个人中心
gpt4 book ai didi

spring-security - 使用Spring Security 3.0.5覆盖ChannelProcessingFilter不起作用

转载 作者:行者123 更新时间:2023-12-04 04:07:17 27 4
gpt4 key购买 nike

channel 处理器的默认行为是执行sendRedirect(使用302代码临时重定向)。我需要更改此行为,以便完成永久(301)重定向而不是302重定向。我尝试执行以下操作:

  • 通过扩展ChannelProcessingFilter创建自定义ChannelProcessingFilter:

    public class MyChannelProcessingFilter extends ChannelProcessingFilter{
       //No implementation, I needed this to just make sure that a custom filter is created and I can configure it as a custom filter in the xml file. 
    }
  • 通过扩展AbstractRetryEntryPoint创建自定义EntryPoint

    public class RetryWithHttpsEntryPoint extends org.springframework.security.web.access.channel.AbstractRetryEntryPoint {
        private PortResolver portResolver = new PortResolverImpl();
        private final String scheme ="https://";
        /** The standard port for the scheme (80 for http, 443 for https) */
        private final int standardPort = 443;

        public RetryWithHttpsEntryPoint() {
            super("https://", 443);
        }

        @Override
        public void commence(HttpServletRequest request, HttpServletResponse res) throws IOException, ServletException {
            String queryString = request.getQueryString();
            String redirectUrl = request.getRequestURI() + ((queryString == null) ? "" : ("?" + queryString));

            Integer currentPort = new Integer(portResolver.getServerPort(request));
            Integer redirectPort = getMappedPort(currentPort);

            if (redirectPort != null) {
                boolean includePort = redirectPort.intValue() != standardPort;

                redirectUrl = scheme + request.getServerName() + ((includePort) ? (":" + redirectPort) : "") + redirectUrl;
            }

            if (logger.isDebugEnabled()) {
                logger.debug("Redirecting to: " + redirectUrl);
            }

            res.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
            res.setHeader("Location", redirectUrl);
            res.setHeader("Connection", "close");
        }

        protected Integer getMappedPort(Integer mapFromPort) {
            return getPortMapper().lookupHttpsPort(mapFromPort);
        }
    }
  • 在applicationContext-security.xml文件中进行配置。我将完整的xml文件放入您的引用文件中(删除不需要的部分。如果需要其他部分,请告诉我)

    <?xml version="1.0" encoding="UTF-8"?>

    <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:util="http://www.springframework.org/schema/util"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
              http://www.springframework.org/schema/util
              http://www.springframework.org/schema/util/spring-util.xsd">

        <security:http auto-config="false" 
                entry-point-ref="authenticationProcessingFilterEntryPoint" 
                access-decision-manager-ref="accessDecisionManager" >
            <security:intercept-url pattern="/activ8/protectedCheckEligibility.html**" access="user" requires-channel="https"/>
            <security:intercept-url pattern="/siteMap.html" access="ROLE_ANONYMOUS,user,admin" requires-channel="http"/>
            <security:intercept-url pattern="/privacyPolicy.html" access="ROLE_ANONYMOUS,user,admin" requires-channel="http"/>
            <!-- other urls configured over here -->
            <security:intercept-url pattern="/*.jsp" access="ROLE_ANONYMOUS,admin,user" requires-channel="https"/>
            <security:intercept-url pattern="/**/*.html**" access="ROLE_ANONYMOUS,user,admin" requires-channel="https"/>
            <security:intercept-url pattern="/fb_activities.html**" access="parent" />       

            <security:remember-me key="appfuseRocks" />
            <security:custom-filter position="SWITCH_USER_FILTER" ref="careSwitchUserProcessingFilter"/>
            <security:custom-filter position="FORM_LOGIN_FILTER" ref="myCustomAuthenticationProcessingFilter"/>
            <!-- configured the custom channel filter over here --> 
            <security:custom-filter position="CHANNEL_FILTER" ref="myChannelProcessingFilter"/>
        </security:http>

