GWT Spring Security集成(PURE GWT,无JSP) [英] GWT Spring Security Integration (PURE GWT, NO JSP)

查看:104
本文介绍了GWT Spring Security集成(PURE GWT,无JSP)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 GWT 2.4 Spring 3.1 ,并且希望使用 Spring Security 来保护我的应用程序。我正在寻找没有单独的JSP登录页面的仅GWT解决方案。我发现只有使用JSP进行登录的旧网站,因此此线程可能会导致以标准方式将GWT与Spring Security完全集成的解决方案。无论如何,如果有一个引用已经成功地完成了这个线程,那么当然这个线程可以通过指向该引用的链接来关闭。



到目前为止,我的第一个方法是:

applicationcontext-security.xml: 

 < http auto-config =falseuse-expressions =trueentry-point-ref =customAuthenticationEntryPoint > 
< intercept-url pattern =/ ApplicationScaffold.htmlaccess =permitAll/> 
< intercept-url pattern =/ **access =hasRole('ROLE_USER')/> 
< / http> 
 
< bean:bean id =customAuthenticationEntryPointclass =org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 c:loginFormUrl =/ ApplicationScaffold.html/> 
 
 <! - 配置认证机制 - > 
< authentication-manager alias =authenticationManager> 
< authentication-provider> 
 ... 
< / authentication-provider> 
< / authentication-manager>

ApplicationScaffold.html (我的应用程序是用Spring Roo创建的)是我的包含GWT登录页面的起始页面。



web.xml: 

  <显示-名称>&securitytest LT; /显示名称> 
 
< description> Roo生成的应用程序< / description> 
 
 <! - 启用表单提交内容的转义 - > 
< context-param> 
< param-name> defaultHtmlEscape< / param-name> 
< param-value> true< /参数值> 
< / context-param> 
 
< context-param> 
< param-name> contextConfigLocation< / param-name> 
< param-value> classpath *:META-INF / spring / applicationContext * .xml< / param-value> 
< / context-param> 
 
< filter> 
< filter-name> CharacterEncodingFilter< / filter-name> 
< filter-class> org.springframework.web.filter.CharacterEncodingFilter< / filter-class> 
< init-param> 
< / param-name>编码< / param-name> 
< param-value> UTF-8< /参数值> 
< / init-param> 
< init-param> 
< param-name> forceEncoding< / param-name> 
< param-value> true< /参数值> 
< / init-param> 
< / filter> 
 
< filter> 
< filter-name> HttpMethodFilter< / filter-name> 
< filter-class> org.springframework.web.filter.HiddenHttpMethodFilter< / filter-class> 
< / filter> 
 
< filter> 
< filter-name> springSecurityFilterChain< / filter-name> 
< filter-class> org.springframework.web.filter.DelegatingFilterProxy< / filter-class> 
< / filter> 
< filter> 
< filter-name> Spring OpenEntityManagerInViewFilter< / filter-name> 
< filter-class> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter< / filter-class> 
< / filter> 
< filter-mapping> 
< filter-name> CharacterEncodingFilter< / filter-name> 
< url-pattern> / *< / url-pattern> 
< / filter-mapping> 
 
< filter-mapping> 
< filter-name> HttpMethodFilter< / filter-name> 
< url-pattern> / *< / url-pattern> 
< / filter-mapping> 
 
< filter-mapping> 
< filter-name> springSecurityFilterChain< / filter-name> 
< url-pattern> / *< / url-pattern> 
< / filter-mapping> 
 
< filter-mapping> 
< filter-name> Spring OpenEntityManagerInViewFilter< / filter-name> 
< url-pattern> / *< / url-pattern> 
< / filter-mapping> 
 
 <! - 创建所有Servlet和过滤器共享的Spring容器 - > 
< listener> 
< listener-class> org.springframework.web.context.ContextLoaderListener< / listener-class> 
< / listener> 
 
 <! - 处理Spring请求 - > 
< servlet> 
< servlet-name> securitytest< / servlet-name> 
< servlet-class> org.springframework.web.servlet.DispatcherServlet< / servlet-class> 
< init-param> 
< param-name> contextConfigLocation< / param-name> 
< param-value> WEB-INF / spring / webmvc-config.xml< / param-value> 
< / init-param> 
  1< / load-on-startup> 
< / servlet> 
 
