个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
25
4
我正在尝试使用 Spring Security 配置 Spring MVC。我有用于身份验证的自定义登录页面。成功验证用户身份后,我希望在 WelcomeController.java 中调用名为 home() 的 Controller 方法
下面是我的 web.xml、test-serlet.xml、test-security-config.xml、pom.xml、WelcomeController.java 和日志文件。
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>test</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/test-servlet.xml
/WEB-INF/test-security-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>test</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/test-servlet.xml
/WEB-INF/test-security-config.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/test/*</url-pattern>
</servlet-mapping>
<!--Spring security filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
测试servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<context:annotation-config />
<context:component-scan base-package="com.test.web"/>
<mvc:annotation-driven />
<mvc:resources location="/resources/" mapping="/resources/**"></mvc:resources>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/WEB-INF/pages/" p:suffix=".jsp" />
</beans>
测试安全配置.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true" access-denied-page="/welcome/denied">
<intercept-url pattern="/welcome/*" access="hasAnyRole('ROLE_SUPERADMIN','ROLE_OEMMANAGER','ROLE_OEMSALESPERSON')"/>
<intercept-url pattern="/index*" access="permitAll"/>
<intercept-url pattern="/login*" access="isAnonymous()" method="GET"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login.jsp" login-processing-url="/login" default-target-url="/welcome/home" />
<logout logout-success-url="/index.jsp"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="shuchi" authorities="ROLE_SUPERADMIN" password="a" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
WelcomeController.java
package com.test.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/welcome")
public class WelcomeController {
private static Log log = LogFactory.getLog(WelcomeController.class);
@RequestMapping(value = { "/home" }, method = RequestMethod.GET)
public String home(Model model) {
log.info("--- home() Starts ---");
System.out.println("--- home() Starts ---");
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = "";
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}
log.info("username=" + username);
model.addAttribute("message",
"Hi Tehre! You've reached the welcome page!");
// ModelAndView model = new ModelAndView("index");
return "home";
}
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
// log.info("User's role is: "+ <sec:authentication
// property="principal.authorities"/>);
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = "";
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}
log.info("username=" + username);
log.debug("Received request to show denied page");
// This will resolve to /WEB-INF/jsp/deniedpage.jsp
return "denied";
}
}
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>test</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<build>
<sourceDirectory>src</sourceDirectory>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<warSourceDirectory>WebContent</warSourceDirectory>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate.common</groupId>
<artifactId>hibernate-commons-annotations</artifactId>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging-api</artifactId>
</dependency>
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
<version>1.0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate.common</groupId>
<artifactId>hibernate-commons-annotations</artifactId>
<version>4.0.5.Final</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging-api</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.1-901-1.jdbc4</version>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
<version>1.0.2</version>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>3.6.10.Final</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>
测试.log
...
2015-05-04 12:21:27 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.jsp'; against '/login*'
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /login.jsp; Attributes: [isAnonymous()]
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_ANONYMOUS
2015-05-04 12:21:27 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5875e564, returned: 1
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-04 12:21:27 DEBUG FilterChainProxy:323 - /login.jsp reached end of additional filter chain; proceeding with original chain
2015-05-04 12:21:28 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-04 12:21:28 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-05-04 12:21:28 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:152 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@15ce9113. A new one will be created.
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-04 12:21:32 DEBUG UsernamePasswordAuthenticationFilter:205 - Request is to process authentication
2015-05-04 12:21:32 DEBUG ProviderManager:152 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2015-05-04 12:21:32 DEBUG CompositeSessionAuthenticationStrategy:81 - Delegating to org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy@cc026e6
2015-05-04 12:21:32 DEBUG SessionFixationProtectionStrategy:87 - Invalidating session with Id 'C51942A05166FA866F8863CA07809883' and migrating attributes.
2015-05-04 12:21:32 DEBUG SessionFixationProtectionStrategy:97 - Started new session: 4F86F4424F09507605F075E2A8F90748
2015-05-04 12:21:32 DEBUG UsernamePasswordAuthenticationFilter:319 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN
2015-05-04 12:21:32 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /welcome/home
2015-05-04 12:21:32 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/test/welcome/home'
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:327 - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@6124f8c9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN'
2015-05-04 12:21:32 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:171 - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@6124f8c9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-05-04 12:21:32 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-05-04 12:21:32 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/welcome/home'; against '/welcome/*'
2015-05-04 12:21:32 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /welcome/home; Attributes: [hasAnyRole('ROLE_SUPERADMIN','ROLE_OEMMANAGER','ROLE_OEMSALESPERSON')]
2015-05-04 12:21:32 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN
2015-05-04 12:21:33 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5875e564, returned: 1
2015-05-04 12:21:33 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-04 12:21:33 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-04 12:21:33 DEBUG FilterChainProxy:323 - /welcome/home reached end of additional filter chain; proceeding with original chain
2015-05-04 12:21:33 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-04 12:21:33 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
我真的很感谢对此的任何帮助。谢谢!
最佳答案
您将 Controller 请求映射与根上下文混合,您的 Controller 应该是:
@Controller
@RequestMapping("/welcome")
public class WelcomeController {
private static Log log = LogFactory.getLog(WelcomeController.class);
@RequestMapping(value = "/home", method = RequestMethod.GET)
public String home(Model model) {
...
