:

答案 0 :(得分:3)

security-config.xml中定义的

authenticationFilter不是您在web.xml中使用的那个。默认情况下,Spring Security使您可以使用名为springSecurityFilterChain的过滤器bean。因此,web.xml中的过滤器声明应为:

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

...

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

请参阅第Security Namespace Configuration页的第2.2节

相关问题
最新问题