< servlet> 
< servlet-name> requestFactory< / servlet-name> 
< servlet-class> com.securitytest.server.CustomRequestFactoryServlet< / servlet-class> 
< / servlet> 
 
< servlet-mapping> 
< servlet-name> securitytest< / servlet-name> 
< url-pattern> /< / url-pattern> 
< / servlet-mapping> 
 
< servlet-mapping> 
< servlet-name> requestFactory< / servlet-name> 
< url-pattern> / gwtRequest< / url-pattern> 
< / servlet-mapping> 
 
< session-config> 
< session-timeout> 10< / session-timeout> 
< / session-config>



CustomRequestFactoryServlet class extends RequestFactoryServlet 提供了一个额外的构造函数来解决Spring服务,并且不应该与安全问题相关。

在GWT小部件上输入用户名和密码后,会调用登录服务(通过 RequestFactory ),以下内容: 

  public String loginUser(String username,String password){
 UsernamePasswordAuthenticationToken token = 
 UsernamePasswordAuthenticationToken (用户名密码); 
 
 Authentication authenticatedUser = authenticationManager.authenticate(token); 
 SecurityContextHolder.getContext()。setAuthentication(authenticatedUser); 
 
返回用户名; 
 
 
 
 
 $ b $ p 
 $ b因此,当我输入一个URL,例如..  / fooooooo 我希望我的应用程序将我重定向到登录页面( ApplicationScaffold.html )。但是只有浏览器地址栏中的网址才会设置为../  ApplicationScaffold.html ,而不会发生任何更改。 
 
 
 
我做错了什么?
 
 
 
堆栈跟踪说明如下:
 
