在Struts2上实现Spring安全性的示例不起作用
我的应用程序应该只向具有角色\管理员访问权限的用户显示secret.jsp页面,但它没有 我定义了两个用户,一个具有ROLE_ADMIN访问权限,另一个具有ROLE_USER访问权限。我有两个问题第一个问题是登录页面不工作,我可以使用任何虚拟用户名和密码访问应用程序 另一个问题是,secret.jsp页面对ROLE_ADMIN用户不可见。一旦我打开login.jsp页面并输入用户的凭据,它就会转到注册页面,但当我单击secret链接时,它会重定向到login.jsp页面,而不是打开secret.jsp页面 我正在Struts2上实现SpringSecurity Web.xml在Struts2上实现Spring安全性的示例不起作用,spring,struts2,spring-security,Spring,Struts2,Spring Security,我的应用程序应该只向具有角色\管理员访问权限的用户显示secret.jsp页面,但它没有 我定义了两个用户,一个具有ROLE_ADMIN访问权限,另一个具有ROLE_USER访问权限。我有两个问题第一个问题是登录页面不工作,我可以使用任何虚拟用户名和密码访问应用程序 另一个问题是,secret.jsp页面对ROLE_ADMIN用户不可见。一旦我打开login.jsp页面并输入用户的凭据,它就会转到注册页面,但当我单击secret链接时,它会重定向到login.jsp页面,而不是打开secret.
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/medics-security.xml
/WEB-INF/login-service.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns='http://www.springframework.org/schema/security'
xmlns:beans='http://www.springframework.org/schema/beans'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd'>
<beans:import resource='login-service.xml'/>
<http auto-config="true" access-denied-page="/error.jsp">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/register*" access="ROLE_ADMIN" />
<intercept-url pattern="/secret*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" authentication-failure-url="/login?error=true"/>
<remember-me/>
<logout/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="secret" authorities="ROLE_ADMIN"/>
<user name="user" password="secret" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
<beans xmlns='http://www.springframework.org/schema/beans'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd'>
</beans>
<?xml version='1.0' encoding='UTF-8'?>
<beans xmlns='http://www.springframework.org/schema/beans'
xmlns:context='http://www.springframework.org/schema/context'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd'>
<context:component-scan base-package='com.myproject'/>
<bean id='internalResourceResolver'
class='org.springframework.web.servlet.view.InternalResourceViewResolver'>
<property name='prefix' value='/Web Pages/'/>
<property name='suffix' value='.jsp'/>
</bean>
<bean
class='org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping'/>
<bean class='org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter'/>
<bean id='placeholderConfig'
class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>
</beans>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<!-- Configuration for the default package. -->
<constant name="struts.action.extension" value="html"/>
<constant name="struts.enable.SlashesInActionNames" value="true"/>
org.springframework.web.context.ContextLoaderListener
上下文配置位置
/WEB-INF/applicationContext.xml
/WEB-INF/medics-security.xml
/WEB-INF/login-service.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
支柱2
org.apache.struts2.dispatcher.FilterDispatcher
支柱2
/*
30
index.jsp
medics security.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/medics-security.xml
/WEB-INF/login-service.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns='http://www.springframework.org/schema/security'
xmlns:beans='http://www.springframework.org/schema/beans'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd'>
<beans:import resource='login-service.xml'/>
<http auto-config="true" access-denied-page="/error.jsp">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/register*" access="ROLE_ADMIN" />
<intercept-url pattern="/secret*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" authentication-failure-url="/login?error=true"/>
<remember-me/>
<logout/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="secret" authorities="ROLE_ADMIN"/>
<user name="user" password="secret" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
<beans xmlns='http://www.springframework.org/schema/beans'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd'>
</beans>
<?xml version='1.0' encoding='UTF-8'?>
<beans xmlns='http://www.springframework.org/schema/beans'
xmlns:context='http://www.springframework.org/schema/context'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd'>
<context:component-scan base-package='com.myproject'/>
<bean id='internalResourceResolver'
class='org.springframework.web.servlet.view.InternalResourceViewResolver'>
<property name='prefix' value='/Web Pages/'/>
<property name='suffix' value='.jsp'/>
</bean>
<bean
class='org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping'/>
<bean class='org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter'/>
<bean id='placeholderConfig'
class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>
</beans>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<!-- Configuration for the default package. -->
<constant name="struts.action.extension" value="html"/>
<constant name="struts.enable.SlashesInActionNames" value="true"/>
login.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>secret page</title>
</head>
<body>
<p>register</p>
<a href="secret.jsp">secret</a>
</body>
</html>
<html>
<head>
</head>
<body>
<form action="j_spring_security_check.html" method="post">
<label for="j_username">Username</label>
<input type="text" name="j_username" id="j_username"/><br/>
<label for="j_password">Password</label>
<input type="password" name="j_password" id="j_password"/><br/>
<input type='checkbox' name='_spring_security_remember_me'/> Remember me<br/>
<input type="submit" value="Login"/>
<input type="reset" value="Reset"/>
</form>
</body>
</html>
用户名
密码
记住我
在您的medics security.xml
中
<http auto-config="true" access-denied-page="/error.jsp">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/register*" access="ROLE_ADMIN" />
<intercept-url pattern="/secret*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" authentication-failure-url="/login?error=true"/>
<remember-me/>
<logout/>
</http>
第一个模式是“/”它映射应用程序的根。Spring Security按顺序检查模式,第一个模式满足您的请求,Spring Security允许您加入,因为它使用的是access=“IS\u AUTHENTICATED\u匿名”
。你应该把最宽的图案放在最后。您可以在日志中看到模式检查