Java 从Spring Security成功登录时未调用Spring MVC控制器方法-获取404状态
我正在尝试用Spring安全性配置Spring MVC。我有用于身份验证的自定义登录页。成功验证用户后,我希望在WelcomeController.java中调用名为home的控制器方法Java 从Spring Security成功登录时未调用Spring MVC控制器方法-获取404状态,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我正在尝试用Spring安全性配置Spring MVC。我有用于身份验证的自定义登录页。成功验证用户后,我希望在WelcomeController.java中调用名为home的控制器方法 package com.test.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.security.core.context
package com.test.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/welcome")
public class WelcomeController {
private static Log log = LogFactory.getLog(WelcomeController.class);
@RequestMapping(value = { "/home" }, method = RequestMethod.GET)
public String home(Model model) {
log.info("--- home() Starts ---");
System.out.println("--- home() Starts ---");
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = "";
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}
log.info("username=" + username);
model.addAttribute("message",
"Hi Tehre! You've reached the welcome page!");
// ModelAndView model = new ModelAndView("index");
return "home";
}
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
// log.info("User's role is: "+ <sec:authentication
// property="principal.authorities"/>);
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = "";
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}
log.info("username=" + username);
log.debug("Received request to show denied page");
// This will resolve to /WEB-INF/jsp/deniedpage.jsp
return "denied";
}
}
下面是我的web.xml、test-serlet.xml、test-security-config.xml、pom.xml、WelcomeController.java和日志文件
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>test</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/test-servlet.xml
/WEB-INF/test-security-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>test</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/test-servlet.xml
/WEB-INF/test-security-config.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/test/*</url-pattern>
</servlet-mapping>
<!--Spring security filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
我真的很感谢你在这方面的帮助。
谢谢 如果将控制器请求映射与根上下文混合,则控制器应为:
@Controller
@RequestMapping("/welcome")
public class WelcomeController {
private static Log log = LogFactory.getLog(WelcomeController.class);
@RequestMapping(value = "/home", method = RequestMethod.GET)
public String home(Model model) {
...
}
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
...
}
}
在安全配置中,将拒绝访问页面更改为/welcome/denied:
它是默认的目标url=/test/welcome/home,而不是默认的目标url=/welcome/home,类似于拒绝访问页面=/test/welcome/denied@Evgeni-谢谢你的答复。我尝试了你的建议,但它导致登录成功被重定向到而不是。@Patrik LC,谢谢。我明白你的意思。我已在控制器中更改为映射到/welcome,而不是/test/welcome。并且还按照您的建议更改了页面。然而,这并不能解决问题。
package com.test.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/welcome")
public class WelcomeController {
private static Log log = LogFactory.getLog(WelcomeController.class);
@RequestMapping(value = { "/home" }, method = RequestMethod.GET)
public String home(Model model) {
log.info("--- home() Starts ---");
System.out.println("--- home() Starts ---");
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = "";
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}
log.info("username=" + username);
model.addAttribute("message",
"Hi Tehre! You've reached the welcome page!");
// ModelAndView model = new ModelAndView("index");
return "home";
}
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
// log.info("User's role is: "+ <sec:authentication
// property="principal.authorities"/>);
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = "";
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}
log.info("username=" + username);
log.debug("Received request to show denied page");
// This will resolve to /WEB-INF/jsp/deniedpage.jsp
return "denied";
}
}
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>test</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<build>
<sourceDirectory>src</sourceDirectory>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<warSourceDirectory>WebContent</warSourceDirectory>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate.common</groupId>
<artifactId>hibernate-commons-annotations</artifactId>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging-api</artifactId>
</dependency>
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
<version>1.0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate.common</groupId>
<artifactId>hibernate-commons-annotations</artifactId>
<version>4.0.5.Final</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging-api</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.1-901-1.jdbc4</version>
</dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
<version>1.0.2</version>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
<version>3.6.10.Final</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>3.6.10.Final</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>
2015-05-04 12:21:27 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.jsp'; against '/login*'
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /login.jsp; Attributes: [isAnonymous()]
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_ANONYMOUS
2015-05-04 12:21:27 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5875e564, returned: 1
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-04 12:21:27 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-04 12:21:27 DEBUG FilterChainProxy:323 - /login.jsp reached end of additional filter chain; proceeding with original chain
2015-05-04 12:21:28 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-04 12:21:28 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-05-04 12:21:28 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:152 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@15ce9113. A new one will be created.
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /login at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-04 12:21:32 DEBUG UsernamePasswordAuthenticationFilter:205 - Request is to process authentication
2015-05-04 12:21:32 DEBUG ProviderManager:152 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2015-05-04 12:21:32 DEBUG CompositeSessionAuthenticationStrategy:81 - Delegating to org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy@cc026e6
2015-05-04 12:21:32 DEBUG SessionFixationProtectionStrategy:87 - Invalidating session with Id 'C51942A05166FA866F8863CA07809883' and migrating attributes.
2015-05-04 12:21:32 DEBUG SessionFixationProtectionStrategy:97 - Started new session: 4F86F4424F09507605F075E2A8F90748
2015-05-04 12:21:32 DEBUG UsernamePasswordAuthenticationFilter:319 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN
2015-05-04 12:21:32 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /welcome/home
2015-05-04 12:21:32 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/test/welcome/home'
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:327 - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@6124f8c9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN'
2015-05-04 12:21:32 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-04 12:21:32 DEBUG HttpSessionSecurityContextRepository:171 - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@6124f8c9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-05-04 12:21:32 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-05-04 12:21:32 DEBUG FilterChainProxy:337 - /welcome/home at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-05-04 12:21:32 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/welcome/home'; against '/welcome/*'
2015-05-04 12:21:32 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /welcome/home; Attributes: [hasAnyRole('ROLE_SUPERADMIN','ROLE_OEMMANAGER','ROLE_OEMSALESPERSON')]
2015-05-04 12:21:32 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@6124f8c9: Principal: org.springframework.security.core.userdetails.User@ca2d8be4: Username: shuchi; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: C51942A05166FA866F8863CA07809883; Granted Authorities: ROLE_SUPERADMIN
2015-05-04 12:21:33 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5875e564, returned: 1
2015-05-04 12:21:33 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-04 12:21:33 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-04 12:21:33 DEBUG FilterChainProxy:323 - /welcome/home reached end of additional filter chain; proceeding with original chain
2015-05-04 12:21:33 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-04 12:21:33 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
@Controller
@RequestMapping("/welcome")
public class WelcomeController {
private static Log log = LogFactory.getLog(WelcomeController.class);
@RequestMapping(value = "/home", method = RequestMethod.GET)
public String home(Model model) {
...
}
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
...
}
}
<http auto-config="true" use-expressions="true" access-denied-page="/welcome/denied">
<intercept-url pattern="/welcome/*" access="hasAnyRole('ROLE_SUPERADMIN','ROLE_OEMMANAGER','ROLE_OEMSALESPERSON')"/>
<intercept-url pattern="/index*" access="permitAll"/>
<intercept-url pattern="/login*" access="isAnonymous()" method="GET"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login.jsp" login-processing-url="/login" default-target-url="/welcome/home" />
<logout logout-success-url="/index.jsp"/>
</http>