 
  [INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  / fooooooooo at position附加滤波器链中7个中的1个;启动Filter:'SecurityContextPersistenceFilter'
 [INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - 目前没有HttpSession 
 [ INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - 没有SecurityContext从HttpSession中可用:null。一个新的将被创建。 
 [INFO] 2012年12月17日13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  / fooooooooo位于第7位的附加过滤器链中;启动Filter:'RequestCacheAwareFilter'
 [INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  / fooooooooo位于第7位,位于附加过滤器链中;启动Filter:'SecurityContextHolderAwareRequestFilter'
 [INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  / fooooooooo位于第7位,位于附加过滤器链中;开发过滤器:'AnonymousAuthenticationFilter'
 [INFO] 2012-12-17 13:41:07,503 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - 使用匿名标记填充SecurityContextHolder:'org。 springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:主体:anonymousUser;证书:[PROTECTED];已验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1; SessionId:null;授予权限:ROLE_ANONYMOUS'
 [INFO] 2012-12-17 13:41:07,503 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  / fooooooooo位于附加过滤器链中的第7位;启动Filter:'SessionManagementFilter'
 [INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.session.SessionManagementFilter  - 请求的会话ID1nkvhmubnkz6无效。 
 [INFO] 2012年12月17日13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  / fooooooooo位于第7位,位于附加的过滤器链中;启动过滤器:'ExceptionTranslationFilter'
 [INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  / fooooooooo ;启动Filter:'FilterSecurityInterceptor'
 [INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - 检查请求匹配:'/ fooooooooo' ;反对'/applicationscaffold.html'
 [INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  -  Secure object:FilterInvocation:URL :/ fooooooooo;属性:[hasRole('ROLE_USER')] 
 [INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - 先前已验证: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:Principal:anonymousUser;证书:[PROTECTED];已验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1; SessionId:null;授予权限:ROLE_ANONYMOUS 
 [INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased  -  Voter:org.springframework.security.web.access .expression.WebExpressionVoter @ 5f8d13b8,返回:-1 
 [INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - 访问被拒绝(用户是匿名的);重定向到身份验证入口点
 [INFO] org.springframework.security.access.AccessDeniedException:访问被拒绝
 ... 
 [INFO] 2012-12-17 13:41:07,506 [ btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache  - 将DefaultSavedRequest添加到Session:DefaultSavedRequest [http://127.0.0.1:8888/fooooooooo] 
 [INFO] 2012-12-17 13: 41:07,506 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - 调用身份验证入口点。 
 [INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.DefaultRedirectStrategy  - 重定向到'http://127.0.0.1:8888/ApplicationScaffold.html' 
 [INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  -  SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中。 
 [INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  -  SecurityContextHolder现已被清除,因为请求处理已完成
 [INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html位于第7位,位于其他过滤器链中;开发过滤器:'SecurityContextPersistenceFilter'
 [INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  -  HttpSession为SPRING_SECURITY_CONTEXT返回空对象
 [INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  -  HttpSession中没有SecurityContext可用:org.mortbay.jetty.servlet.HashSessionManager $会议:q0k5u6clocpc @ 1530548245。一个新的将被创建。 
 [INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html位于附加过滤器链7中的第2位;开发过滤器:'RequestCacheAwareFilter'
 [INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest  -  pathInfo:null(property equals)
 [INFO] 2012年12月17日13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest  -  queryString:两者都为null(等于等于)
 [INFO] 2012 -12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest  -  requestURI:arg1 = / fooooooooo; arg2 = / ApplicationScaffold.html(属性不等于)
 [INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache  - 保存的请求不会' t匹配
 [INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html位于第7位,位于其他筛选器链中;启动过滤器:'SecurityContextHolderAwareRequestFilter'
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html位于第7位的第4位过滤链;启动Filter:'AnonymousAuthenticationFilter'
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - 使用匿名标记填充SecurityContextHolder:'org。 springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:主体:anonymousUser;证书:[PROTECTED];已验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1; SessionId:q0k5u6clocpc;授予权限:ROLE_ANONYMOUS'
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html在第5位链;启动Filter:'SessionManagementFilter'
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html位于第6位过滤链;启动过滤器:'ExceptionTranslationFilter'
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html位于7的7位过滤链;启动Filter:'FilterSecurityInterceptor'
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - 检查请求匹配:'/ applicationscaffold。 HTML;反对'/applicationscaffold.html'
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  -  Secure object:FilterInvocation:URL :/ApplicationScaffold.html;属性:[permitAll] 
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - 先前已验证:org.springframework.security .authentication.AnonymousAuthenticationToken @ 9055e4a6:主体:anonymousUser;证书:[PROTECTED];已验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1; SessionId:q0k5u6clocpc;授予权限:ROLE_ANONYMOUS 
