在GAE中使用Spring Security时面临的问题

前端之家收集整理的这篇文章主要介绍了在GAE中使用Spring Security时面临的问题 前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我正在关注本文,以在我的GAE项目http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/中实现Spring Security

我无法使其正常工作,我已配置为受保护的网址未受到保护,并且应用程序未将我重定向到Google登录页面.这是我的web.xml和security-config.xml.请帮忙,因为我已经花了很多时间在此上.我认为有一些小问题我无法解决.

web.xml

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/security-config.xml
    </param-value>
</context-param>

<!-- Enables Spring Security -->
<filter>
    <filter-name>authenticationFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<!-- Reads request input using UTF-8 encoding -->
<filter>
    <filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>authenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>characterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>controller</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>controller</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

security-config.xml

   <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http pattern="/static/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />

<security:http use-expressions="true" entry-point-ref="entryPoint"
    access-denied-page="/">
    <security:intercept-url pattern="/" access="isAuthenticated()" />
    <security:intercept-url pattern="/sample"
        access="isAuthenticated()" />
    <security:custom-filter position="PRE_AUTH_FILTER"
        ref="authenticationFilter" />
</security:http>

<bean id="entryPoint"
    class="com.generic.gae.security.GoogleAccountsAuthenticationEntryPoint" />

<bean id="authenticationFilter" class="com.generic.gae.security.GaeAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="authenticationProvider" />
</security:authentication-manager>

<bean id="authenticationProvider"
    class="com.generic.gae.security.GoogleAccountsAuthenticationProvider" />

谢谢

最佳答案
在security-config.xml中定义的authenticationFilter不是在web.xml中使用的那个.默认情况下,Spring Security使名称为springSecurityFilterChain的过滤器bean可供您使用.因此,您在web.xml中的过滤器声明应为:

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

...

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

参见第Security Namespace Configuration页的2.2节

猜你在找的Spring相关文章