Spring Security,总是重定向到登录页面 [英] Spring Security, always redirect to Login page
问题描述
我有一个严重的问题...
我试图在weblogic 11g上创建一个应用程序,包括Spring 3,Hibernate 3和AngularJS。
为期2天,使我的应用程序工作非常困难。
终于,我能够做到这一点!
但问题是当我对自己进行身份验证时,我在应用程序上导航,在每个页面上,
春季安全重定向我的登录页面...我真的不知道为什么......
Web.xml: strong>
< web-app xmlns:xsi =http://www.w3.org/2001/XMLSchema-实例xmlns =http://java.sun.com/xml/ns/javaeexmlns:jsp =http://java.sun.com/xml/ns/javaee/jspxsi:schemaLocation =http ://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd\">
< servlet>
< servlet-name>调度程序< / servlet-name>
< servlet-class> org.springframework.web.servlet.DispatcherServlet< / servlet-class>
< init-param>
< param-name> contextConfigLocation< / param-name>
< param-value> /WEB-INF/spring/spring.xml< / param-value>
< / init-param>
1< / load-on-startup>
< / servlet>
< servlet-mapping>
< servlet-name>调度程序< / servlet-name>
< url-pattern> /< / url-pattern>
< / servlet-mapping>
< listener>
< listener-class> org.springframework.web.context.ContextLoaderListener< / listener-class>
< / listener>
< listener>
< listener-class> com.bla.Init< / listener-class>
< / listener>
< context-param>
< param-name> contextConfigLocation< / param-name>
< param-value>
/WEB-INF/spring/spring.xml
< /参数值>
< / context-param>
< filter>
< filter-name> springSecurityFilterChain< / filter-name>
< filter-class> org.springframework.web.filter.DelegatingFilterProxy< / filter-class>
< / filter>
< filter-mapping>
< filter-name> springSecurityFilterChain< / filter-name>
< url-pattern> / *< / url-pattern>
< / filter-mapping>
< filter>
< filter-name> encodingFilter< / filter-name>
< filter-class> org.springframework.web.filter.CharacterEncodingFilter< / filter-class>
< init-param>
< / param-name>编码< / param-name>
< param-value> UTF-8< /参数值>
< / init-param>
< init-param>
< param-name> forceEncoding< / param-name>
< param-value> true< /参数值>
< / init-param>
< / filter>
< filter-mapping>
< filter-name> encodingFilter< / filter-name>
< servlet-name>调度程序< / servlet-name>
< / filter-mapping>
< jsp-config>
< jsp-property-group>
< url-pattern> *。jsp< / url-pattern>
< page-encoding> UTF-8< / page-encoding>
< trim-directive-whitespaces> true< / trim-directive-whitespaces>
< / jsp-property-group>
< / jsp-config>
< / web-app>
Spring.xml
< beans xmlns =http://www.springframework.org/schema/beansxmlns:xsi =http://www.w3.org/2001/ XMLSchema实例
xmlns:context =http://www.springframework.org/schema/context
xsi:schemaLocation =http://www.springframework.org/schema/beans http ://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context /spring-context-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/task/spring-context-3.0.xsd\">
<! - 基本配置 - >
< context:annotation-config />
< context:component-scan base-package =test.model/>
< context:component-scan base-package =test.repository/>
< context:component-scan base-package =test.service/>
< context:component-scan base-package =test.controller/>
<! - SpringMVC - >
< import resource =spring-mvc.xml/>
<! - SpringData - >
< import resource =spring-jpa.xml/>
<! - SpringSecurity - >
< import resource =spring-security.xml/>
< / beans>
spring-security.xml :
< beans xmlns =http://www.springframework.org/schema/beans
xmlns:xsi =http:// www .w3.org / 2001 / XMLSchema-instance
xmlns:security =http://www.springframework.org/schema/security
xsi:schemaLocation =http://www.springframework .org / schema / beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework。组织/架构/安全/弹簧security.xsd>
< security:global-method-security secured-annotations =enabled/>
< security:http auto-config =trueuse-expressions =trueaccess-denied-page =/ login?error = 403>
< security:intercept-url pattern =/access =permitAll/>
< security:intercept-url pattern =/ protected / **access =isFullyAuthenticated()/>
< security:form-login login-page =/ loginauthentication-failure-url =/ login?error = 403default-target-url =/ protected / home/ >
< security:logout invalidate-session =truelogout-success-url =/ loginlogout-url =/ logout/>
< / security:http>
< security:authentication-manager>
< security:authentication-provider>
<安全性:jdbc-user-service
data-source-ref =myRapportDataSource
users-by-username-query =选择从system_user启用的nni,密码,其中nni = ?
