Fatal编程技术网
  • spring/
  • 在Struts2上实现Spring安全性的示例不起作用

在Struts2上实现Spring安全性的示例不起作用

spring struts2 spring-security

在Struts2上实现Spring安全性的示例不起作用,spring,struts2,spring-security,Spring,Struts2,Spring Security,我的应用程序应该只向具有角色\管理员访问权限的用户显示secret.jsp页面,但它没有 我定义了两个用户,一个具有ROLE_ADMIN访问权限,另一个具有ROLE_USER访问权限。我有两个问题第一个问题是登录页面不工作,我可以使用任何虚拟用户名和密码访问应用程序 另一个问题是,secret.jsp页面对ROLE_ADMIN用户不可见。一旦我打开login.jsp页面并输入用户的凭据,它就会转到注册页面,但当我单击secret链接时,它会重定向到login.jsp页面,而不是打开secret.

我的应用程序应该只向具有角色\管理员访问权限的用户显示secret.jsp页面,但它没有

我定义了两个用户,一个具有ROLE_ADMIN访问权限,另一个具有ROLE_USER访问权限。我有两个问题第一个问题是登录页面不工作,我可以使用任何虚拟用户名和密码访问应用程序

另一个问题是,secret.jsp页面对ROLE_ADMIN用户不可见。一旦我打开login.jsp页面并输入用户的凭据,它就会转到注册页面,但当我单击secret链接时,它会重定向到login.jsp页面,而不是打开secret.jsp页面

我正在Struts2上实现SpringSecurity

Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
    </listener>
    <context-param> 
        <param-name>contextConfigLocation</param-name> 
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/medics-security.xml 
            /WEB-INF/login-service.xml
        </param-value> 
    </context-param> 
    <filter> 
        <filter-name>springSecurityFilterChain</filter-name> 
        <filter-class> 
            org.springframework.web.filter.DelegatingFilterProxy 
        </filter-class> 
    </filter> 

    <filter-mapping> 
        <filter-name>springSecurityFilterChain</filter-name> 
        <url-pattern>/*</url-pattern> 
    </filter-mapping>

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
</web-app>

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns='http://www.springframework.org/schema/security' 
        xmlns:beans='http://www.springframework.org/schema/beans' 
            xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
            xsi:schemaLocation='http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd'>
<beans:import resource='login-service.xml'/> 
<http auto-config="true" access-denied-page="/error.jsp">
    <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/register*" access="ROLE_ADMIN" />
    <intercept-url pattern="/secret*" access="ROLE_ADMIN" />
    <form-login login-page="/login.jsp" authentication-failure-url="/login?error=true"/> 
    <remember-me/>
    <logout/>
</http> 

<authentication-manager> 
    <authentication-provider> 
        <user-service>
            <user name="admin" password="secret" authorities="ROLE_ADMIN"/>
            <user name="user" password="secret" authorities="ROLE_USER"/>
        </user-service>   
    </authentication-provider> 
</authentication-manager> 
</beans:beans>

<beans xmlns='http://www.springframework.org/schema/beans' 
         xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
         xsi:schemaLocation='http://www.springframework.org/schema/beans 

    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd'>


</beans>

<?xml version='1.0' encoding='UTF-8'?> 
<beans xmlns='http://www.springframework.org/schema/beans' 
                xmlns:context='http://www.springframework.org/schema/context' 
                xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
                xsi:schemaLocation='http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context    
    http://www.springframework.org/schema/context/spring-context-3.0.xsd'>

    <context:component-scan base-package='com.myproject'/> 
    <bean id='internalResourceResolver' 
                 class='org.springframework.web.servlet.view.InternalResourceViewResolver'> 
        <property name='prefix' value='/Web Pages/'/> 
        <property name='suffix' value='.jsp'/> 
    </bean> 
    <bean 
    class='org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping'/>
    <bean class='org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter'/> 
    <bean id='placeholderConfig' 
                 class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/> 
   </beans>