        <bean id="myChannelProcessingFilter" class="com.my.webapp.filter.myChannelProcessingFilter">
            <property name="channelDecisionManager" ref="channelDecisionManager" />
            <property name="securityMetadataSource">
                <security:filter-security-metadata-source path-type="ant">
                    <security:intercept-url pattern="/**" access="REQUIRES_INSECURE_CHANNEL" />
                </security:filter-security-metadata-source>
            </property>
        </bean>

        <bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
            <property name="channelProcessors">
                <list>
                    <ref bean="secureChannelProcessor"/>
                </list>
            </property>
        </bean>

        <bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
            <property name="entryPoint" ref="secureChannelEntryPoint"/>
            <!-- <property name="portMapper" ref="portMapper" /> -->
            <property name="secureKeyword" value="REQUIRES_SECURE_CHANNEL"/>
        </bean>

        <bean id="secureChannelEntryPoint" class="com.my.webapp.filter.RetryWithHttpsEntryPoint"/>

        <!-- lot of other configuratons... removed -->

    </beans>

    • 尝试运行tomcat时出现以下错误: 
    ERROR 2011-12-26 21:13:21,569 [ina].[localhost].[/]]: Exception sending context initialized event to listener instance of class com.kajeet.webapp.listener.StartupListenerorg.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '' and 'Root bean: class [org.springframework.security.web.access.channel.ChannelProcessingFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from  and avoiding the use of .    Offending resource: ServletContext resource [/WEB-INF/applicationContext-security.xml]    at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)    at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)    at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72)    at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.checkFilterChainOrder(HttpSecurityBeanDefinitionParser.java:196)    at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.parse(HttpSecurityBeanDefinitionParser.java:132)    at org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:86)    at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1335)    at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1325)    at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:135)    at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:93)    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493)    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390)    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178)    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:93)    at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)    at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:467)    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:397)    at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)    at com.kajeet.webapp.listener.StartupListener.contextInitialized(StartupListener.java:51)    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)    at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)    at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:920)    at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:883)    at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)    at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)    at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)    at org.apache.catalina.core.StandardService.start(StandardService.java:448)    at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)    at org.apache.catalina.startup.Catalina.start(Catalina.java:552)    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)    at java.lang.reflect.Method.invoke(Method.java:597)    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

    I have also overridden other filters and it does not complain about those. This application was running perfectly fine before. We had this additional requirement and hence I added the new filter and ran into such errors.

    Second approach that I tried is just configuring the default ChannelProcessingFilter in the XML, since in Spring 3.0 the filters are automatically called, I was under impression that I can configure them in XML file and spring will automatically load them, but it didn't:

    <?xml version="1.0" encoding="UTF-8"?>

        <beans xmlns="http://www.springframework.org/schema/beans"
          xmlns:security="http://www.springframework.org/schema/security"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns:util="http://www.springframework.org/schema/util"
          xsi:schemaLocation="http://www.springframework.org/schema/beans
                  http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                  http://www.springframework.org/schema/security
                  http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
                  http://www.springframework.org/schema/util
                  http://www.springframework.org/schema/util/spring-util.xsd">

            <security:http auto-config="false" 
                    entry-point-ref="authenticationProcessingFilterEntryPoint" 
                    access-decision-manager-ref="accessDecisionManager" >
                <security:intercept-url pattern="/activ8/protectedCheckEligibility.html**" access="user" requires-channel="https"/>
                <security:intercept-url pattern="/siteMap.html" access="ROLE_ANONYMOUS,user,admin" requires-channel="http"/>
                <security:intercept-url pattern="/privacyPolicy.html" access="ROLE_ANONYMOUS,user,admin" requires-channel="http"/>
                <!-- other urls configured over here -->
                <security:intercept-url pattern="/*.jsp" access="ROLE_ANONYMOUS,admin,user" requires-channel="https"/>
                <security:intercept-url pattern="/**/*.html**" access="ROLE_ANONYMOUS,user,admin" requires-channel="https"/>
                <security:intercept-url pattern="/fb_activities.html**" access="parent" />       

