Spring安全性与struts的集成

时间:2011-12-14 07:25:21

标签: java spring spring-security ldap struts

我试图在一个简单的应用程序中将spring security与struts1.2(使用LDAP)集成在一起 我有applicationContext-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<s:http>
    <s:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
    <s:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
    <s:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <s:form-login />
    <s:anonymous />
    <s:logout />
</s:http>


<!-- Simple namespace-based configuration -->

<s:ldap-server ldif="classpath:users.ldif" port="33389"/>

<s:authentication-manager>
    <s:ldap-authentication-provider
        group-search-filter="member={0}"
        group-search-base="ou=groups"
        user-search-base="ou=people"
        user-search-filter="uid={0}"
    />
    <s:authentication-provider ref='secondLdapProvider' />
</s:authentication-manager>


<!-- Traditional Bean version of the same configuration -->

<!-- This bean points at the embedded directory server created by the ldap-server element above  -->
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
</bean>

<bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
        <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <constructor-arg ref="contextSource" />
            <property name="userSearch">
                <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                  <constructor-arg index="0" value="ou=people"/>
                  <constructor-arg index="1" value="(uid={0})"/>
                  <constructor-arg index="2" ref="contextSource" />
                </bean>
            </property>
        </bean>
    </constructor-arg>
    <constructor-arg>
        <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
            <constructor-arg ref="contextSource" />
            <constructor-arg value="ou=groups" />
            <property name="groupSearchFilter" value="(member={0})"/>
            <property name="rolePrefix" value="ROLE_"/>
            <property name="searchSubtree" value="true"/>
            <property name="convertToUpperCase" value="true"/>
        </bean>
    </constructor-arg>
</bean>

和struts-config.xml

<?xml version="1.0" encoding="ISO-8859-1" ?> 
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.3//EN" "http://struts.apache.org/dtds/struts-config_1_3.dtd">
 <struts-config>

<form-beans>
    <form-bean name="helloForm" type="com.form.HelloForm"/>
</form-beans>   

<action-mappings>
    <action path="/helloForm" type="com.action.HelloAction" name="helloForm">
        <forward name="success" path="/secure/helloForm.jsp" />
    </action>
</action-mappings> 
</struts-config>

和web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<servlet>
    <servlet-name>action</servlet-name>
        <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>                   
    <init-param>
        <param-name>config</param-name>
        <param-value>/WEB-INF/struts-config.xml</param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>action</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>



<display-name>Spring Security LDAP Demo Application</display-name>

<!--
  - Location of the XML file that defines the root application context
  - Applied by ContextLoaderListener.
  -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/applicationContext-security.xml
        /WEB-INF/struts-config.xml
    </param-value>
</context-param>

<context-param>
    <param-name>webAppRootKey</param-name>
    <param-value>ldap.root</param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

<!--
  - Loads the root application context of this web app at startup.
  - The application context is then available via
  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> 
</web-app>

在我的index.jsp

<p><a href="secure/index.jsp">Secure page</a></p>
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>

所以当我尝试访问安全时 Spring安全工作正常,当我成功登录但是 在secure / index.jsp 我使用<jsp:forward page="/helloForm.do"></jsp:forward>

和helloForm.jsp

<body>
<h1>
    <bean:write name="helloForm" property="message" />

</h1>
<h2>Hello and Welcome</h2>
</body>

我跑的时候

我表示

你好,欢迎但我无法得到我在FormAction中设置的actionForm消息

public class HelloAction extends Action {

@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
        HttpServletRequest request, HttpServletResponse response)
        throws Exception {
    // TODO Auto-generated method stub

    HelloForm helloForm = new HelloForm();
    helloForm.setMessage("Welcome this is secure page");

    return mapping.findForward("success");
}
}

1 个答案:

答案 0 :(得分:0)

您正在创建一个新的HelloForm,设置它的值,并且完全不做任何其他操作 - 表单将被垃圾收集并且再也看不到了。

使用传递给操作的表单form参数。将其投射到HelloForm,填充值,然后返回前进。