Spring security 成功登录后单击任何链接,spring security将重定向到登录页面
我正试图在一个使用hippo作为内容管理系统的应用程序中实现SpringSecurity-3.0.7。我可以在登录后成功登录web应用程序,只要我再次单击任何链接,它就会重定向到登录页面。这里是Spring security 成功登录后单击任何链接,spring security将重定向到登录页面,spring-security,hippocms,Spring Security,Hippocms,我正试图在一个使用hippo作为内容管理系统的应用程序中实现SpringSecurity-3.0.7。我可以在登录后成功登录web应用程序,只要我再次单击任何链接,它就会重定向到登录页面。这里是web.xml和spring-security.xml。您能告诉我重定向到登录页面的原因吗 web.xml 您能建议这里有什么问题吗?请在您进行身份验证时发布日志。另外,在向进行身份验证的页面发出请求时,将的日志发布到。您还应该包括这两个请求的HTTP请求/响应。Hippo有自己的日志机制,因此我无法跟踪
web.xmlspring-security.xml您能建议这里有什么问题吗?请在您进行身份验证时发布日志。另外,在向进行身份验证的页面发出请求时,将的日志发布到。您还应该包括这两个请求的HTTP请求/响应。Hippo有自己的日志机制,因此我无法跟踪问题。您可以尝试打开Spring安全日志吗?它使用commons日志记录。除非hippo在罐子上做类似于slf4j的事情,否则它应该可以工作。即使是最新版本,您也应该能够启用日志记录。或者发布一个链接到一个示例,我可以看一看,您应该能够为spring security和HST spring security模块启用日志记录。您可以从项目中的log4j-dev.xml执行此操作。您可能还想阅读www.onehippo.org/labs/setting-up-spring-security-in-hippo.html,看看您是否错过了一步。我认为你的截取url模式/*和/**是重叠的。看起来,/*上的所有内容都没有经过身份验证(因此,/events没有经过身份验证)。我得到的SecurityContext在日志文件中为空,然后我在SecurityContextHolder中设置了身份验证。现在,当单击任何链接时,它会在浏览器中显示正确的url,但它会显示禁止的页面,即403。请在进行身份验证时发布日志。另外,在向进行身份验证的页面发出请求时,将的日志发布到。您还应该包括这两个请求的HTTP请求/响应。Hippo有自己的日志机制,因此我无法跟踪问题。您可以尝试打开Spring安全日志吗?它使用commons日志记录。除非hippo在罐子上做类似于slf4j的事情,否则它应该可以工作。即使是最新版本,您也应该能够启用日志记录。或者发布一个链接到一个示例,我可以看一看,您应该能够为spring security和HST spring security模块启用日志记录。您可以从项目中的log4j-dev.xml执行此操作。您可能还想阅读www.onehippo.org/labs/setting-up-spring-security-in-hippo.html,看看您是否错过了一步。我认为你的截取url模式/*和/**是重叠的。看起来,/*上的所有内容都没有经过身份验证(因此,/events没有经过身份验证)。我得到的SecurityContext在日志文件中为空,然后我在SecurityContextHolder中设置了身份验证。现在,当点击任何链接时,它会在浏览器中显示正确的url,但它会显示403的禁止页面。
<context-param>
</context-param>
<context-param>
<param-name>hst-beans-annotated-classes</param-name>
<param-value>
classpath*:org/onehippo/forge/security/support/springsecurity/beans/**/*.class
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ClickjackFilter</filter-name>
<filter-class>com.accenture.leadership.filters.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<!--<param-value>DENY</param-value>-->
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>XSSUrlFilter</filter-name>
<filter-class>org.hippoecm.hst.container.XSSUrlFilter</filter-class>
</filter>
<filter>
<filter-name>HstFilter</filter-name>
<filter-class>org.hippoecm.hst.container.HstFilter</filter-class>
<init-param>
<param-name>clientComponentManagerClass</param-name>
<param-value>org.hippoecm.hst.component.support.ClientComponentManager</param-value>
</init-param>
<init-param>
<param-name>clientComponentManagerConfigurations</param-name>
<param-value>/META-INF/client-assembly/*.xml</param-value>
</init-param>
</filter>
<filter>
<filter-name>etag</filter-name>
<filter-class>com.cj.etag.ETagFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ClickjackFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>etag</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSUrlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HstFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>HstSiteConfigServlet</servlet-name>
<servlet-class>org.hippoecm.hst.site.container.HstSiteConfigServlet</servlet-class>
<init-param>
<param-name>hst-config-refresh-delay</param-name>
<param-value>3000</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>CustomBinaryServlet</servlet-name>
<servlet-class>com.accenture.leadership.components.CustomBinaryServlet</servlet-class>
<init-param>
<param-name>cache-max-object-size-bytes</param-name>
<param-value>8388608</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>freemarker</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.HstFreemarkerServlet</servlet-class>
<init-param>
<param-name>TemplatePath</param-name>
<param-value>/</param-value>
</init-param>
<init-param>
<param-name>ContentType</param-name>
<param-value>text/html; charset=UTF-8</param-value>
</init-param>
<load-on-startup>200</load-on-startup>
</servlet>
<servlet>
<servlet-name>TemplateComposerResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/hst/pagecomposer</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>org.hippoecm.hst.security.servlet.LoginServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>SecurityResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/hst/security</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>HstResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/web-resources</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>PingServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.HstPingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CustomBinaryServlet</servlet-name>
<url-pattern>/binaries/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>freemarker</servlet-name>
<url-pattern>*.ftl</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TemplateComposerResourceServlet</servlet-name>
<url-pattern>/hst/pagecomposer/sources/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SecurityResourceServlet</servlet-name>
<url-pattern>/login/hst/security/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HstResourceServlet</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PingServlet</servlet-name>
<url-pattern>/ping/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login/resource</url-pattern>
</web-resource-collection>security-constraint
<auth-constraint>
<role-name>everybody</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>HSTSITE</realm-name>
<form-login-config>
<form-login-page>/login/login</form-login-page>
<form-error-page>/login/error</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Default role of Hippo Repository</description>
<role-name>everybody</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>COPY</http-method>
<http-method>DELETE</http-method>
<http-method>MKCOL</http-method>
<http-method>PROPFIND</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
</web-app>
<http auto-config="true">
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/images/**" filters="none"/>
<intercept-url pattern="/binaries/**" filters="none"/>
<intercept-url pattern="/*" filters="none"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />
<form-login login-page="/"
default-target-url="/events"
always-use-default-target="true" />
<logout logout-url="/logout.jsp" />
</http>
<authentication-manager>
<authentication-provider ref="hippoAuthenticationProvider" />
</authentication-manager>
<beans:bean id="hippoAuthenticationProvider" class="org.onehippo.forge.security.support.springsecurity.authentication.HippoAuthenticationProvider"/>