Fatal编程技术网
  • spring-security/
  • Spring security Spring Security SwitchUserFilter和UserDetails服务

Spring security Spring Security SwitchUserFilter和UserDetails服务

spring-security

Spring security Spring Security SwitchUserFilter和UserDetails服务,spring-security,Spring Security,环境: spring-xxx-3.1.0-针对所有与spring相关的依赖项发布 Java 1.6 雄猫6 我已经实现了Spring安全性,并且正在使用注释驱动的方法。似乎所有内容都已正确配置,但当执行SwitchUserFilter attemptSwitchUser方法时,userDetailsService始终为null。我可以在启动tomcat时使用调试器逐步完成这个类,并且userDetailsService不为null。但是,当我手动调用attemptSwitchUser方法时,

环境:

  • spring-xxx-3.1.0-针对所有与spring相关的依赖项发布
  • Java 1.6
  • 雄猫6
我已经实现了Spring安全性,并且正在使用注释驱动的方法。似乎所有内容都已正确配置,但当执行SwitchUserFilter attemptSwitchUser方法时,userDetailsService始终为null。我可以在启动tomcat时使用调试器逐步完成这个类,并且userDetailsService不为null。但是,当我手动调用attemptSwitchUser方法时,userDetailsService始终为null。以下是我的xml配置:

applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-3.1.xsd

http://www.springframework.org/schema/security

http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true" use-expressions="true">
    <form-login login-page="/login.do" default-target-url="/dashboard.do" authentication-failure-url="/login.do?login_error=true" />
    <intercept-url pattern="/login.do" access="permitAll" />

    <!-- ADMIN -->
    <intercept-url pattern="/viewRoles.do" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/createNewRole.do" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/viewOrgs.do" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/j_spring_security_switch_user"     access="hasRole('ROLE_ADMIN')" />

    <session-management>
        <concurrency-control max-sessions="2" />
    </session-management>       
</http>

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="md5" />
    </authentication-provider>
</authentication-manager>
</b:beans>
applicationContext.xml:

<?xml version="1.0" encoding="UTF-8"?>



xsi:schemaLocation=”http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd            
http://www.springframework.org/schema/tx 
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc 
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/data/jpa
http://www.springframework.org/schema/data/jpa/spring-jpa-1.0.xsd">
${hibernate.dial}
${hibernate.hbm2ddl.auto}
${hibernate.show_sql}
jsp:


切换到用户:
我错误地漏掉了web.xml。实际上正在调用SwitchUserFilter

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>companyname</display-name>
<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<session-config>
    <session-timeout>60</session-timeout>
</session-config>

<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:applicationContext.xml
        classpath:applicationContext-security.xml
    </param-value>
</context-param>

<error-page>
    <error-code>404</error-code>
    <location>/WEB-INF/jsp/404.jsp</location>
</error-page>


<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>switchUserProcessingFilter</filter-name>
    <filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>switchUserProcessingFilter</filter-name>
    <url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>

<filter>
    <filter-name>sitemesh</filter-name>
    <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>sitemesh</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

<filter>
    <filter-name>openSessionInViewFilter</filter-name>
    <filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>openSessionInViewFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


公司名称
index.jsp
调度员
org.springframework.web.servlet.DispatcherServlet
1.
60
调度员
*.做
org.springframework.web.util.Log4jConfigListener
org.springframework.web.context.ContextLoaderListener
上下文配置位置
类路径:applicationContext.xml
类路径:applicationContext-security.xml
404
/WEB-INF/jsp/404.jsp
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
switchUserProcessingFilter
org.springframework.security.web.authentication.switchuser.SwitchUserFilter
switchUserProcessingFilter
/j_-spring_-security_-switch_-user
网站
com.opensymphony.module.sitemesh.filter.PageFilter
网站
/*
要求
向前地
错误
openSessionInViewFilter
org.springframework.orm.hibernate4.support.OpenSessionInViewFilter
openSessionInViewFilter
/*

毫无疑问,在SwitchUserFilter的第209行中,在向j_spring_security_switch_用户提交表单post时,UserDetails服务始终为空。在我看来,当过滤器运行时,它似乎没有被注入,但是在SwitchUserProcessingFilter中正确地引用了我所看到的所有示例。我已经搜索过了,但找不到任何线索。提前感谢您提供的任何想法或建议。

Spring安全过滤器并不打算直接在web.xml中使用。快速阅读描述如何设置安全过滤器链的参考文档。在spring安全配置中,您将需要以下内容:

<!-- declare the filter bean -->
<beans:bean id="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
    <beans:property name="userDetailsService" ref="userDetailsService" />
    <beans:property name="switchUserUrl" value="/j_spring_security_switch_user" />
    <beans:property name="exitUserUrl" value="/j_spring_security_exit_user" />
    <beans:property name="targetUrl" value="/" />
</beans:bean>

<!-- include it in the security filter chain -->
<http auto-config="true" use-expressions="true">
    ...
    <custom-filter ref="switchUserFilter" position="SWITCH_USER_FILTER"/>
</http>


...
这真的是您正在使用的配置吗?过滤器链中根本没有SwitchUserFilter,因此很难相信提交表单时除了HTTP错误之外还能得到其他任何东西。你是说你在209号线得到了NPE?如果是这样的话,那么您的web配置必须不同。添加到原来的帖子中。谢谢你的意见。堆栈跟踪java.lang.NullPointerException org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:209)org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:155)org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)非常漂亮。这很有道理,也很有效。最后一个问题。。。现在,我已经有效地切换了用户,我想在我的JSP头页中呈现一个链接,允许我在角色_ADMIN用户完成他们在切换到的帐户中所做的任何事情后返回到该角色。如何使用安全上下文有条件地呈现此“切换回”链接?我知道url是/j_spring_security_exit_user,但我不知道如何根据安全上下文的内容有条件地呈现它。 
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>companyname</display-name>
<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<session-config>
    <session-timeout>60</session-timeout>
</session-config>

<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:applicationContext.xml
        classpath:applicationContext-security.xml
    </param-value>
</context-param>

<error-page>
    <error-code>404</error-code>
    <location>/WEB-INF/jsp/404.jsp</location>
</error-page>


<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>switchUserProcessingFilter</filter-name>
    <filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>switchUserProcessingFilter</filter-name>
    <url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>

<filter>
    <filter-name>sitemesh</filter-name>
    <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>sitemesh</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

<filter>
    <filter-name>openSessionInViewFilter</filter-name>
    <filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>openSessionInViewFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- declare the filter bean -->
<beans:bean id="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
    <beans:property name="userDetailsService" ref="userDetailsService" />
    <beans:property name="switchUserUrl" value="/j_spring_security_switch_user" />
    <beans:property name="exitUserUrl" value="/j_spring_security_exit_user" />
    <beans:property name="targetUrl" value="/" />
</beans:bean>

<!-- include it in the security filter chain -->
<http auto-config="true" use-expressions="true">
    ...
    <custom-filter ref="switchUserFilter" position="SWITCH_USER_FILTER"/>
</http>