1. 首页
  2. 问答
  3. Spring 3 MVC +安全

Spring 3 MVC +安全

2013-03-14 189 views
1

我有两个示例项目 - 第一个是Spring 3 MVC项目,第二个是Spring 3 Security项目......两者都运行良好......但是当我尝试创建应用程序时,安全性和MVC,我都无法实现如何使其工作。我的应用程序的结构是这样的: enter image description hereSpring 3 MVC +安全

当我在/然后安全工作的JSP页面......但是,当我想要把他们/WEB-INF/views能够映射@Controller对他们来说,那么它不工作......有人可以请教我,在哪里以及要改变什么,以使其在/WEB-INF/views/的JSP中工作?

我的配置文件:

/WEB-INF/spring/appServlet/servlet-context.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/mvc" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:context="http://www.springframework.org/schema/context" 
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd 
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> 

<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure --> 

<!-- Enables the Spring MVC @Controller programming model --> 
<annotation-driven /> 

<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory --> 
<resources mapping="/resources/**" location="/resources/" /> 

<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory --> 
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
    <beans:property name="prefix" value="/WEB-INF/views/" /> 
    <beans:property name="suffix" value=".jsp" /> 
</beans:bean> 

<context:component-scan base-package="cz.cvut.fit" /> 

    <context:component-scan base-package="com.chickstarter.web" /> 
<resources location="/resources/**" mapping="/src/webapp/resources"/> 


    </beans:beans>

/WEB-INF/spring/appServlet/web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
xmlns="http://java.sun.com/xml/ns/javaee" 
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> 
<context-param> 
<param-name>contextConfigLocation</param-name> 
<param-value>/WEB-INF/spring/root-context.xml</param-value> 
</context-param> 
<listener> 
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 
<servlet> 
<servlet-name>appServlet</servlet-name> 
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
<init-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> 
</init-param> 
<load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
<servlet-name>appServlet</servlet-name> 
<url-pattern>/</url-pattern> 
</servlet-mapping> 
<!-- START: Spring Security --> 
<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
<!-- END: Spring Security --> 
<servlet> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>classpath:applicationContext-web.xml</param-value> 
    </init-param> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <url-pattern>/data/*</url-pattern> 
</servlet-mapping> 
</web-app>

/src/main/resources/applicationContext-sexurity.xml

<beans xmlns:security="http://www.springframework.org/schema/security" 
    xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<security:http pattern="/login.jsp*" security="none"/> 
<security:http pattern="/denied.jsp" security="none"/> 

<security:http auto-config="true" access-denied-page="/denied.jsp" servlet-api-provision="false"> 
    <security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/> 
    <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/> 
    <security:intercept-url pattern="/**" access="ROLE_USER"/> 
    <security:form-login login-page="/login.jsp" authentication-failure-url="/denied.jsp" 
         default-target-url="/home.jsp"/> 
    <security:logout/> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider> 
     <security:user-service> 
      <security:user name="adam" password="adampassword" authorities="ROLE_USER"/> 
      <security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/> 
      <security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/> 
     </security:user-service> 
    </security:authentication-provider> 
</security:authentication-manager> 

</beans>

来源

2013-03-14 Dworza

+0

你可以给两个演示项目请 – Himanshu 2013-03-15 07:32:55

+0

当然:)其中一个只是通过Spring Tool Suite创建的Spring MVC模板,Spring的安全项目可以在这里找到http://www.jeenisoftware.com/spring-3- security-example/ – Dworza 2013-03-15 11:44:14

+0

伟大的演示感谢dworza – Himanshu 2013-03-15 13:06:05

回答

1

首先,您在web.xml中定义了2个调度程序servlet,其中一个加载applicationContext和另一个servlet上下文。这实际上是必要的吗?如果你真的想分割文件,你可以在servlet-context中使用导入标签。

二,你也有2 <resources>标签。由于路径扫描从webapp文件夹开始,所以首先就足够了。

第三,让你所有的jsp只能从他们的控制器访问。排除你想不认证访问网址:

<security:intercept-url pattern="login/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

上面会排除访问的所有resouces由以下控制器RequestMapping

的LoginController:

@Controller 
@RequestMapping("login") 
public class LoginController 
{ 

    @RequestMapping(method = RequestMethod.GET) 
    public String login(Authentication authentication) 
    { 
     if ((authentication != null) && authentication.isAuthenticated()) 
     { 
      return "redirect:dashboard"; 
     } 
     return "login"; 
    } 

    @RequestMapping(value="doSomething", method = RequestMethod.POST) 
    public String postLogin(Authentication authentication) 
    { 
     // Something else 
    } 

}

返回 “登录”将打开您的InternalResourceViewResolver定义的页面,并将查找WEB-INF/views下的页面。

在您的安全文件中,将所有路径从jsp pahts更改为RequestMapping路径。

来源

2013-03-15 04:30:32

+0

1)确实不需要两个调度程序servlet ...正如你所看到的,我刚刚开始使用spring,并且对所有那些配置文件和它们的属性感到困惑...... 2)啊,所以......谢谢......之前没有捕捉到它:) 3 )我会尽快尝试,因为我得到了到我的电脑..然后我会通知你有关结果:) – Dworza 2013-03-15 12:06:30

+0

谢谢:)它解决了我的问题,我希望,我的代码现在更清晰:) – Dworza 2013-03-15 21:38:01

0

您是直接accessi不使用处理程序而使用某些jsp。例如

<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
<security:form-login login-page="/login.jsp" authentication-failure-url="/denied.jsp" 
        default-target-url="/home.jsp"/>

因此,安全性将起作用,直到它找到您的登录名,被拒绝并回到家中jsp的根目录。

你可以做的最简单的事情是将它们改为/ WEB-INF/views url。但我认为这不是直接访问jsp的做法。您应该使用处理程序方法。我会在下面举一个例子。

@RequestMapping(value="login", method= RequestMethod.GET) 
public String showLogin(){ 
    return "login"; 
}

然后为Request映射url应用安全性。

<security:intercept-url pattern="login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

现在您的安全逻辑不会与您的文件物理位置绑定。保持松散耦合总是件好事。

希望这会有所帮助。 使用弹簧security documentation了解更多详情。

来源

2013-03-15 03:44:02

+0

但是,这是直接问题,我试图解决...将URL更改为/ WEB-INF/views/whatever并尝试将其映射到控制器不起作用...: -/ – Dworza 2013-03-15 11:59:35

相关问题

 相关问题