提到值得:我正在关注
Securing GWT apps with Spring Security的教程.
我不懂.我似乎无法获得permitAll,因为我需要它.
这是我目前的配置:
<http auto-config="true"> <intercept-url pattern="/**" access="permitAll" /> <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/login?error" username-parameter="username" password-parameter="password" /> </http>
如果我在// localhost:8080上访问我的网站,则该网站因为请求而未完全加载
//localhost:8080/app/xsrf
因某种原因被禁止了403.如果我理解正确的话,我配置Spring Security的方式应该不是问题.
如果我简单地添加,我就无法工作
<intercept-url pattern="/**" access="permitAll" />
到< http ..>什么工作是添加这个:
<http pattern="/app/xsrf" security="none"/>
我想了解为什么,因为这不是我要配置Spring Security的方式..添加应该允许的每个URL.
我面临的另一个问题是,无论出于何种原因(可能相同),我都无法访问// localhost:8080 / login.这意味着如果我将登录信息提交到/ login,我将收到403 Forbidden.
现在,人们会认为添加< http pattern =“/ login”security =“none”/>会有所帮助,但没有.如果我将其添加到我的配置中,我将在此特定URL上找到404 Not Found.
这开始让我疯了,因为我被困在这里这么多天我不敢告诉你.您的帮助将得到赞赏和奖励.
整个applicationContext-service.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <!-- Imports --> <beans:import resource="applicationContext-jooq.xml"/> <!-- /////////////////////////////////////////////////////////////// --> <!-- // BEGIN Spring Security --> <http pattern="/app/xsrf" security="none"/> <!-- <http pattern="/login" security="none"/> --> <http auto-config="true"> <intercept-url pattern="/**" access="permitAll" /> <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/login?error" username-parameter="username" password-parameter="password" /> </http> <beans:bean id="authenticationListener" class="com.mz.server.web.auth.CustomAuthenticationListener"/> <beans:bean id="authenticationProvider" class="com.mz.server.web.auth.CustomAuthenticationProvider"/> <beans:bean id="userDetailsService" class="com.mz.server.web.service.CustomUserDetailsService"/> <authentication-manager alias="authenticationManager"> <authentication-provider ref="authenticationProvider"/> </authentication-manager> <!-- // END Spring Security --> <!-- /////////////////////////////////////////////////////////////// --> <!-- // BEGIN Services --> <beans:bean id="loginService" class="com.mz.server.web.service.LoginService"> <beans:constructor-arg ref="dslContext" /> </beans:bean> <!-- // END Services --> </beans:beans>
编辑:
减少了applicationContext-service.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <!-- Imports --> <beans:import resource="applicationContext-jooq.xml"/> <!-- //////////////////////////////////////////////////////////////////////////////// --> <!-- // BEGIN Spring Security --> <global-method-security pre-post-annotations="enabled"/> <http auto-config="true"> <intercept-url pattern="/**" access="permitAll" /> </http> <!-- // END Spring Security--> </beans:beans>
这是web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <display-name>GWT Application | mz</display-name> <welcome-file-list> <!-- Default page to serve --> <welcome-file>index.html</welcome-file> </welcome-file-list> <!-- //////////////////////////////////////////////////////////////////////////////// --> <!-- // BEGIN Filters --> <!-- Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- // END FILTERS --> <!-- //////////////////////////////////////////////////////////////////////////////// --> <!-- // BEGIN Listeners --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>com.mz.server.web.ServerConfig</listener-class> </listener> <!-- // END Listeners --> <!-- //////////////////////////////////////////////////////////////////////////////// --> <!-- // BEGIN Servlets --> <servlet> <servlet-name>login</servlet-name> <servlet-class>com.mz.server.web.servlet.LoginServletImpl</servlet-class> </servlet> <servlet-mapping> <servlet-name>login</servlet-name> <url-pattern>/app/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>xsrf</servlet-name> <servlet-class>com.google.gwt.user.server.rpc.XsrfTokenServiceServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>xsrf</servlet-name> <url-pattern>/app/xsrf</url-pattern> </servlet-mapping> <servlet> <!-- Dispatcher Servlet for REST API for Mobile Devices --> <servlet-name>mobile-restapi</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>mobile-restapi</servlet-name> <url-pattern>/app/restapi/*</url-pattern> </servlet-mapping> <!-- // END Servlets --> <!-- //////////////////////////////////////////////////////////////////////////////// --> <!-- // BEGIN Context Parameter --> <context-param> <param-name> gwt.xsrf.session_cookie_name </param-name> <param-value> mzsid </param-value> </context-param> <context-param> <param-name> contextConfigLocation </param-name> <param-value> classpath:/**/spring-config.xml classpath*:applicationContext-service.xml </param-value> </context-param> <!-- // END Context Parameter --> <!-- //////////////////////////////////////////////////////////////////////////////// --> </web-app>
看来错误发生在web.xml中.而不是< url-pattern> / *< / url-pattern> (正如我所遵循的教程中所述)它应该是/ **:
<filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <!-- It appears that this should say '/**' and not '/*' as stated in many tutorials (e.g. http://websystique.com/spring-security/spring-security-4-hello-world-annotation-xml-example/). --> <url-pattern>/**</url-pattern> </filter-mapping>
有趣的是,我现在得到以下“信息”:
INFO: SuspicIoUs url pattern: "/**" in context [] - see section SRV.11.2 of the Servlet specification
我只能说,这开始变得个人化了……