Java 没有SpringMVC的SpringSecurity_Java_Spring_Spring Security

Java 没有SpringMVC的SpringSecurity

java spring spring-security

Java 没有SpringMVC的SpringSecurity,java,spring,spring-security,Java,Spring,Spring Security,我试图在不使用spring MVC的情况下实现spring安全性下面是我的片段 Web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee

我试图在不使用spring MVC的情况下实现spring安全性

下面是我的片段

Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_5.xsd"
    id="WebApp_ID" version="2.5">

    <display-name>cxf</display-name>

       <welcome-file-list>
        <welcome-file>/WEB-INF/dcd-html/index.jsp</welcome-file>
    </welcome-file-list>

    <init-param>  
      <param-name>javax.ws.rs.core.Application</param-name>  
      <param-value>images</param-value>  
    </init-param>  


    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

        <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

        <filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
        <init-param>
            <param-name>cors.supportedMethods</param-name>
            <param-value>GET, POST, HEAD, PUT, DELETE</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>



   <listener>
    <listener-class>
        org.springframework.web.context.request.RequestContextListener
    </listener-class>
   </listener>

   <servlet>
        <servlet-name>cxf</servlet-name>
        <description>Apache CXF Endpoint</description>
        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>cxf</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    <session-config>
        <session-timeout>60</session-timeout>
    </session-config>

    <servlet>
        <servlet-name>javax.ws.rs.core.Application</servlet-name>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>javax.ws.rs.core.Application</servlet-name>
        <url-pattern>/images/*</url-pattern>
    </servlet-mapping>


    <servlet>
        <servlet-name>applicationContext</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/applicationContext.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>applicationContext</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

</web-app>


cxf
/WEB-INF/dcd html/index.jsp
javax.ws.rs.core.Application
图像
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
org.springframework.web.context.ContextLoaderListener
科尔斯
com.thetransactioncompany.cors.CORSFilter
cors.supportedMethods
获取、发布、头部、放置、删除
科尔斯
/*
org.springframework.web.context.request.RequestContextListener
cxf
ApacheCXF端点
org.apache.cxf.transport.servlet.CXFServlet
1.
cxf
/*
60
javax.ws.rs.core.Application
1.
javax.ws.rs.core.Application
/图像/*
应用程序上下文
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/WEB-INF/applicationContext.xml
1.
应用程序上下文
/

applicationContext.xml

<?xml  version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs"
    xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
    xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:mail="http://www.springframework.org/schema/integration/mail"
    xmlns:int="http://www.springframework.org/schema/integration"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd 
        http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd 
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
        http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/integration/mail http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
            http://www.springframework.org/schema/integration/mail/spring-integration-mail-2.1.xsd">



    <context:annotation-config />
    <context:component-scan base-package="com.smart.city.*"></context:component-scan>

    <import resource="/spring/securityContext.xml" />

</beans>

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="
           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

http://www.springframework.org/schema/security

           http://www.springframework.org/schema/security/spring-security.xsd">

<security:http auto-config="false" use-expressions="true">

     <security:intercept-url pattern="/**" access="hasRole('PRIV_ADMIN')" />
     <security:http-basic />

     <security:form-login login-page="/login"
            authentication-failure-handler-ref="loginFailureHandler"
            authentication-success-handler-ref="loginSuccessHandler" />
        <!-- <security:logout logout-success-url="/logout.htm" logout-url="/j_spring_security_logout"
            invalidate-session="true"/> -->

</security:http>

<security:authentication-manager>
     <security:authentication-provider user-service-ref="userDetailsServiceTx">
            <security:password-encoder ref="customPasswordEncoder" />
        </security:authentication-provider>
</security:authentication-manager>
</beans>

Securitycontext.xml

<?xml  version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs"
    xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
    xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:mail="http://www.springframework.org/schema/integration/mail"
    xmlns:int="http://www.springframework.org/schema/integration"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd 
        http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd 
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
        http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/integration/mail http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
            http://www.springframework.org/schema/integration/mail/spring-integration-mail-2.1.xsd">



    <context:annotation-config />
    <context:component-scan base-package="com.smart.city.*"></context:component-scan>

    <import resource="/spring/securityContext.xml" />

</beans>

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="
           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

http://www.springframework.org/schema/security

           http://www.springframework.org/schema/security/spring-security.xsd">

<security:http auto-config="false" use-expressions="true">

     <security:intercept-url pattern="/**" access="hasRole('PRIV_ADMIN')" />
     <security:http-basic />

     <security:form-login login-page="/login"
            authentication-failure-handler-ref="loginFailureHandler"
            authentication-success-handler-ref="loginSuccessHandler" />
        <!-- <security:logout logout-success-url="/logout.htm" logout-url="/j_spring_security_logout"
            invalidate-session="true"/> -->

</security:http>

<security:authentication-manager>
     <security:authentication-provider user-service-ref="userDetailsServiceTx">
            <security:password-encoder ref="customPasswordEncoder" />
        </security:authentication-provider>
</security:authentication-manager>
</beans>

我的问题是如果我使用

login page=“/login”

我没有被重定向到我的jsp，如果我不使用这个属性，我可以看到spring的默认登录页面

请协助。

您的配置有两个问题：

您正在重定向到

/login

，我非常怀疑是否存在映射

您已经保护了所有URL，因此也保护了您的登录页面，使用当前解决方案，您将在重定向循环中完成

首先将

登录页面

属性更改为

/login.jsp

，以重定向到登录页面

<security:form-login login-page="/login.jsp"
        authentication-failure-handler-ref="loginFailureHandler"
        authentication-success-handler-ref="loginSuccessHandler" />

另一个免费的建议是，您不使用Spring MVC，因此不需要

DispatcherServlet

，目前它会重新加载所有bean，您基本上会加载两次应用程序。

如果您不使用Spring MVC，那么为什么会有

DispatcherServlet

？如果您想使用JSP，那么请给出JSP的路径，而不是其他路径。同样，在您的设置中，您将加载整个应用程序两次，一次是使用

ContextLoaderListener

，一次是使用

DispatcherServlet

。my login.jsp位于webapp的正下方，然后使用

/login.jsp

作为登录页面url。您的应用程序是如何部署的？作为Root用户？您已经保护了所有内容，如果您未登录，您将重定向到登录页面，您将重定向到登录页面，您将重定向到登录页面。。。您应该允许每个人访问

/login.jsp

。