未调用spring security 4.x身份验证层
我正在尝试从SpringSecurity3.x升级到4.x。按照spring指南中的说明完成了所有更改。但是,我还是没能得到水果。让我添加代码片段,其中包含我已实现的所有安全配置 家长会未调用spring security 4.x身份验证层,spring,spring-security,Spring,Spring Security,我正在尝试从SpringSecurity3.x升级到4.x。按照spring指南中的说明完成了所有更改。但是,我还是没能得到水果。让我添加代码片段,其中包含我已实现的所有安全配置 家长会 <spring.version>4.1.6.RELEASE</spring.version> <spring-security.version>4.0.1.RELEASE</spring-security.version> <!-- Spring MVC
<spring.version>4.1.6.RELEASE</spring.version>
<spring-security.version>4.0.1.RELEASE</spring-security.version>
<!-- Spring MVC -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
<!-- will come with all needed Spring dependencies such as spring-core
and spring-beans -->
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<version>2.0.8</version>
</dependency>
<!-- spring security stuff -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>${spring-security.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring-security.version}</version>
<scope>compile</scope>
<exclusions>
<!-- Exclude Commons Logging in favor of SLF4j -->
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring-security.version}</version>
<scope>compile</scope>
<exclusions>
<!-- Exclude Commons Logging in favor of SLF4j -->
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>${spring-security.version}</version>
<exclusions>
<!-- Exclude Commons Logging in favor of SLF4j -->
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring-security.version}</version>
</dependency>
4.1.6.1版本
4.0.1.1发布
org.springframework
SpringWebMVC
${spring.version}
org.springframework
春季甲虫
${spring.version}
org.springframework
弹簧支架
2.0.8
org.springframework.security
spring安全bom表
${spring security.version}
聚甲醛
进口
org.springframework.security
spring安全内核
${spring security.version}
org.springframework.security
spring安全配置
${spring security.version}
编撰
公用记录
公用记录
org.springframework.security
spring安全网
${spring security.version}
编译
公用记录
公用记录
org.springframework.security
spring安全openid
${spring security.version}
公用记录
公用记录
org.springframework
德克萨斯州春季
${spring.version}
org.springframework
春季aop
${spring.version}
org.springframework.security
spring安全标记库
${spring security.version}
<!-- Spring MVC -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
</dependency>
<!-- spring security stuff -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>4.0.1.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
org.springframework
SpringWebMVC
org.springframework
春季甲虫
org.springframework
弹簧支架
org.springframework.security
spring安全bom表
4.0.1.1发布
聚甲醛
进口
org.springframework.security
spring安全内核
org.springframework.security
spring安全网
org.springframework.security
spring安全配置
org.springframework.security
spring安全openid
org.springframework
德克萨斯州春季
org.springframework
春季aop
org.springframework.security
spring安全标记库
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextInitializerClasses</param-name>
<param-value>com.sbna.dealerportal.web.CustomContextInitializer</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:application-context.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.context.WebApplicationContext.ROOT</param-value>
</init-param>
</filter>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Listener to support spring security-->
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.XmlWebApplicationContext
</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:context-web.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>/WEB-INF/views/*</url-pattern>
</servlet-mapping>
<error-page>
<error-code>404</error-code>
<location>/error</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/no-access</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error</location>
</error-page>
</web-app>
org.springframework.web.context.ContextLoaderListener
上下文初始化类
com.sbna.dealerportal.web.CustomContextInitializer
上下文配置位置
类路径:application-context.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
上下文属性
org.springframework.web.context.WebApplicationContext.ROOT
编码滤波器
org.springframework.web.filter.CharacterEncodingFilter
编码
UTF-8
强制编码
真的
springSecurityFilterChain
/*
编码滤波器
/*
org.springframework.security.web.session.HttpSessionEventPublisher
org.springframework.web.context.request.RequestContextListener
调度员
org.springframework.web.servlet.DispatcherServlet
上下文类
org.springframework.web.context.support.XmlWebApplicationContext
上下文配置位置
类路径:context-web.xml
1.
jsp
org.apache.jasper.servlet.JspServlet
2.
调度员
/
jsp
/WEB-INF/views/*
404
/错误
403
/禁止进入
500
/错误
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">
<context:component-scan base-package="com.project.security"/>
<sec:http use-expressions="true">
<!-- List secure pages and the users that can access them -->
<sec:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" requires-channel="${url.channel}"/>
<sec:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" requires-channel="${url.channel}"/>
<sec:intercept-url pattern="/app/inbox" access="hasAnyRole('ROLE_VENDOR', 'ROLE_BUYER', 'ROLE_APPROVER', 'ROLE_AUDITOR')" requires-channel="${url.channel}"/>
<sec:intercept-url pattern="/app" access="hasAnyRole('ROLE_ADMIN', 'ROLE_VENDOR', 'ROLE_BUYER', 'ROLE_APPROVER', 'ROLE_AUDITOR')" requires-channel="${url.channel}"/>
<sec:intercept-url pattern="/app/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_VENDOR', 'ROLE_BUYER', 'ROLE_APPROVER', 'ROLE_AUDITOR')" requires-channel="${url.channel}"/>
<!-- public pages here -->
<sec:intercept-url pattern="/**" access="permitAll" requires-channel="${url.channel}"/>
<sec:intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS"/>
<sec:form-login
login-page="/login"
login-processing-url="/process-login"
password-parameter="password"
username-parameter="username"
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"/>
<sec:logout logout-url="/logout" logout-success-url="/login?logout"/>
</sec:http>
<beans:bean id="authenticationSuccessHandler" class="com.project.security.CustomAuthenticationSuccessHandler"/>
<beans:bean id="authenticationFailureHandler" class="com.project.security.CustomAuthenticationFailureHandler"/>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<beans:bean id="customAuthenticationProvider" class="com.project.security.CustomAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
<!-- <beans:property name="passwordEncoder" ref="encoder"/> -->
</beans:bean>
<sec:authentication-manager>
<sec:authentication-provider ref="customAuthenticationProvider">
</sec:authentication-provider>
</sec:authentication-manager>
<sec:global-method-security secured-annotations="enabled"/>
</beans:beans>
已共享与spring security相关的所有代码。在尝试登录到应用程序时,不调用身份验证,抛出错误,最终导致无法访问页面。有谁能帮我解决这个问题。我注意到的一件事是,您的登录页面也受到访问规则的保护。尝试添加允许任何人访问登录页面的规则。大概是这样的:
<sec:http pattern="/login*" security="none"/>
<sec:http use-expressions="true">
<!-- List secure pages and the users that can access them -->
<sec:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" requires-channel="${url.channel}"/>