Jsf Spring Security+;基本面分页器错误
我的申请有问题。 当我开始使用spring安全性时,PrimeFaces中的一些东西不起作用,例如Jsf Spring Security+;基本面分页器错误,jsf,primefaces,spring-security,datatable,paginator,Jsf,Primefaces,Spring Security,Datatable,Paginator,我的申请有问题。 当我开始使用spring安全性时,PrimeFaces中的一些东西不起作用,例如f:setPropertyActionListener,p:dataTable中的paginator。。。我找工作找了一天,但什么也没发生 <intercept-url pattern="/javax.faces.resource/**" access="permitAll"/> <form-login login-
f:setPropertyActionListener
,p:dataTable中的paginator。。。我找工作找了一天,但什么也没发生
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<csrf/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"></password-encoder>
</authentication-provider>
</authentication-manager>
它看起来怎么样
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<csrf/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"></password-encoder>
</authentication-provider>
</authentication-manager>
mypom.xml
<packaging>war</packaging>
<properties>
<spring.version>4.2.5.RELEASE</spring.version>
<spring.security.version>4.0.4.RELEASE</spring.security.version>
<hibernate.version>5.1.0.Final</hibernate.version>
</properties>
<dependencies>
<dependency>
<groupId>org.primefaces</groupId>
<artifactId>primefaces</artifactId>
<version>5.3</version>
</dependency>
<dependency>
<groupId>com.sun.faces</groupId>
<artifactId>jsf-api</artifactId>
<version>2.2.13</version>
</dependency>
<dependency>
<groupId>com.sun.faces</groupId>
<artifactId>jsf-impl</artifactId>
<version>2.2.13</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.1</version>
</dependency>
<!-- Spring 4 dependencies -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.webflow</groupId>
<artifactId>spring-webflow</artifactId>
<version>2.4.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.webflow</groupId>
<artifactId>spring-faces</artifactId>
<version>2.4.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.1-901-1.jdbc4</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>org.primefaces.themes</groupId>
<artifactId>all-themes</artifactId>
<version>1.0.10</version>
</dependency>
</dependencies>
<facelet-taglib>
<namespace>http://www.springframework.org/security/tags</namespace>
<tag>
<tag-name>authorize</tag-name>
<handler-class>org.springframework.faces.security.FaceletsAuthorizeTagHandler</handler-class>
</tag>
<function>
<function-name>areAllGranted</function-name>
<function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
<function-signature>boolean areAllGranted(java.lang.String)</function-signature>
</function>
<function>
<function-name>areAnyGranted</function-name>
<function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
<function-signature>boolean areAnyGranted(java.lang.String)</function-signature>
</function>
<function>
<function-name>areNotGranted</function-name>
<function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
<function-signature>boolean areNotGranted(java.lang.String)</function-signature>
</function>
<function>
<function-name>isAllowed</function-name>
<function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class>
<function-signature>boolean isAllowed(java.lang.String, java.lang.String)</function-signature>
</function>
</facelet-taglib>
<context:component-scan base-package="xxx.yyy"/>
<context:annotation-config/>
<context:spring-configured/>
<!-- Data Source Declaration -->
<bean id="DataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="org.postgresql.Driver"/>
<property name="url" value="jdbc:postgresql://localhost:5432/postgres"/>
<property name="username" value="xxx"/>
<property name="password" value="yyy"/>
</bean>
<!-- Session Factory Declaration -->
<bean id="SessionFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean">
<property name="dataSource" ref="DataSource"/>
<property name="packagesToScan">
<list>
<value>xxx.yyy</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.PostgreSQL82Dialect</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<!-- Enable the configuration of transactional behavior based on annotations -->
<tx:annotation-driven transaction-manager="txManager"/>
<!-- Transaction Manager is defined -->
<bean id="txManager" class="org.springframework.orm.hibernate5.HibernateTransactionManager">
<property name="sessionFactory" ref="SessionFactory"/>
</bean>
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<csrf/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"></password-encoder>
</authentication-provider>
</authentication-manager>
当我从web.xml中删除此行时:
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<csrf/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"></password-encoder>
</authentication-provider>
</authentication-manager>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
一切正常(例如p:dataTabe
中的分页器),但没有spring安全性。
当这些行在web.xml中时,spring安全性工作得很好,但就像我在开始时写的那样,例如p:dataTable
doest中的paginators
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<csrf/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"></password-encoder>
</authentication-provider>
</authentication-manager>
可能有人有类似的问题?问题出现在spring-security.xml文件中。有两种方法可以解决此问题:
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<csrf/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"></password-encoder>
</authentication-provider>
</authentication-manager>
1. <代码>
2.使用
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<csrf/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"></password-encoder>
</authentication-provider>
</authentication-manager>
总之,
那么,Spring安全性阻止了所有ajax请求?您是否仔细检查了浏览器HTTP流量监视器中的ajax响应?他们是否都返回了401/403或登录页面?顺便说一下,在webapp中提供Servlet和jspapi是不好的。谢谢你的评论。我已经修好了。问题是spring-security.xml文件中的
。有两种方法可以解决这个问题:1csrf disabled=“true”/>
2。使用
总之知道JSF已经内置了CSRF保护可能很有用。根据您的编辑,请不要在问题中包含答案(仅适用于老式论坛)。取而代之的是,将答案作为答案张贴在下面---------vv这样,回答的问题可以在列表、搜索引擎甚至谷歌中区分出来。是的。很高兴知道这一点