Java DispatcherServlet、ContextLoaderListener和SpringSecurity的结合
我这里有一个难题要解决。。一直在尝试将上述3种技术集成到我们的Web应用程序中。。我们想使用Java DispatcherServlet、ContextLoaderListener和SpringSecurity的结合,java,hibernate,servlets,spring-mvc,spring-security,Java,Hibernate,Servlets,Spring Mvc,Spring Security,我这里有一个难题要解决。。一直在尝试将上述3种技术集成到我们的Web应用程序中。。我们想使用 弹簧网 Spring MVC作为视图技术(使用freemarker) 作为安全层的Spring安全性 但是,无论我以何种方式配置web.xml和其他上下文文件,我都无法使所有内容同时工作在我当前的配置下,一切都可以正常工作,但SpringSecurity不会拦截URL模式 一些谷歌(和常识)告诉我,将DispatcherServlet和ContextLoaderListener结合起来可能会有问题 这是
<!-- Needed by Spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dw-manager-context.xml</param-value>
</context-param>
<!-- Needed by Spring MVC -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Needed by Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
org.springframework.web.context.ContextLoaderListener
org.springframework.web.context.request.RequestContextListener
上下文配置位置
/WEB-INF/dw-manager-context.xml
appServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/WEB-INF/servlet-context.xml
1.
appServlet
/
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
向前地
要求
My servlet-context.xml:
<!-- Scan for controllers -->
<context:component-scan base-package="dw.manager" />
<!-- Need to declare annotation driven transactions again so they are picked up above controller methods -->
<tx:annotation-driven transaction-manager="transactionManager" />
<mvc:annotation-driven />
<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<!-- ... -->
</bean>
<bean id="freemarkerConfig"
class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<!-- ... -->
</bean>
<context:annotation-config />
<!-- deployment-setup just loads properties (files) -->
<import resource="deployment-setup.xml" />
<import resource="spring-security-context.xml" />
<import resource="dw-manager-datasource.xml" />
<!-- Import sub-modules -->
<import resource="classpath:dw-security-context.xml" />
<!-- ... -->
My manager-context.xml:
<!-- Scan for controllers -->
<context:component-scan base-package="dw.manager" />
<!-- Need to declare annotation driven transactions again so they are picked up above controller methods -->
<tx:annotation-driven transaction-manager="transactionManager" />
<mvc:annotation-driven />
<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<!-- ... -->
</bean>
<bean id="freemarkerConfig"
class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<!-- ... -->
</bean>
<context:annotation-config />
<!-- deployment-setup just loads properties (files) -->
<import resource="deployment-setup.xml" />
<import resource="spring-security-context.xml" />
<import resource="dw-manager-datasource.xml" />
<!-- Import sub-modules -->
<import resource="classpath:dw-security-context.xml" />
<!-- ... -->
Spring-Security-context.xml:
<http pattern="/login" security="none" />
<http pattern="/accessDenied" security="none" />
<http pattern="/" security="none" />
<!-- enable use of expressions, define URL patterns and login/logout forms
and targets) -->
<http use-expressions="true" access-denied-page="/accessDenied">
<intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
<!-- more stuff -->
</http>
<!-- a lot more... -->
manager数据源刚刚设置了数据库
感谢您阅读所有内容,并希望能帮助我……)
编辑:更多信息 我不能跳过ContextLoaderListener,它是SpringSecurity所必需的。我也不能跳过contextConfigLocation,因为这是ContextLoaderListener所需的上下文。我只是自己定义名称,否则它将搜索applicationContext.xml。也许我可以添加一个空的contextConfigLocation?但这可能只是意味着,底层模块将找不到要注入的bean
edit2
我认为主要的问题是SpringSecurity需要一个webapp上下文(ContextLoaderListener)才能工作,但web应用程序正在servlet上下文中运行。控制器方法由servlet上下文映射,因此在servlet上下文“外部”运行的spring security不会收到事件通知,过滤器也不会启动 唉。。我不知道为什么第一次它不起作用,可能是在尝试正确的解决方案时,缓存中出现了错误的解决方案。。然而,它现在的工作方式,我张贴它。谢谢阿伦给你时间
现在唯一的问题是:spring test mvc不支持spring Security的FilterChain,但这是另一个问题。如果您发出类似于
/test
的请求,会发生什么情况,它是发送到控制器还是被重定向到登录页面?2012-06-11 15:31:23 PageNotFound[警告]在名为“appServlet”的DispatcherServlet中找不到URI为[/dw manager/test]的HTTP请求的映射
如果您提供有效的url,返回的响应是什么?如果输入/login,它将转到映射“/login”的控制器方法,然后返回登录页面。但是“/home”是一个应该由SpringSecurity保护的现有页面(我认为预授权
需要启用