Java Spring3MVC+;安全
我有两个示例项目——第一个是Spring3MVC项目,第二个是Spring3Security项目……这两个项目都运行良好……但当我尝试创建应用程序时,我无法实现安全性和MVC,我无法实现如何使其运行。我的应用程序结构如下所示: 当我在Java Spring3MVC+;安全,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我有两个示例项目——第一个是Spring3MVC项目,第二个是Spring3Security项目……这两个项目都运行良好……但当我尝试创建应用程序时,我无法实现安全性和MVC,我无法实现如何使其运行。我的应用程序结构如下所示: 当我在/中有jsp页面时,安全性就起作用了……但是当我想把它们放到/WEB-INF/views中,以便能够为它们映射@控制器时,它就不起作用了……有人能告诉我,在哪里和什么地方进行更改,使它在/WEB-INF/views/中与jsp一起工作吗 我的配置文件: /WEB-
/
中有jsp页面时,安全性就起作用了……但是当我想把它们放到/WEB-INF/views
中,以便能够为它们映射@控制器
时,它就不起作用了……有人能告诉我,在哪里和什么地方进行更改,使它在/WEB-INF/views/
中与jsp一起工作吗
我的配置文件:
/WEB-INF/spring/appServlet/servlet context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="cz.cvut.fit" />
<context:component-scan base-package="com.chickstarter.web" />
<resources location="/resources/**" mapping="/src/webapp/resources"/>
</beans:beans>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- START: Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- END: Spring Security -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext-web.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/data/*</url-pattern>
</servlet-mapping>
</web-app>
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/login.jsp*" security="none"/>
<security:http pattern="/denied.jsp" security="none"/>
<security:http auto-config="true" access-denied-page="/denied.jsp" servlet-api-provision="false">
<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/>
<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:form-login login-page="/login.jsp" authentication-failure-url="/denied.jsp"
default-target-url="/home.jsp"/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
<security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
/src/main/resources/applicationContext sexurity.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="cz.cvut.fit" />
<context:component-scan base-package="com.chickstarter.web" />
<resources location="/resources/**" mapping="/src/webapp/resources"/>
</beans:beans>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- START: Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- END: Spring Security -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext-web.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/data/*</url-pattern>
</servlet-mapping>
</web-app>
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/login.jsp*" security="none"/>
<security:http pattern="/denied.jsp" security="none"/>
<security:http auto-config="true" access-denied-page="/denied.jsp" servlet-api-provision="false">
<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/>
<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:form-login login-page="/login.jsp" authentication-failure-url="/denied.jsp"
default-target-url="/home.jsp"/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
<security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
您直接访问一些jsp,而不使用处理程序。e、 g
<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:form-login login-page="/login.jsp" authentication-failure-url="/denied.jsp"
default-target-url="/home.jsp"/>
然后为请求映射url应用安全性
<security:intercept-url pattern="login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
现在,您的安全逻辑与文件的物理位置不绑定。保持事物松散耦合总是好的
希望这会有所帮助。
使用spring了解更多细节 您直接访问一些jsp,而不使用处理程序。e、 g
<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:form-login login-page="/login.jsp" authentication-failure-url="/denied.jsp"
default-target-url="/home.jsp"/>
然后为请求映射url应用安全性
<security:intercept-url pattern="login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
现在,您的安全逻辑与文件的物理位置不绑定。保持事物松散耦合总是好的
希望这会有所帮助。
使用spring了解更多细节 首先,在web.xml中定义了两个dispatcher servlet,一个加载applicationContext,另一个加载servlet上下文。这真的有必要吗?如果您真的想分割文件,可以在servlet上下文中使用import标记 其次,您还有2个
标记。第一个就足够了,因为路径扫描从webapp文件夹开始
第三,使所有jsp都只能从它们的控制器访问。排除要在不进行身份验证的情况下访问的URL:
上述将排除以下控制器的RequestMapping
可访问的所有资源:
登录控制器:
@Controller
@RequestMapping("login")
public class LoginController
{
@RequestMapping(method = RequestMethod.GET)
public String login(Authentication authentication)
{
if ((authentication != null) && authentication.isAuthenticated())
{
return "redirect:dashboard";
}
return "login";
}
@RequestMapping(value="doSomething", method = RequestMethod.POST)
public String postLogin(Authentication authentication)
{
// Something else
}
}
返回的“登录”将打开由InternalResourceViewResolver
定义的页面,并在WEB-INF/views下查找该页面
在您的安全文件中,将所有路径从jsp pahts更改为
RequestMapping
路径。首先,您在web.xml中定义了两个dispatcher servlet,一个加载applicationContext,另一个加载servlet上下文。这真的有必要吗?如果您真的想分割文件,可以在servlet上下文中使用import标记
其次,您还有2个
标记。第一个就足够了,因为路径扫描从webapp文件夹开始
第三,使所有jsp都只能从它们的控制器访问。排除要在不进行身份验证的情况下访问的URL:
上述将排除以下控制器的RequestMapping
可访问的所有资源:
登录控制器:
@Controller
@RequestMapping("login")
public class LoginController
{
@RequestMapping(method = RequestMethod.GET)
public String login(Authentication authentication)
{
if ((authentication != null) && authentication.isAuthenticated())
{
return "redirect:dashboard";
}
return "login";
}
@RequestMapping(value="doSomething", method = RequestMethod.POST)
public String postLogin(Authentication authentication)
{
// Something else
}
}
返回的“登录”将打开由InternalResourceViewResolver
定义的页面,并在WEB-INF/views下查找该页面
在您的安全文件中,将所有路径从jsp pahts更改为
RequestMapping
路径。您能给出两个演示项目吗?)其中一个是通过Spring工具套件创建的Spring MVC模板,可以在这里找到Spring安全项目伟大的演示感谢dworzanp;)如果您知道如何在/WEB-INF/views/中使用Spring MVC和JSP页面,请让我知道:您可以给出两个演示项目请:)其中一个是通过Spring工具套件创建的Spring MVC模板,可以在这里找到Spring安全项目伟大的演示谢谢dworzanp;)如果您发现如何在/WEB-INF/views/中使用Spring MVC和JSP页面,请让mi知道:但这正是问题所在,我正在尝试解决。。。将url更改为/WEB-INF/views/which并尝试与控制器进行映射不起作用…:-/但这正是问题所在,我正试图解决。。。将url更改为/WEB-INF/views/which并尝试与控制器进行映射不起作用…:-/1) 当然不需要两个dispatcher servlet…正如您所看到的,我刚开始使用spring,我对所有这些配置文件及其属性感到非常困惑。。。2) 啊,所以……谢谢……我以前没听说过:)3)我一到电脑就去试试。。然后我会告诉你结果:)谢谢:)它解决了我的问题,我希望,我的代码现在更清晰:)1)两个dispatcher servlet肯定不需要……正如你所看到的,我刚开始使用spring,我对所有这些配置文件及其属性感到非常困惑。。。2) 啊,所以……谢谢……我以前没听说过:)3)我一到电脑就去试试。。然后我会告诉你结果:)谢谢:)它解决了我的问题,我希望我的代码现在更清晰:)