authority-by-username-query =选择u.nni作为登录名,u.user_role作为来自system_user的角色u其中u.nni =? />
< / security:authentication-provider>
< / security:authentication-manager>
< / beans>
我也添加了 spring-mvc.xml :
< beans xmlns =http://www.springframework.org/schema/beansxmlns:xsi =http:// www .w3.org / 2001 / XMLSchema-instance
xmlns:mvc =http://www.springframework.org/schema/mvc
xsi:schemaLocation =http://www.springframework .org / schema / beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/mvc http:// www。 springframework.org/schema/mvc/spring-mvc-3.0.xsd\">
< mvc:annotation-driven />
< mvc:default-servlet-handler />
<! - 登录拦截器 - >
< mvc:interceptors>
< mvc:interceptor>
< mvc:mapping path =/ protected / **/>
< bean class =gram.interceptor.LoginInterceptor/>
< / mvc:拦截器>
<! - 解决IE8问题的解决方法 - >
< bean id =webContentInterceptor
class =org.springframework.web.servlet.mvc.WebContentInterceptor>
< property name =cacheSecondsvalue =0/>
< property name =useExpiresHeadervalue =true/>
< property name =useCacheControlHeadervalue =true/>
< property name =useCacheControlNoStorevalue =true/>
< / bean>
< / mvc:interceptors>
< / beans>
起初,这个应用程序在Tomcat 6上运行良好,但我必须在weblogic上迁移它10.3.6
有什么想法?我几乎绝望......
非常感谢每一位来看看我的问题
使用
< security:intercept-url pattern =/access =permitAll/>
只有匹配 /
的网址才会有 permitAll
访问。所以你需要的是:
$ b
< security:intercept-url pattern =/ protected / **access =isFullyAuthenticated()/>
< security:intercept-url pattern =/ **access =permitAll/>
I have a serious problem... i'm trying to create an application on weblogic 11g, with Spring 3, Hibernate 3 and AngularJS. for 2 days, i was in deep difficulty to make my app working. finally, i was able to make this work !
but, the problem is when i authenticate myself, and i navigate on the app, on each page, spring security redirect me on the login page... and i really don't know why...
Web.xml :
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/spring.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>com.bla.Init</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/spring.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<servlet-name>dispatcher</servlet-name>
</filter-mapping>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<page-encoding>UTF-8</page-encoding>
<trim-directive-whitespaces>true</trim-directive-whitespaces>
</jsp-property-group>
</jsp-config>
</web-app>
Spring.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/task/spring-context-3.0.xsd">
<!-- Basic Configurations -->
<context:annotation-config/>
<context:component-scan base-package="test.model"/>
<context:component-scan base-package="test.repository"/>
<context:component-scan base-package="test.service"/>
<context:component-scan base-package="test.controller"/>
<!-- SpringMVC -->
<import resource="spring-mvc.xml"/>
<!-- SpringData -->
<import resource="spring-jpa.xml"/>
<!-- SpringSecurity -->
<import resource="spring-security.xml"/>
</beans>
spring-security.xml :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true" use-expressions="true" access-denied-page="/login?error=403">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/protected/**" access="isFullyAuthenticated()" />
<security:form-login login-page="/login" authentication-failure-url="/login?error=403" default-target-url="/protected/home" />
<security:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="myRapportDataSource"
users-by-username-query="select nni, password, enabled from system_user where nni = ?"
authorities-by-username-query="select u.nni as login, u.user_role as role from system_user u where u.nni = ?" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
i add the spring-mvc.xml too :
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<mvc:annotation-driven/>
<mvc:default-servlet-handler/>
<!-- Login Interceptor -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/protected/**"/>
<bean class="gram.interceptor.LoginInterceptor"/>
</mvc:interceptor>
<!-- workaround to fix IE8 problem -->
<bean id="webContentInterceptor"
class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="cacheSeconds" value="0"/>
<property name="useExpiresHeader" value="true"/>
<property name="useCacheControlHeader" value="true"/>
<property name="useCacheControlNoStore" value="true"/>
</bean>
</mvc:interceptors>
</beans>
at first, this app was on Tomcat 6 and worked fine, but i have to migrate it on weblogic 10.3.6
any ideas ? i'm almost despered...
thank you very much every one to take a look at my problem
With
<security:intercept-url pattern="/" access="permitAll" />
Only the URL matching /
will have the permitAll
access. So what you need is actually:
<security:intercept-url pattern="/protected/**" access="isFullyAuthenticated()" />
<security:intercept-url pattern="/**" access="permitAll" />
这篇关于Spring Security,总是重定向到登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!