Java 春季保安及;jersey:没有自动重定向到登录站点
使用spring security 3.0.3和jersey 1.2时,我遇到了以下问题: 当我使用@Secured或@PreAuthorize注释注释我的Jersey资源时,spring security不会按照我的要求自动将用户代理重定向到登录页面。只有Java 春季保安及;jersey:没有自动重定向到登录站点,java,spring-security,jersey,Java,Spring Security,Jersey,使用spring security 3.0.3和jersey 1.2时,我遇到了以下问题: 当我使用@Secured或@PreAuthorize注释注释我的Jersey资源时,spring security不会按照我的要求自动将用户代理重定向到登录页面。只有AuthenticationCredentialsNotFoundException被抛出,HTTP 500被返回到用户代理,而不是重定向到spring security的表单登录页面。 有人知道为什么会出现这个问题吗 资源: @Path("
AuthenticationCredentialsNotFoundException@Path("/event")
@Component
public class EventResource extends AbstractBaseResource {
@Resource(name = "eventService")
private EventService eventService;
public void setEventService(EventService eventService) {
this.eventService = eventService;
}
@GET
@Path("/view/{id}")
@Produces(MediaType.TEXT_HTML)
@PreAuthorize("hasRole('ROLE_USER')")
public Viewable viewEvent(@PathParam("id") long id) throws UnsupportedEncodingException, URISyntaxException{
...
}
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_3_0.xsd"
version="3.0">
<filter>
<filter-name>jersey</filter-name>
<filter-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</filter-class>
<init-param>
<param-name>com.sun.jersey.config.property.WebPageContentRegex</param-name>
<param-value>/(static|images|js|css|(WEB-INF/views))/.*</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.JSPTemplatesBasePath</param-name>
<param-value>/WEB-INF/views/</param-value>
</init-param>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>jersey</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
[...]
</web-app>
运动衫
com.sun.jersey.spi.spring.container.servlet.SpringServlet
com.sun.jersey.config.property.WebPageContentRegex
/(静态|图像| js | css |(WEB-INF/views))/*
com.sun.jersey.config.property.JSPTemplatesBasePath
/WEB-INF/views/
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
运动衫
/*
springSecurityFilterChain
/*
[...]
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<context:annotation-config />
<context:component-scan base-package="..." />
<context:mbean-export/>
<security:http auto-config="true" >
<security:form-login/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider ref="..." />
</security:authentication-manager>
<security:global-method-security pre-post-annotations="enabled" />
[...]
</beans>
[...]
谢谢大家! 这可能是因为登录页面本身被spring security过滤了吗?检查的一种方法是尝试添加一行类似于
<intercept-url pattern="/login.jsp*" filters="none"/>
可能是因为登录页面本身被spring security过滤了吗?检查的一种方法是尝试添加一行类似于
<intercept-url pattern="/login.jsp*" filters="none"/>
将以下文件管理器添加到web.xml
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.springframework.security.util.FilterChainProxy</param-value>
</init-param>
</filter>
Acegi过滤器链代理
org.springframework.security.util.FilterToBeanProxy
目标类
org.springframework.security.util.FilterChainProxy
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:form-login login-page="/login.htm"
login-processing-url="/yourprocessingurl.do"
default-target-url="/index.htm"
authentication-failure-url="/login.htm" />
<security:logout logout-url="/logout" logout-success-url="/logout.jsp" />
<security:anonymous key="anonymous-security" />
将以下文件管理器添加到web.xml
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.springframework.security.util.FilterChainProxy</param-value>
</init-param>
</filter>
Acegi过滤器链代理
org.springframework.security.util.FilterToBeanProxy
目标类
org.springframework.security.util.FilterChainProxy
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:form-login login-page="/login.htm"
login-processing-url="/yourprocessingurl.do"
default-target-url="/index.htm"
authentication-failure-url="/login.htm" />
<security:logout logout-url="/logout" logout-success-url="/logout.jsp" />
<security:anonymous key="anonymous-security" />
这是spring security 3.0.3的一个问题。
切换到spring security 3.0.5后,一切正常。这是spring security 3.0.3的一个问题。
切换到spring security 3.0.5后,一切正常。首先,这似乎是spring-security-2的配置,其次,我确实想使用spring-security的内部登录和注销站点。首先,这似乎是spring-security-2的配置,其次,我确实想使用spring-security的内部登录和注销站点注销站点