1. 首頁
  2. 問答
  3. 彈簧安全和球衣:沒有自動重定向到登錄網站

彈簧安全和球衣:沒有自動重定向到登錄網站

2010-12-09 73 views
1

我使用彈簧安全3.0.3與球衣1.2跑進以下問題:彈簧安全和球衣:沒有自動重定向到登錄網站

當我我的註釋與@Secured或@PreAuthorize澤西資源註釋,spring-security不會根據需要將用戶代理自動定向到登錄頁面。只有AuthenticationCredentialsNotFoundException被引發,HTTP 500返回給用戶代理,而不是重定向到spring-security的表單登錄頁面。 有誰知道爲什麼會出現這個問題?

資源:

@Path("/event") 
@Component 
public class EventResource extends AbstractBaseResource { 

    @Resource(name = "eventService") 
    private EventService eventService; 

    public void setEventService(EventService eventService) { 
     this.eventService = eventService; 
    } 

@GET 
@Path("/view/{id}") 
@Produces(MediaType.TEXT_HTML) 
@PreAuthorize("hasRole('ROLE_USER')") 
public Viewable viewEvent(@PathParam("id") long id) throws UnsupportedEncodingException, URISyntaxException{ 
      ... 
     } 
}

的web.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_3_0.xsd" 
    version="3.0"> 
    <filter> 
     <filter-name>jersey</filter-name> 
     <filter-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</filter-class> 
     <init-param> 
      <param-name>com.sun.jersey.config.property.WebPageContentRegex</param-name> 
      <param-value>/(static|images|js|css|(WEB-INF/views))/.*</param-value> 
     </init-param> 
     <init-param> 
      <param-name>com.sun.jersey.config.property.JSPTemplatesBasePath</param-name> 
      <param-value>/WEB-INF/views/</param-value> 
     </init-param> 
    </filter> 

    <filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 


    <filter-mapping> 
     <filter-name>jersey</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

    [...] 
</web-app>

方面:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" 
    xmlns:security="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

    <context:annotation-config /> 
    <context:component-scan base-package="..." /> 
<context:mbean-export/> 

    <security:http auto-config="true" > 
    <security:form-login/> 
    <security:logout/> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider ref="..." /> 
    </security:authentication-manager> 

<security:global-method-security pre-post-annotations="enabled" /> 

    [...] 
</beans>

謝謝!

來源

2010-12-09 fasseg

回答

2

這是spring-security 3.0.3的一個問題。 在切換到spring-security 3.0.5之後,一切都按預期工作。

來源

2010-12-14 14:14:06 fasseg

1

難道這是由於登錄頁面本身被彈簧安全性過濾嗎?檢查的方法之一是嘗試添加類似的一行

<intercept-url pattern="/login.jsp*" filters="none"/>

來源

2010-12-14 03:08:52 Raghuram

+0

沒有幫助:/ – fasseg 2010-12-14 14:10:49

1

添加下列文件管理器到web.xml

<filter> 
     <filter-name>Acegi Filter Chain Proxy</filter-name> 
     <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class> 
     <init-param> 

      <param-name>targetClass</param-name> 
      <param-value>org.springframework.security.util.FilterChainProxy</param-value> 
     </init-param> 
    </filter>

更新的背景文件,:

<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
<security:form-login login-page="/login.htm" 
          login-processing-url="/yourprocessingurl.do" 
          default-target-url="/index.htm" 
          authentication-failure-url="/login.htm" /> 
<security:logout logout-url="/logout" logout-success-url="/logout.jsp" /> 
<security:anonymous key="anonymous-security" />

來源

2010-12-14 03:44:11

+0

首先這似乎是spring-security-2的配置,其次我確實希望使用spring-security的內部登錄和註銷站點 – fasseg 2010-12-14 14:11:48

相關問題

 相關問題