}
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
...
}
}
在安全配置中,将拒绝访问页面更改为“/welcome/denied”:
<http auto-config="true" use-expressions="true" access-denied-page="/welcome/denied">
<intercept-url pattern="/welcome/*" access="hasAnyRole('ROLE_SUPERADMIN','ROLE_OEMMANAGER','ROLE_OEMSALESPERSON')"/>
<intercept-url pattern="/index*" access="permitAll"/>
<intercept-url pattern="/login*" access="isAnonymous()" method="GET"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login.jsp" login-processing-url="/login" default-target-url="/welcome/home" />
<logout logout-success-url="/index.jsp"/>
</http>
关于java - 从 Spring Security 成功登录时不会调用 Spring MVC Controller 方法 - 获取 404 状态,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30038689/
25
4
0
我有一个我想暂时存储的对象。该对象现在在 Controller 中, Controller 将生成一个 View 。 AJAX 请求从 View 发送到下一个 Controller 。那一刻我需要先前
从MVC 2开始,我们可以轻松创建区域。现在,我的问题与嵌套区域(区域内部的区域)有关。 选择我的“father”区域文件夹,右键单击> Add> NO选项以获取new Area。 是否有可能以其他方
关闭。这个问题不满足Stack Overflow guidelines .它目前不接受答案。 想改善这个问题吗?更新问题,使其成为 on-topic对于堆栈溢出。 7年前关闭。 Improve thi
我已经尝试了一些谷歌搜索和堆栈流搜索,但事实证明这比我想象的要难找到。我需要为我们的商店迁移到 ASP.NET MVC 2 的管理提供理由。最大的帮助将是任何企业级站点或使用 ASP.NET MVC
关闭。这个问题是opinion-based 。目前不接受答案。 想要改进这个问题吗?更新问题,以便 editing this post 可以用事实和引文来回答它。 . 已关闭 6 年前。 Improv
我有一些常见的网页,它们将出现在多个 MVC 应用程序中。对于这些页面,我想在不同的 MVC 网站之间重用相同的源代码( Controller + View )。这样做的最佳方法是什么? ASP.NE
我正在使用 Spring MVC 来构建我的应用程序。 当用户在浏览器中运行应用程序时,我想显示一个默认的 jsp。我不想用 web.xml 中的标记。 我想我可以用 我已经创建了一个文件夹并添
我可能在这里分析过度了,但是根据我对 MVC 的阅读,似乎有很多关于如何做事情的观点。 是否有一个“最佳实践”网站或文档来定义 MVC 各个部分的职责? 请记住,我使用 EF/Repository&U
当杰里米和查德 posted about their FubuMvc project ,他们提到的差异化因素之一是他们的“雷霆穹顶校长”: The “Thunderdome Principle” –
我正在为 Spring MVC 应用程序实现缓存清除系统。 为了让这个系统正常工作,我必须从给定的 url 中删除“缓存破坏代码”。假设我生成的缓存破坏代码是“123”,我有一个 .css url:/
在调试 ASP.NET MVC 源时,我发现使用了“MVC-ControllerTypeCache.xml” 文件。但我无法理解这个文件的用途。我的意思是这个文件存储在哪里?asp.net MVc 如
我刚刚在我的本地机器上安装了 Visual Studio 11 和 MVC 4 beta。但是,每当我打开一个 MVC 3 项目(我想保留为 MVC 3)时,所有引用都已更新为版本 4 DLL。当然它
我有一个 MVC 3 应用程序,它具有一些核心功能(最重要的是自动化),但主要用作不同区域或模块的门户。我想将它组织到不同的模块中,只需稍作更改也可以部署为他们自己的网站。 该项目由论坛、博客引擎、用
我有自己的服务器,正在考虑将我的一个解决方案升级到 ASP.NET MVC 4,然后再升级其余的 (3+)。 作为其中的一部分,我下载了 the standalone installer对于 ASP.
构图 我有一个 MVC 项目,其中包含 C# 类,这些类最终通过 ajax 等进行序列化和使用。我使用 TypeLite 生成这些 C# 类的定义( here 讨论了 TypeLite 的替代方案),
我正在尝试了解现代 Web 应用程序架构。在 ASP.NET MVC 中,所有业务逻辑类都在 Model 中,Controller 接受并引导用户请求。如果我使用它,是否可以使用本身是 MVC 架构但
我有一个带有 OWIN 的 WebAPI 2 应用程序。现在我正在尝试向所有内容添加一个 MVC 5 Controller ,但没有找到我的 MVC 路由。我收到以下错误: No HTTP resou
在 MVC 3 中,他们添加了我一直在使用的依赖解析器。在回答某人对您发表评论的问题时,您应该使用 Ninject MVC 3 插件。 所以我的问题是为什么要使用它而不是内置的?如果这是要走的路,你如
我是 ASP.NET MVC 的新手,我正在寻找最不痛苦的方法来设置全局错误处理、日志记录和报告(通过电子邮件)。仅供引用,我的 ASP.NET MVC 应用程序在 Azure 中作为 Web 角色托
何时使用 MVC View 页面和 MVC View 内容页面?它们有什么区别? 最佳答案 **MVC View Page 用于创建页面,MVC VewP Content Page 用于创建页面并指定
我是一名优秀的程序员,十分优秀!