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased  -  Voter:org.springframework.security.web.access .expression.WebExpressionVoter @ 5f8d13b8,返回:1 
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - 授权成功
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  -  RunAsManager未更改身份验证对象
 [INFO] 2012 -12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /ApplicationScaffold.html到达附加过滤器链的末尾;处理原始链
 [INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter  - 在OpenEntityManagerInViewFilter中打开JPA EntityManager 
 [INFO ] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.hibernate.impl.SessionImpl  - 打开会话时间戳:13557480675 
 [INFO] 2012-12-17 13:41:07,545 [btpool0 -0] DEBUG org.springframework.web.servlet.DispatcherServlet  - 名为'securitytest'的DispatcherServlet处理[/ApplicationScaffold.html]的GET请求
 [INFO] 2012-12-17 13:41:07,545 [btpool0- 0] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping  - 查找处理路径的方法/ApplicationScaffold.html 
 [INFO] 2012-12-17 13:41:07,545 [btpool0-0 ] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping  - 未找到[/ApplicationScaffold.html]的处理程序方法
 [INFO] 2012-12-17 13:41:07,545 [btpool0- 0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping  - 请求[/ApplicationScaffold.html]的匹配模式是[/ **] 
 [INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping  - 用于请求[/ApplicationScaffold.html]的URI模板变量是{bb} [btpool0-0] [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping  - 使用handler [org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler@3e3bfa58]和1个拦截器
 [INFO]映射[/ApplicationScaffold.html]到HandlerExecutionChain 2012- 12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet  -  [/ApplicationScaffold.html]的Last-Modified值为:-1 
 [INFO] 2012-12- 17 13:41:07,547 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet  -  Null ModelAndView返回名为'securitytest'的DispatcherServlet:假设HandlerAdapter compl 
 [INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet  - 成功完成请求
 [INFO] 2012-12- 17 13:41:07,547 [btpool0-0] DEBUG org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter  - 在OpenEntityManagerInViewFilter中关闭JPA EntityManager 
 [INFO] 2012-12-17 13:41:07,547 [btpool0-0 ] DEBUG org.springframework.orm.jpa.EntityManagerFactoryUtils  - 关闭JPA EntityManager 
 [INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - 链处理正常
 [信息] 2012年12月17日13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  -  SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中。 
 [INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  -  SecurityContextHolder现已被清除,因为请求处理已完成
 [INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html位于第7位,位于附加的过滤器链中;开发过滤器:'SecurityContextPersistenceFilter'
 [INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  -  HttpSession为SPRING_SECURITY_CONTEXT返回空对象
 [INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  -  HttpSession中没有SecurityContext可用:org.mortbay.jetty.servlet.HashSessionManager $会议:q0k5u6clocpc @ 1530548245。一个新的将被创建。 
 [INFO] 2012年12月17日13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html在位置2的7个附加过滤器链中;启动Filter:'RequestCacheAwareFilter'
 [INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest  -  pathInfo:both null(property equals)
 [INFO] 2012年12月17日13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest --queryString:两者都是null(等于等于)
 [INFO] 2012 -12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest  -  requestURI:arg1 = / fooooooooo; arg2 = / applicationScaffold / C142D67E9948229BE2B28E2A99E7C59A.cache.html(属性不等于)
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache  - 保存的请求不匹配
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html在位置3在另外的过滤器链中有7个;启动Filter:'SecurityContextHolderAwareRequestFilter'
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html在位置4在另外的过滤器链中有7个;启动Filter:'AnonymousAuthenticationFilter'
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - 使用匿名标记填充SecurityContextHolder:'org。 springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:主体:anonymousUser;证书:[PROTECTED];已验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1; SessionId:q0k5u6clocpc;授予权限:ROLE_ANONYMOUS'
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html在位置5 7在另外的过滤器链中;启动Filter:'SessionManagementFilter'
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html在位置6在另外的过滤器链中有7个;启动Filter:'ExceptionTranslationFilter'
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy  -  /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html在位置7在另外的过滤器链中有7个;启动过滤器:'FilterSecurityInterceptor'
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - 检查请求匹配:'/ applicationscaffold / c142d67e9948229be2b28e2a99e7c59a.cache.html;反对'/applicationscaffold.html'
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  -  Secure object:FilterInvocation:URL :/applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html;属性:[hasRole('ROLE_USER')] 
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - 先前已验证: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:Principal:anonymousUser;证书:[PROTECTED];已验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1; SessionId:q0k5u6clocpc;授予权限:ROLE_ANONYMOUS 
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased  -  Voter:org.springframework.security.web.access .expression.WebExpressionVoter @ 5f8d13b8,返回:-1 
 [INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - 访问被拒绝(用户是匿名的);重定向到认证入口点
 [INFO] org.springframework.security.access.AccessDeniedException:访问被拒绝
  
