我已经在mavennised项目中成功地在jsf 2.0.1中配置了Spring security 4.2.3。我还将Spring安全标记库添加为依赖项,但<sec:authorize access="hasRole('ROLE_ADMIN')">
未按预期运行。
security.xml文件:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd">
<http auto-config="true"><intercept-url pattern="/" access="permitAll" /><intercept-url pattern="/home" access="permitAll" /><intercept-url pattern="/secured**" access="hasRole('ADMIN')" /><intercept-url pattern="/dba**" access="hasRole('ADMIN') and hasRole('DBA')" /><form-login login-page="/login" username-parameter="ssoId" password-parameter="password" authentication-failure-url="/unsecured" /></http> <authentication-manager><authentication-provider><user-service><user name="bill" password="abc123" authorities="ROLE_USER" /><user name="admin" password="root123" authorities="ROLE_ADMIN" /><user name="dba" password="root123" authorities="ROLE_ADMIN,ROLE_DBA" /></user-service></authentication-provider></authentication-manager>
</beans:beans>
的web.xml:
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<context-param> <param-name>javax.faces.DISABLE_FACELET_JSF_VIEWHANDLER</param-name> <param-value>true</param-value> </context-param>
<context-param><param-name>javax.faces.STATE_SAVING_METHOD</param-name><param-value>client</param-value></context-param>
<context-param><param-name>contextConfigLocation</param-name><param-value>classpath*:META-INF/spring/app*.xml</param-value></context-param>
<context-param><param-name>com.sun.faces.injectionProvider</param-name><param-value>com.sun.faces.vendor.WebContainerInjectionProvider</param-value></context-param>
<listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener>
<context-param><param-name>contextConfigLocation</param-name><param-value>/WEB-INF/spring/*.xml</param-value></context-param>
<filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter>
<filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping>
<listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener>
<servlet><servlet-name>Faces Servlet</servlet-name><servlet-class>javax.faces.webapp.FacesServlet</servlet-class><load-on-startup>1</load-on-startup></servlet>
<servlet-mapping><servlet-name>Faces Servlet</servlet-name><url-pattern>*.jsf</url-pattern></servlet-mapping>
<servlet-mapping><servlet-name>Faces Servlet</servlet-name><url-pattern>*.faces</url-pattern></servlet-mapping>
<filter><display-name>RichFaces Filter</display-name><filter-name>richfaces</filter-name><filter-class>org.ajax4jsf.Filter</filter-class></filter>
<filter-mapping><filter-name>richfaces</filter-name><servlet-name>Faces Servlet</servlet-name><dispatcher>REQUEST</dispatcher><dispatcher>FORWARD</dispatcher><dispatcher>INCLUDE</dispatcher></filter-mapping>
<welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list> <session-config><session-timeout>-1</session-timeout></session-config>
</web-app>
pom.xml依赖项:
<!-- START: Spring Security JARS -->
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-web</artifactId><version>${springsecurity.version}</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>${springsecurity.version}</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-taglibs</artifactId><version>4.2.3.RELEASE</version>dependency>