我正在尝试使用数据库实现Spring Security身份验证和授权。 Spring安全认证工作正常。但我正在使用URL / Sample_App / j_spring_security_check获取HTTP 404 NOT FOUND页面,而不是它应该转到的default-target-url。
这是我的spring-security文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:import resource="im-jndi-datasource.xml" />
<http pattern="/inventory/auth/login" security="none"/>
<http pattern="/inventory/auth/deny" security="none"/>
<http pattern="/images/**" security="none"/>
<http pattern="/css/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http auto-config="true">
<intercept-url pattern="/inventory/**" access="ROLE_ADMIN" />
<form-login
login-page="/inventory/auth/login"
default-target-url="/inventory/landing/loadDashBoardPage"
authentication-failure-url="/inventory/auth/login?error"
username-parameter="username"
password-parameter="password" />
<access-denied-handler error-page="/inventory/auth/deny"/>
<logout logout-success-url="/logout" />
<session-management
session-authentication-error-url="/inventory/auth/login"
invalid-session-url="/inventory/auth/login">
<concurrency-control max-sessions="1" error-if-maximum-exce eded="true"/>
</session-management>
</http>
<authentication-manager>
<authentication-provider>
<!-- <security:user-service> <security:user name="dineshonjava" password="sweety"
authorities="ROLE_USER" /> </security:user-service> -->
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, status as enabled from bbp_user where username=?"
authorities-by-username-query="select us.username, ur.rolename as authority from bbp_user us, bbp_users_and_roles bur, bbp_role ur
where us.user_id = bur.user_id and bur.role_id =ur.role_id and us.username =? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
这是spring-servlet.xml文件的一部分
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/eimsgo-security.xml</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring-servlet.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/inventory/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我使用tiles2.TilesViewResolver和ContentNegotiatingViewResolver
这是我的tiles-context xml
<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/views.xml</value>
</list>
</property>
</bean>
<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="mediaTypes">
<map>
<entry key="atom" value="application/atom+xml"/>
<entry key="html" value="text/html"/>
<entry key="json" value="application/json"/>
</map>
</property>
<property name="defaultViews">
<list>
<bean class="org.springframework.web.servlet.view.json.MappingJacksonJsonView" />
</list>
</property>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/jsp/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
我的欢迎文件index.jsp用URL(/ inventory / auth / login)命中LoginController.java
LoginController.java
@Controller
@RequestMapping("/auth")
public class LoginController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout,
@RequestParam(value = "invalid", required = false) String invalid) {
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
if(invalid != null) {
model.addObject("invalid", "Invalid session!!");
}
model.setViewName("home_creation");
return model;
}
}
成功登录后,应按照安全xml文件中定义的default-target-url转到/ inventory / landing / loadDashBoardPage。
其中/ landing是我的Spring Controller之一,而loadDashBoarPage是方法级别映射。 loadDashBoardPage与数据库交互并设置Map对象并返回View字符串&#34; DashBoardPage&#34;。 TilesViewResolver现在应该呈现此页面。
InventoryController.java
@Controller
@RequestMapping("/landing")
public class InventoryController {
@RequestMapping(value = { "/loadDashBoardPage" }, method = { GET, POST })
public String loadDashBoardPage(Map<String, Object> model,
HttpServletRequest request, HttpSession session) {
List lobList = new ArrayList();