 
 
解决方案
纯GWT解决方案: 
 
 
     
     
  1.  请勿使用  http 所有元素(来自config命名空间的http标记)       AuthenticationRpcService.authenticate(user,password)方法
     
  2. 从security-context.xml注入AuthenticationServiceImpl AuthenticationProvider bean 
     
  3.  
    实现AuthenticationRpcService.authenticate用户名,密码)为: 
     
     
      User user = new User(登录名,密码,true,true,true,true,new ArrayList< ;&的GrantedAuthority GT;()); 
     Authentication auth = new UsernamePasswordAuthenticationToken(user,password,$ b $ new ArrayList< GrantedAuthority>()); 
    尝试{
     auth = this.authenticationProvider.authenticate(auth); 
    } catch(BadCredentialsException e){
    抛出新的ClientSideBadCredentialsException(e.getMessage(),e); 
    } 
     SecurityContext sc = new SecurityContextImpl(); 
     sc.setAuthentication(auth); 
     
     SecurityContextHolder.setContext(sc); 
          
     
    4.  
     
  4.  
    确保在处理每个GWT RPC调用期间执行spring安全筛选器链(<使用@RolesAllowed({ADMIN_ROLE,USER_ROLE})注释来保护所有业务服务注释使用@RolesAllowed({ADMIN_ROLE,USER_ROLE})注释保护所有业务服务
    5.  
     
  5. 准备您自己的可在客户端使用的ClientSideAcessDeniedException 
    6.  
     
  6. 在发生Spring AcessDeniedException的情况下,将ClientSideAcessDeniedException传播到客户端
    7.  
     
  7. 在客户端通过GWT.setUncaughtExceptionHandler设置UncaughtExceptionHandler 
    8.  
     
  8. 在UncaughtExceptionHandler中检测CustomAcessDeniedException,然后向用户显示错误。 b $ b
    I´m using GWT 2.4 and Spring 3.1 and I want to secure my application with Spring Security. I was looking for a GWT-only solution without a separate JSP login page. I found only old sites using JSP to do login, so this thread could result in a solution to fully integrate GWT with Spring Security in a standard way. Anyway, if there is a reference where this has been done successfully already, this thread can be closed with a link to that reference of course. 
    


    So far here is my first approach:
    


    applicationcontext-security.xml:
    <http auto-config="false" use-expressions="true" entry-point-ref="customAuthenticationEntryPoint">
    <intercept-url pattern="/ApplicationScaffold.html" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</http>

<beans:bean id="customAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" 
    c:loginFormUrl="/ApplicationScaffold.html" />

<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
    <authentication-provider>
        ...
    </authentication-provider>
</authentication-manager>

    ApplicationScaffold.html (my application was created with Spring Roo) is my starting page containing the GWT login page. 
    


    web.xml:
    <display-name>securitytest</display-name>

<description>Roo generated application</description>

<!-- Enable escaping of form submission contents -->
<context-param>
    <param-name>defaultHtmlEscape</param-name>
    <param-value>true</param-value>
</context-param>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
</context-param>

<filter>
    <filter-name>CharacterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>HttpMethodFilter</filter-name>
    <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter> 
<filter>
    <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
    <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>HttpMethodFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Handles Spring requests -->
<servlet>
    <servlet-name>securitytest</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>WEB-INF/spring/webmvc-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet>
    <servlet-name>requestFactory</servlet-name>
    <servlet-class>com.securitytest.server.CustomRequestFactoryServlet</servlet-class>
</servlet>

<servlet-mapping>
    <servlet-name>securitytest</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>requestFactory</servlet-name>
    <url-pattern>/gwtRequest</url-pattern>
</servlet-mapping>

<session-config>
    <session-timeout>10</session-timeout>
</session-config>

    


    The CustomRequestFactoryServlet class extends RequestFactoryServlet providing an additional constructor to resolve Spring services and should not be relevant to security issues. 
    


    After entering username and password on the GWT widget a login service is invoked (via RequestFactory) that simply does the following:
    public String loginUser(String username, String password) {
    UsernamePasswordAuthenticationToken token = 
            new UsernamePasswordAuthenticationToken(username, password);

    Authentication authenticatedUser = authenticationManager.authenticate(token);
    SecurityContextHolder.getContext().setAuthentication(authenticatedUser);

    return username;

}

    So when I enter a URL like ../fooooooo I expect my application to redirect me to the login page (ApplicationScaffold.html). But only the URL in the browser´s address bar is set to ../ApplicationScaffold.html and nothing more happens. 
    


    What am I doing wrong?
    


