Question

我已成功配置Spring Secure with Maven，但我的过滤器不起作用。 Spring允许每个人进入。我想禁用用户配置文件子页面。用户未签名时，过滤器不会重定向到登录页面。

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/user-profile/**" access="hasRole('ROLE_USER')" />
</http>

<beans:bean id="userDetailsService" class="com.walladverts.auth.HibernateUserDetailsService">
</beans:bean>

<beans:bean id="daoAuthenticationProvider"
    class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref local="daoAuthenticationProvider" />
        </beans:list>
    </beans:property>
</beans:bean>


<authentication-manager>
  <authentication-provider user-service-ref="userDetailsService">
    <password-encoder hash="sha"/>
  </authentication-provider>
</authentication-manager>

Answer 1

使用这种方式

<security:http auto-config="true" use-expressions="true">
    <security:intercept-url pattern="/user-profile/**" access="hasRole('ROLE_USER')" />
</security:http>


<security:authentication-manager>
  <security:authentication-provider user-service-ref="userDetailsService">
    <security:password-encoder hash="sha"/>
  </security:authentication-provider>
</security:authentication-manager>

将以下内容添加到web.xml

<!-- Enables Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>lazyLoadingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

拦截网址不起作用

1 个答案: