Java 在Spring中添加管理部分
我有一个SpringWeb项目,它需要一个管理部分。我认为这部分很简单,而且我会有安全问题,但我甚至不能指向a/admin/section 我在dispatcher-servelet.xml中有以下内容可以将JSP文件映射到控制器:Java 在Spring中添加管理部分,java,spring,spring-mvc,Java,Spring,Spring Mvc,我有一个SpringWeb项目,它需要一个管理部分。我认为这部分很简单,而且我会有安全问题,但我甚至不能指向a/admin/section 我在dispatcher-servelet.xml中有以下内容可以将JSP文件映射到控制器: <context:component-scan base-package="controller"/> <context:component-scan base-package="controller.admin"/> <bean i
<context:component-scan base-package="controller"/>
<context:component-scan base-package="controller.admin"/>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/"
p:suffix=".jsp" />
现在,在/WEB-INF/jsp/中有一个名为“admin”的文件夹,其中有adminindex.jsp。我在web.xml中还有以下内容
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint1</display-name>
</security-constraint>
<security-constraint>
<display-name>admin pages</display-name>
<web-resource-collection>
<web-resource-name>Administration Pages</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>eCommerceAdmin</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>-->
</security-constraint>
</web-app>
上下文配置位置
/WEB-INF/applicationContext.xml
org.springframework.web.context.ContextLoaderListener
调度员
org.springframework.web.servlet.DispatcherServlet
2.
调度员
*.htm
30
redirect.jsp
约束1
管理页面
管理页面
/管理员/*
电子商务管理员
当我尝试访问
localhost:8080/NewWebsite/admin/adminindex.htm
,我明白了
已拒绝访问请求的资源
信息:ContextListener:
attributeAdded('org.apache.jasper.compiler.tldLocationCache',
'org.apache.jasper.compiler。TldLocationsCache@44d1bd08")
我在访问上没有问题
localhost:8080/NewWebsite/index.htm,我还希望对admin文件夹进行自动重定向,就像根文件夹一样。也就是去
localhost:8080/NewWebsite/directs to index.htm
任何帮助都很好。您是否尝试将前缀更改为WEB-INF/jsp/admin/?问题不在viewresolver中,因此您提供的信息不足以回答您的问题。请在您的安全配置中显示更多配置
除了你的问题。控制器的组件扫描是不必要的,因为第一个将扫描它。 < P>我认为您应该考虑使用Spring Security,然后您可以配置Spring Security角色系统来控制访问。下面是我的一个应用程序的一个代码片段,您可以看到/admin路径要求调用方具有admin角色。SpringSecurity的设置有点复杂,但一旦设置完成,它就会工作得很好
<http auto-config='true' use-expressions="true" >
<!-- public resources that everyone should be able to access -->
<intercept-url pattern="/favicon.ico" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/login/error" access="permitAll" />
<intercept-url pattern="/**/*.js" access="permitAll" />
<intercept-url pattern="/**/*.jsp" access="denyAll" />
<intercept-url pattern="/admin/**" access="hasRole('admin')" />
</session-management>
</http>
首先需要验证用户?不是吗?否则,您的应用程序将如何识别管理员是试图访问还是普通用户
在执行此操作之前,请从web.xml中删除
安全约束
因此,请在应用程序中添加spring身份验证。
首先创建一个pojo类,它有一个GrantedAuthority
列表,应该实现org.springframework.security.core.userdetails.userdetails
。以下是一个示例:
public class YourPojo implements UserDetails{
/** The authorities. */
//This collection will have eCommerceAdmin
public Collection<GrantedAuthority> authorities;
/** The username. */
public String username;
/** The account non expired. */
public boolean accountNonExpired;
/** The credentials non expired. */
public boolean credentialsNonExpired;
/** The enabled. */
public boolean enabled;
/** The Constant serialVersionUID. */
private static final long serialVersionUID = -2342376103893073629L;
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getAuthorities()
*/
@Override
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getPassword()
*/
@Override
public String getPassword() {
return null;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getUsername()
*/
@Override
public String getUsername() {
return username;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isAccountNonExpired()
*/
@Override
public boolean isAccountNonExpired() {
return accountNonExpired;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isAccountNonLocked()
*/
@Override
public boolean isAccountNonLocked() {
return accountNonLocked;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isCredentialsNonExpired()
*/
@Override
public boolean isCredentialsNonExpired() {
return credentialsNonExpired;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isEnabled()
*/
@Override
public boolean isEnabled() {
return enabled;
}
/**
* Sets the authorities.
*
* @param authorities the new authorities
*/
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
/**
* Sets the username.
*
* @param username the new username
*/
public void setUsername(String username) {
this.username = username;
}
/**
* Sets the account non expired.
*
* @param accountNonExpired the new account non expired
*/
public void setAccountNonExpired(boolean accountNonExpired) {
this.accountNonExpired = accountNonExpired;
}
/**
* Sets the account non locked.
*
* @param accountNonLocked the new account non locked
*/
public void setAccountNonLocked(boolean accountNonLocked) {
this.accountNonLocked = accountNonLocked;
}
/**
* Sets the credentials non expired.
*
* @param credentialsNonExpired the new credentials non expired
*/
public void setCredentialsNonExpired(boolean credentialsNonExpired) {
this.credentialsNonExpired = credentialsNonExpired;
}
/**
* Sets the enabled.
*
* @param enabled the new enabled
*/
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}
FYR您可以参考web.xml中的安全xml文件,如下所示。而且您的web.xml应该具有spring安全过滤器
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/your-applicationContext.xml
/WEB-INF/your-spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
上下文配置位置
/WEB-INF/your-applicationContext.xml
/WEB-INF/your-spring-security.xml
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
您还需要spring安全依赖项。如果您在项目中使用Maven,请添加以下依赖项,否则您可以手动下载这些JAR并继续
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
org.springframework.security
如果您在此处提供更多代码,则很容易回答。只有这么多的设置不会有帮助。您是否正在向您的用户添加角色,如角色\管理员??对不起,我不确定还要添加什么。我已经添加了web.xml的全部内容,但我不确定如何调整它以包含管理员角色?您在哪里将ecommercemadmin
此角色添加到您的springorg.springframework.security.core.Authentication
??我认为这是以前的一次失败尝试,我忘记了删除它。你知道我应该在哪里添加它吗?谢谢你的建议,我已经包括了web.xml的其余部分,我如何才能包括管理员角色和可能的分配登录详细信息?哇,这真的很好,谢谢你。如果可以的话,我有几个问题我把你的POJO课放在哪里有关系吗?HTTP标记和bean是否要放在applicationContext中?我把customeAuthProvider放在哪里重要吗?我还没有机会尝试一下,但我只是想澄清一下。不用谢我。您可以对答案进行投票,稍后如果答案有效(如果配置正确,则应该如此),则可以接受答案。现在,您的答案是:您可以将YourPjojo
放在任何地方。身份验证提供者也是如此,但您应该在bean中提供正确的包详细信息。。http标记和bean不应位于applicationContext
中。您可以将其放置在其他xml文件中,并将其附加到web.xml中。如何将UserDetails包含到项目中?Netbeans目前正处于一种状态。YourPojo在抱怨,我也不知道如何包含新的XML文件。它们在dispatcher中被引用了吗?UserDetails是spring的接口…你没有使用applicationContext.xml吗?你是如何在web.xml中引用它的?同样的方法也可以添加新的xml..添加了一些代码..请参阅你可以看到的编辑器..你将看到详细的解释..还有一些源代码。:)
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken)authentication;
String username = userToken.getName();
String password = (String) authentication.getCredentials();
//Do whatevr you want with the credentials
//Then populate the authorities for this credential
YourPojo user=new YourPojo ();
user.setUserName("add username");
//set other details
List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>();
//if user is admin add the below line
GrantedAuthorityImpl grantedAuthorityImpl = new GrantedAuthorityImpl("eCommerceAdmin");
//Add other authorities as applicable like 'user' etc.
user.setAuthorities(grantedAuthorityList);
return new UsernamePasswordAuthenticationToken(username, password, user.getAuthorities());
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/your-applicationContext.xml
/WEB-INF/your-spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>