<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
    <!-- Configuration for the default package. -->
    <constant name="struts.action.extension" value="html"/> 
    <constant name="struts.enable.SlashesInActionNames" value="true"/>


org.springframework.web.context.ContextLoaderListener
上下文配置位置
/WEB-INF/applicationContext.xml
/WEB-INF/medics-security.xml
/WEB-INF/login-service.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/* 
支柱2
org.apache.struts2.dispatcher.FilterDispatcher
支柱2
/*
30
index.jsp
medics security.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
    </listener>
    <context-param> 
        <param-name>contextConfigLocation</param-name> 
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/medics-security.xml 
            /WEB-INF/login-service.xml
        </param-value> 
    </context-param> 
    <filter> 
        <filter-name>springSecurityFilterChain</filter-name> 
        <filter-class> 
            org.springframework.web.filter.DelegatingFilterProxy 
        </filter-class> 
    </filter> 

    <filter-mapping> 
        <filter-name>springSecurityFilterChain</filter-name> 
        <url-pattern>/*</url-pattern> 
    </filter-mapping>

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
</web-app>

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns='http://www.springframework.org/schema/security' 
        xmlns:beans='http://www.springframework.org/schema/beans' 
            xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
            xsi:schemaLocation='http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd'>
<beans:import resource='login-service.xml'/> 
<http auto-config="true" access-denied-page="/error.jsp">
    <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/register*" access="ROLE_ADMIN" />
    <intercept-url pattern="/secret*" access="ROLE_ADMIN" />
    <form-login login-page="/login.jsp" authentication-failure-url="/login?error=true"/> 
    <remember-me/>
    <logout/>
</http> 

<authentication-manager> 
    <authentication-provider> 
        <user-service>
            <user name="admin" password="secret" authorities="ROLE_ADMIN"/>
            <user name="user" password="secret" authorities="ROLE_USER"/>
        </user-service>   
    </authentication-provider> 
</authentication-manager> 
</beans:beans>

<beans xmlns='http://www.springframework.org/schema/beans' 
         xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
         xsi:schemaLocation='http://www.springframework.org/schema/beans 

    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd'>


</beans>

<?xml version='1.0' encoding='UTF-8'?> 
<beans xmlns='http://www.springframework.org/schema/beans' 
                xmlns:context='http://www.springframework.org/schema/context' 
                xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
                xsi:schemaLocation='http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context    
    http://www.springframework.org/schema/context/spring-context-3.0.xsd'>

    <context:component-scan base-package='com.myproject'/> 
    <bean id='internalResourceResolver' 
                 class='org.springframework.web.servlet.view.InternalResourceViewResolver'> 
        <property name='prefix' value='/Web Pages/'/> 
        <property name='suffix' value='.jsp'/> 
    </bean> 
    <bean 
    class='org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping'/>
    <bean class='org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter'/> 
    <bean id='placeholderConfig' 
                 class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/> 
   </beans>

<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
    <!-- Configuration for the default package. -->
    <constant name="struts.action.extension" value="html"/> 
    <constant name="struts.enable.SlashesInActionNames" value="true"/>
login.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>secret page</title>
    </head>
    <body>
        <p>register</p>
        <a href="secret.jsp">secret</a>
    </body>
</html>

<html>
    <head>

    </head>
    <body>
        <form action="j_spring_security_check.html" method="post"> 
            <label for="j_username">Username</label>
            <input type="text" name="j_username" id="j_username"/><br/> 
            <label for="j_password">Password</label>
            <input type="password" name="j_password" id="j_password"/><br/> 
            <input type='checkbox' name='_spring_security_remember_me'/> Remember me<br/>   
            <input type="submit" value="Login"/>
            <input type="reset" value="Reset"/>
        </form>
    </body>
</html>


用户名


密码


记住我
在您的
medics security.xml

<http auto-config="true" access-denied-page="/error.jsp">
    <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/register*" access="ROLE_ADMIN" />
    <intercept-url pattern="/secret*" access="ROLE_ADMIN" />
    <form-login login-page="/login.jsp" authentication-failure-url="/login?error=true"/> 
    <remember-me/>
    <logout/>
</http>
第一个模式是“/”它映射应用程序的根。Spring Security按顺序检查模式,第一个模式满足您的请求,Spring Security允许您加入,因为它使用的是
access=“IS\u AUTHENTICATED\u匿名”
。你应该把最宽的图案放在最后。您可以在日志中看到模式检查