InventoryService inventoryService = (InventoryService) InventoryApplicationContext
.getBean("inventoryService");
lobList = inventoryService.loadLob();
model.put("lob", lobList);
model.put("leftTreee", inventoryService.loadDataforNavigator());
return "DashBoardPage";
}
请查看下面的日志
2014-12-05 22:55:27,419 [http-bio-8090-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - 启动事务提交
2014-12-05 22:55:27,420 [http-bio-8090-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - 在Connection上提交JDBC事务[jdbc:oracle:thin:@ 10.237。 31.14:1521:xe,UserName = ADMIN,Oracle JDBC驱动程序]
2014-12-05 22:55:27,422 [http-bio-8090-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceTransactionManager - 发布JDBC连接[jdbc:oracle:thin:@ 10.237.31.14: 1521:xe,UserName = ADMIN,Oracle JDBC驱动程序]在事务
之后2014-12-05 22:55:27,422 [http-bio-8090-exec-8] DEBUG org.springframework.jdbc.datasource.DataSourceUtils - 将JDBC连接返回到DataSource
2014-12-05 22:55:27,425 [http-bio-8090-exec-8] DEBUG org.springframework.web.servlet.view.ContentNegotiatingViewResolver - 请求的媒体类型是[image / jpeg,application / x-ms-application,image / gif,application / xaml + xml,image / pjpeg,application / x-ms-xbap,application / vnd.ms-excel,application / vnd.ms-powerpoint,application / msword,< em> / ](基于Accept标头)
2014-12-05 22:55:27,425 [http-bio-8090-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - 在名称为&#39; DashBoardPage的bean上调用afterPropertiesSet() .atom&#39;
2014-12-05 22:55:27,426 [http-bio-8090-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - 在名称为&#39; DashBoardPage的bean上调用afterPropertiesSet()上传.json&#39;
2014-12-05 22:55:27,429 [http-bio-8090-exec-8] DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - 在名称为&#39; DashBoardPage的bean上调用afterPropertiesSet() html的&#39;
2014-12-05 22:55:27,430 [http-bio-8090-exec-8] DEBUG org.springframework.web.servlet.view.ContentNegotiatingViewResolver - 返回[org.springframework.web.servlet。 view.tiles2.TilesView:name&#39; DashBoardPage&#39 ;; URL [DashBoardPage]]基于请求的媒体类型&#39; / &#39;
2014-12-05 22:55:27,430 [http-bio-8090-exec-8] DEBUG org.springframework.web.servlet.DispatcherServlet - 渲染视图[org.springframework.web.servlet.view.tiles2。 TilesView:name&#39; DashBoardPage&#39 ;; DispatcherServlet中的URL [DashBoardPage]],名称为&#39; spring&#39;
2014-12-05 22:55:27,430 [http-bio-8090-exec-8] DEBUG org.springframework.web.servlet.view.tiles2.TilesView - 添加了模型对象&#39; lob&#39;类型为[java.util.ArrayList]的视图请求名称&#39; DashBoardPage&#39;
2014-12-05 22:55:27,431 [http-bio-8090-exec-8] DEBUG org.springframework.web.servlet.view.tiles2.TilesView - 添加了模型对象&#39; leftTreee&#39;类型为[java.util.HashMap]的视图请求名称&#39; DashBoardPage&#39;
2014-12-05 22:55:27,431 [http-bio-8090-exec-8] DEBUG org.apache.tiles.impl.BasicTilesContainer - 收集渲染请求定义&#39; DashBoardPage&#39
2014-12-05 22:55:27,432 [http-bio-8090-exec-8] DEBUG org.springframework.web.servlet.DispatcherServlet - 已成功完成请求
2014-12-05 22:55:27,432 [http-bio-8090-exec-8] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - 正常处理链
2014-12-05 22:55:27,432 [http-bio-8090-exec-8] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder现已清除,请求处理完成
Spring Security在此处成功验证,并且视图解析程序未呈现所请求的页面。
相反,我正在 http://abc.xyz.com/Sample_App/j_spring_security_check
它应该允许用户转到default-target-url
中定义的URL/ Sample_App /库存/降落/ loadDashBoardPage
请指教!!
答案 0 :(得分:0)
我自己解决了这个问题。 Spring Security严格拦截所有URL,包括CSS,Images,JavaScripts,JSP文件和所有内容。
这里的问题是,我正在使用TilesViewResolver
<definition name="LogoutPage" template="/jsp/logout.jsp">
<put-attribute name="header" value="/jsp/tiles/logoutHeader.jsp" />
<put-attribute name="footer" value="/jsp/tiles/footer.jsp" />
<put-attribute name="content" value="/jsp/logout_creation.jsp" />
</definition>
我忘记配置spring安全性,拦截这些tile页面使用的所有子URL以及基于角色的身份验证。