Fatal编程技术网
  • spring-security/
  • Spring security 使用Spring Security 3.0.5覆盖ChannelProcessingFilter不起作用

Spring security 使用Spring Security 3.0.5覆盖ChannelProcessingFilter不起作用

spring-security

Spring security 使用Spring Security 3.0.5覆盖ChannelProcessingFilter不起作用,spring-security,Spring Security,通道处理器的默认行为是执行sendRedirect(使用302代码临时重定向)。我需要更改此行为,以便执行永久(301)重定向,而不是302重定向。我试着做到以下几点: 通过扩展ChannelProcessingFilter创建自定义ChannelProcessingFilter: 公共类MyChannelProcessingFilter扩展了ChannelProcessingFilter{ //没有实现,我需要它只是为了确保创建了一个自定义过滤器,并且可以在xml文件中将其配置为自定义过滤器。

通道处理器的默认行为是执行sendRedirect(使用302代码临时重定向)。我需要更改此行为,以便执行永久(301)重定向,而不是302重定向。我试着做到以下几点:

  • 通过扩展ChannelProcessingFilter创建自定义ChannelProcessingFilter:

    公共类MyChannelProcessingFilter扩展了ChannelProcessingFilter{
//没有实现,我需要它只是为了确保创建了一个自定义过滤器,并且可以在xml文件中将其配置为自定义过滤器。
}
  • 通过扩展AbstractRetryEntryPoint创建自定义入口点

    公共类RetryWithHttpsEntryPoint扩展org.springframework.security.web.access.channel.AbstractRetryEntryPoint{
private-PortResolver-PortResolver=new-PortResolverImpl();
私有最终字符串方案=“https://”;
/**方案的标准端口(80用于http,443用于https)*/
专用最终国际标准端口=443;
公共RetryWithHttpsEntryPoint(){
超级(“https://”,443);
}
@凌驾
public void start(HttpServletRequest请求,HttpServletResponse res)引发IOException,ServletException{
字符串queryString=request.getQueryString();
字符串重定向URL=request.getRequestURI()+((queryString==null)?:(“?”+queryString));
整数currentPort=新整数(portResolver.getServerPort(请求));
整数重定向端口=getMappedPort(currentPort);
if(重定向端口!=null){
布尔INCLUDERAL=redirectPort.intValue()!=standardPort;
redirectUrl=scheme+request.getServerName()+((includeal)?(“:“+redirectPort:”)+redirectUrl;
}
if(logger.isDebugEnabled()){
调试(“重定向到:”+redirectUrl);
}
res.setStatus(HttpServletResponse.SC_永久移动);
res.setHeader(“位置”,重定向URL);
res.setHeader(“连接”、“关闭”);
}
受保护的整数getMappedPort(整数mapFromPort){
返回getPortMapper().lookupHttpsPort(mapFromPort);
}
}
  • 在applicationContext-security.xml文件中配置相同的文件。我将完整的xml文件放在这里供您参考(删除不需要的部分。如果您需要其他部分,请告诉我)
    • 我尝试运行tomcat时出现以下错误:

    ERROR 2011-12-26 21:13:21,569 [ina].[localhost].[/]]: Exception sending context initialized event to listener instance of class com.kajeet.webapp.listener.StartupListener org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '' and 'Root bean: class [org.springframework.security.web.access.channel.ChannelProcessingFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from and avoiding the use of . Offending resource: ServletContext resource [/WEB-INF/applicationContext-security.xml] at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68) at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85) at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72) at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.checkFilterChainOrder(HttpSecurityBeanDefinitionParser.java:196) at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.parse(HttpSecurityBeanDefinitionParser.java:132) at org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:86) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1335) at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1325) at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:135) at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:93) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149) at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124) at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:93) at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130) at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:467) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:397) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47) at com.kajeet.webapp.listener.StartupListener.contextInitialized(StartupListener.java:51) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:920) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:883) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) 错误2011-12-26 21:13:21569[ina].[localhost].[/]]:向类com.kajeet.webapp.listener.StartupListener的侦听器实例发送上下文初始化事件时出现异常 org.springframework.beans.factory.parsing.BeanDefinitionParsingException:配置问题:筛选bean“”和“根bean:class[org.springframework.security.web.access.channel.ChannelProcessingFilter];范围=;抽象=假;lazyInit=假;自动连线模式=0;dependencyCheck=0;autowireCandidate=true;主=假;factoryBeanName=null;factoryMethodName=null;initMethodName=null;destroyMethodName=null'具有相同的“顺序”值。使用自定义过滤器时,请确保位置与默认过滤器不冲突。或者,您可以通过从中删除相应的子元素并避免使用来禁用默认过滤器。 有问题的资源:ServletContext资源[/WEB-INF/applicationContext security.xml] 位于org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68) 位于org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85) 位于org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72) 位于org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.checkfilterchainoder(HttpSecurityBeanDefinitionParser.java:196) 位于org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.parse(HttpSecurityBeanDefinitionParser.java:132) 位于org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:86) 位于org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1335) 位于org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1325) 位于org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:135) 位于org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:93) 位于org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493) 位于org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390) 位于org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334) 位于org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302) 位于org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143) 位于org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178) 位于org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149) 位于org.springframework.web.co 
    @Component
public class PermanentRedirectStrategy implements RedirectStrategy {
    private boolean contextRelative;

    @Override
    public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
        response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
        response.setHeader("Location", response.encodeRedirectURL(calculateRedirectUrl(request.getContextPath(), url)));
    }

    /**
     * Unfortunately DefaultRedirectStrategy.calculateRedirectUrl is private
     * If this weren't the case, we could extend this class from DefaultRedirectStrategy
     * to use its method directly without copying it
     */
    private String calculateRedirectUrl(String contextPath, String url) {
        if (!UrlUtils.isAbsoluteUrl(url)) {
            if (contextRelative) {
                return url;
            } else {
                return contextPath + url;
            }
        }

        // Full URL, including http(s)://

        if (!contextRelative) {
            return url;
        }

        // Calculate the relative URL from the fully qualified URL, minus the last
        // occurence of the scheme and base context
        url = url.substring(url.lastIndexOf("://") + 3); // strip off scheme
        url = url.substring(url.indexOf(contextPath) + contextPath.length());

        if (url.length() > 1 && url.charAt(0) == '/') {
            url = url.substring(1);
        }

        return url;
    }
}

    @Component
public class ChannelProcessorsPostProcessor implements BeanPostProcessor {
    @Autowired
    private RedirectStrategy permanentRedirectStrategy;

    @Override
    public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
        ChannelEntryPoint entryPoint = null;

        if (bean instanceof SecureChannelProcessor) {
            entryPoint = ((SecureChannelProcessor) bean).getEntryPoint();
        } else if (bean instanceof InsecureChannelProcessor) {
            entryPoint = ((InsecureChannelProcessor) bean).getEntryPoint();
        }

        if (entryPoint != null && AbstractRetryEntryPoint.class.isAssignableFrom(entryPoint.getClass())) {
            ((AbstractRetryEntryPoint) entryPoint).setRedirectStrategy(permanentRedirectStrategy);
        }

        return bean;
    }

    @Override
    public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
        return bean;
    }
}