    The stack trace says the following:
    [INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 2 of 7 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 3 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 4 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[INFO] 2012-12-17 13:41:07,503 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
[INFO] 2012-12-17 13:41:07,503 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 5 of 7 in additional filter chain; firing Filter: 'SessionManagementFilter'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session ID1nkvhmubnkz6h is invalid.
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/fooooooooo'; against '/applicationscaffold.html'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /fooooooooo; Attributes: [hasRole('ROLE_USER')]
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5f8d13b8, returned: -1
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
[INFO] org.springframework.security.access.AccessDeniedException: Access is denied
...
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://127.0.0.1:8888/fooooooooo]
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Calling Authentication entry point.
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to 'http://127.0.0.1:8888/ApplicationScaffold.html'
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:q0k5u6clocpc@1530548245. A new one will be created.
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 2 of 7 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: both null (property equals)
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/fooooooooo; arg2=/ApplicationScaffold.html (property not equals)
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 3 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 4 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 5 of 7 in additional filter chain; firing Filter: 'SessionManagementFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/applicationscaffold.html'; against '/applicationscaffold.html'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /ApplicationScaffold.html; Attributes: [permitAll]
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5f8d13b8, returned: 1
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html reached end of additional filter chain; proceeding with original chain
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter - Opening JPA EntityManager in OpenEntityManagerInViewFilter
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.hibernate.impl.SessionImpl - opened session at timestamp: 13557480675
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'securitytest' processing GET request for [/ApplicationScaffold.html]
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /ApplicationScaffold.html
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Did not find handler method for [/ApplicationScaffold.html]
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Matching patterns for request [/ApplicationScaffold.html] are [/**]
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - URI Template variables for request [/ApplicationScaffold.html] are {}
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Mapping [/ApplicationScaffold.html] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler@3e3bfa58] and 1 interceptor
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - Last-Modified value for [/ApplicationScaffold.html] is: -1
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'securitytest': assuming HandlerAdapter completed request handling
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - Successfully completed request
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter - Closing JPA EntityManager in OpenEntityManagerInViewFilter
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.orm.jpa.EntityManagerFactoryUtils - Closing JPA EntityManager
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:q0k5u6clocpc@1530548245. A new one will be created.
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 2 of 7 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: both null (property equals)
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/fooooooooo; arg2=/applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html (property not equals)
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 3 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 4 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 5 of 7 in additional filter chain; firing Filter: 'SessionManagementFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/applicationscaffold/c142d67e9948229be2b28e2a99e7c59a.cache.html'; against '/applicationscaffold.html'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html; Attributes: [hasRole('ROLE_USER')]
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5f8d13b8, returned: -1
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
[INFO] org.springframework.security.access.AccessDeniedException: Access is denied

    

     解决方案 
    Pure GWT solution:
      

    1. Do not use http element at all (http tag from config namespace)
      2. 

    2. Define your AuthenticationRpcService 
      3. 

    3. Add AuthenticationRpcService.authenticate(user,password) method
      4. 

    4. Inject into AuthenticationServiceImpl AuthenticationProvider bean from security-context.xml
      5. 

    5. Implement AuthenticationRpcService.authenticate(user,password) as :
      User user = new User(login, password, true, true, true, true, new ArrayList<GrantedAuthority>());
Authentication auth = new UsernamePasswordAuthenticationToken(user, password,
        new ArrayList<GrantedAuthority>());
try {
    auth = this.authenticationProvider.authenticate(auth);
} catch (BadCredentialsException e) {
    throw new ClientSideBadCredentialsException(e.getMessage(), e);
}
SecurityContext sc = new SecurityContextImpl();
sc.setAuthentication(auth);

SecurityContextHolder.setContext(sc);

      6. 

    6. Ensure that spring security filter chain is executed during processing of each your GWT RPC call (to be sure that SecurityContext populated into SecurityContextHolder).
      7. 

    7. Secure all business services with @RolesAllowed({ "ADMIN_ROLE", "USER_ROLE" }) annotations
      8. 

    8. Prepare your own ClientSideAcessDeniedException that can be used on client side
      9. 

    9. In a case of spring AcessDeniedException propogate ClientSideAcessDeniedException to client side
      10. 

    10. On client side set up UncaughtExceptionHandler via GWT.setUncaughtExceptionHandler
      11. 

    11. In UncaughtExceptionHandler detect CustomAcessDeniedException and then show error to user.
      12. 

    

                        
    这篇关于GWT Spring Security集成(PURE GWT,无JSP)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