                <security:remember-me key="appfuseRocks" />
                <security:custom-filter position="SWITCH_USER_FILTER" ref="careSwitchUserProcessingFilter"/>
                <security:custom-filter position="FORM_LOGIN_FILTER" ref="myCustomAuthenticationProcessingFilter"/>
            </security:http>

            <bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
                <property name="channelProcessors">
                    <list>
                        <ref bean="secureChannelProcessor"/>
                        <ref bean="insecureChannelProcessor"/>
                    </list>
                </property>
            </bean>

            <bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor"/>
            <bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/> 

            <!-- lot of other configuratons... removed -->

        </beans>

    任何帮助将不胜感激。我不是Spring专业人士,但是我已经做了一些工作,一个或两个指针肯定可以帮助我解决这个问题。先感谢您

    最佳答案

    解决方案:

    问题是我们不能同时拥有security:http和myChannelProcessingFilter(我已覆盖的myChannelProcessingFilter)来处理security:intercept-url的访问参数,因此我删除了http标签并在其中添加了访问内容myChannelProcessingFilter,我希望它在其中进行处理。解决它的XML如下

    <?xml version="1.0" encoding="UTF-8"?>

    <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:util="http://www.springframework.org/schema/util"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
              http://www.springframework.org/schema/util
              http://www.springframework.org/schema/util/spring-util.xsd">

        <!-- 
            The http element responsible for creating a FilterChainProxy and the filter beans which it uses. 
            Common problems like incorrect filter ordering are no longer an issue as the filter positions are predefined. 
        -->
        <security:http auto-config="false" 
                entry-point-ref="authenticationProcessingFilterEntryPoint" 
                access-decision-manager-ref="accessDecisionManager" >

            <security:custom-filter position="CHANNEL_FILTER" ref="channelProcessingFilter"/>

            <security:intercept-url pattern="/*.html*" access="ROLE_ANONYMOUS,admin,user"  />
            <security:intercept-url pattern="/*.jsp" access="ROLE_ANONYMOUS,admin,user" />
            <security:intercept-url pattern="/**/*.html**" access="ROLE_ANONYMOUS,user,admin" />


        </security:http>

        <bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
          <property name="channelDecisionManager" ref="channelDecisionManager"/>
          <property name="securityMetadataSource">
            <security:filter-security-metadata-source path-type="ant">
                <security:intercept-url pattern="/*.jsp**" access="REQUIRES_SECURE_CHANNEL" />
                <security:intercept-url pattern="/**/*.html**" access="REQUIRES_SECURE_CHANNEL" />
            </security:filter-security-metadata-source>
          </property>
        </bean>

        <bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
            <property name="channelProcessors">
                <list>
                    <ref bean="secureProcessor"/>
                    <ref bean="insecureProcessor"/>
                </list>
            </property>
        </bean>

        <bean id="secureProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor" >
            <property name="entryPoint" ref="retryWithHttps"/>
        </bean>

        <bean id="insecureProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
            <property name="entryPoint" ref="retryWithHttp"/>
        </bean>

        <bean id="retryWithHttps" class="com.my.webapp.filter.RetryWithHttpsEntryPoint" />
        <bean id="retryWithHttp" class="com.my.webapp.filter.RetryWithHttpEntryPoint" />

    </beans>

    关于spring-security - 使用Spring Security 3.0.5覆盖ChannelProcessingFilter不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8641867/

    27 4 0
    文章推荐: hl7 - 取消识别HL7数据
    文章推荐: amazon-web-services - Elastic Beanstalk 中的 cfn-hup "on.demand"触发器
    文章推荐: xcode - 是否可以通过环境变量获取Xcode 4中的工作空间路径
    文章推荐: eclipse - Eclipse中的GWT编译按钮
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com