Spring security Spring Security SwitchUserFilter和UserDetails服务
环境:Spring security Spring Security SwitchUserFilter和UserDetails服务,spring-security,Spring Security,环境: spring-xxx-3.1.0-针对所有与spring相关的依赖项发布 Java 1.6 雄猫6 我已经实现了Spring安全性,并且正在使用注释驱动的方法。似乎所有内容都已正确配置,但当执行SwitchUserFilter attemptSwitchUser方法时,userDetailsService始终为null。我可以在启动tomcat时使用调试器逐步完成这个类,并且userDetailsService不为null。但是,当我手动调用attemptSwitchUser方法时,
- spring-xxx-3.1.0-针对所有与spring相关的依赖项发布
- Java 1.6
- 雄猫6
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<form-login login-page="/login.do" default-target-url="/dashboard.do" authentication-failure-url="/login.do?login_error=true" />
<intercept-url pattern="/login.do" access="permitAll" />
<!-- ADMIN -->
<intercept-url pattern="/viewRoles.do" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/createNewRole.do" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/viewOrgs.do" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/j_spring_security_switch_user" access="hasRole('ROLE_ADMIN')" />
<session-management>
<concurrency-control max-sessions="2" />
</session-management>
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
</b:beans>
applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
xsi:schemaLocation=”http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/data/jpa
http://www.springframework.org/schema/data/jpa/spring-jpa-1.0.xsd">
${hibernate.dial}
${hibernate.hbm2ddl.auto}
${hibernate.show_sql}
jsp:
切换到用户:
我错误地漏掉了web.xml。实际上正在调用SwitchUserFilter
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>companyname</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml
classpath:applicationContext-security.xml
</param-value>
</context-param>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/jsp/404.jsp</location>
</error-page>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>switchUserProcessingFilter</filter-name>
<filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>switchUserProcessingFilter</filter-name>
<url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter>
<filter-name>openSessionInViewFilter</filter-name>
<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>openSessionInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
公司名称
index.jsp
调度员
org.springframework.web.servlet.DispatcherServlet
1.
60
调度员
*.做
org.springframework.web.util.Log4jConfigListener
org.springframework.web.context.ContextLoaderListener
上下文配置位置
类路径:applicationContext.xml
类路径:applicationContext-security.xml
404
/WEB-INF/jsp/404.jsp
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
switchUserProcessingFilter
org.springframework.security.web.authentication.switchuser.SwitchUserFilter
switchUserProcessingFilter
/j_-spring_-security_-switch_-user
网站
com.opensymphony.module.sitemesh.filter.PageFilter
网站
/*
要求
向前地
错误
openSessionInViewFilter
org.springframework.orm.hibernate4.support.OpenSessionInViewFilter
openSessionInViewFilter
/*
毫无疑问,在SwitchUserFilter的第209行中,在向j_spring_security_switch_用户提交表单post时,UserDetails服务始终为空。在我看来,当过滤器运行时,它似乎没有被注入,但是在SwitchUserProcessingFilter中正确地引用了我所看到的所有示例。我已经搜索过了,但找不到任何线索。提前感谢您提供的任何想法或建议。Spring安全过滤器并不打算直接在web.xml中使用。快速阅读描述如何设置安全过滤器链的参考文档。在spring安全配置中,您将需要以下内容:
<!-- declare the filter bean -->
<beans:bean id="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="switchUserUrl" value="/j_spring_security_switch_user" />
<beans:property name="exitUserUrl" value="/j_spring_security_exit_user" />
<beans:property name="targetUrl" value="/" />
</beans:bean>
<!-- include it in the security filter chain -->
<http auto-config="true" use-expressions="true">
...
<custom-filter ref="switchUserFilter" position="SWITCH_USER_FILTER"/>
</http>
...
这真的是您正在使用的配置吗?过滤器链中根本没有SwitchUserFilter,因此很难相信提交表单时除了HTTP错误之外还能得到其他任何东西。你是说你在209号线得到了NPE?如果是这样的话,那么您的web配置必须不同。添加到原来的帖子中。谢谢你的意见。堆栈跟踪java.lang.NullPointerException org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:209)org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:155)org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)非常漂亮。这很有道理,也很有效。最后一个问题。。。现在,我已经有效地切换了用户,我想在我的JSP头页中呈现一个链接,允许我在角色_ADMIN用户完成他们在切换到的帐户中所做的任何事情后返回到该角色。如何使用安全上下文有条件地呈现此“切换回”链接?我知道url是/j_spring_security_exit_user,但我不知道如何根据安全上下文的内容有条件地呈现它。
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>companyname</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml
classpath:applicationContext-security.xml
</param-value>
</context-param>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/jsp/404.jsp</location>
</error-page>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>switchUserProcessingFilter</filter-name>
<filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>switchUserProcessingFilter</filter-name>
<url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter>
<filter-name>openSessionInViewFilter</filter-name>
<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>openSessionInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- declare the filter bean -->
<beans:bean id="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="switchUserUrl" value="/j_spring_security_switch_user" />
<beans:property name="exitUserUrl" value="/j_spring_security_exit_user" />
<beans:property name="targetUrl" value="/" />
</beans:bean>
<!-- include it in the security filter chain -->
<http auto-config="true" use-expressions="true">
...
<custom-filter ref="switchUserFilter" position="SWITCH_USER_FILTER"/>
</http>