J'essaie d'ajouter un support d'authentification à mon application Web Spring 3.0 mais rien de l'authentification http: basic à une authentification plus élaborée ne fonctionne. les exemples fournis dans la documentation Spring ne fonctionnent pas.La sécurité de Spring 3.0 ne fonctionne pas avec les contrôleurs basés sur les annotations
Existe-t-il une manière différente d'activer la sécurité lors de l'utilisation de contrôleurs annotés?
J'ai mappage springSecurityFilterChain dans web.xml, j'ai des fichiers jar de sécurité de printemps dans ma bibliothèque.
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!--
Key of the system property that should specify the root directory of this
web app. Applied by WebAppRootListener or Log4jConfigListener.
-->
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>WebIDE.root</param-value>
</context-param>
<!-- Reads request input using UTF-8 encoding -->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Map URL for views: display /index instead of /app/index as
suggested by the dispatcher -->
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app-config.xml
/WEB-INF/applicationContext-security.xml</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Mapping required for the security feature to work -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- set up dispatcher servlet -->
<servlet>
<servlet-name>app dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app dispatcher</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>jnlp</extension>
<mime-type>application/x-java-jnlp-file</mime-type>
</mime-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
application security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- enable web security for defined roles -->
<http auto-config='true'>
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page='/login.jsp' default-target-url='/' />
</http>
<!-- define test logins TO REMOVE -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimi" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="bob" password="bob" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
log4j.properties
log4j.rootLogger=DEBUG, stdout, logfile
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - <%m>%n
log4j.appender.logfile=org.apache.log4j.RollingFileAppender
log4j.appender.logfile.File=${WebIDE.root}\WEB-INF\resources\WebIDE.log
log4j.appender.logfile.MaxFileSize=512KB
# Keep three backup files.
log4j.appender.logfile.MaxBackupIndex=3
# Pattern to output: date priority [category] - message
log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
log4j.appender.logfile.layout.ConversionPattern=%d %p [%c] - %m%n
log4j.logger.org.springframework.security=DEBUG
tous mes fichiers jsp sont enregistrés dans WEB-INF/vues/
DEBUG GING INFO
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Initializing filter 'springSecurityFilterChain'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean org.springframework.security.filterChainProxy'
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Filter 'springSecurityFilterChain' configured successfully
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean'org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler#0'
DEBUG[org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource] - Adding web access control expression 'ROLE_USER', for Ant [pattern='/']
DEBUG[org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource] - Adding web access control expression 'ROLE_USER', for [email protected]
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean '(inner bean)#6'
INFO [org.springframework.security.config.http.DefaultFilterChainValidator] - Checking whether login URL '/spring_security_login' is accessible with your configuration
DEBUG [org.springframework.security.config.http.DefaultFilterChainValidator] - Default generated login page is in use
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean 'org.springframework.security.filterChainProxy'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.provisioning.InMemoryUserDetailsManager#0'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.authentication.dao.DaoAuthenticationProvider#0'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
2010-11-29 07:57:58,744 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - Unable to locate LifecycleProcessor with name 'lifecycleProcessor': using default
[[email protected]2c3d]
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'lifecycleProcessor'
DEBUG [org.springframework.web.context.ContextLoader] - Published root WebApplicationContext as ServletContext attribute with name
[org.springframework.web.context.WebApplicationContext.ROOT]
INFO [org.springframework.web.context.ContextLoader] - Root WebApplicationContext: initialization completed in 9316 ms
DEBUG [org.springframework.web.filter.CharacterEncodingFilter] - Initializing filter 'characterEncodingFilter'
DEBUG [org.springframework.web.filter.CharacterEncodingFilter] - Filter 'characterEncodingFilter' configured successfully
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Initializing filter 'springSecurityFilterChain'
DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'org.springframework.security.filterChainProxy'
DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Filter 'springSecurityFilterChain' configured successfully
DEBUG [org.springframework.web.servlet.DispatcherServlet] - Initializing servlet 'app dispatcher'
INFO [org.springframework.web.servlet.DispatcherServlet] - FrameworkServlet 'app dispatcher': initialization started
Qu'est-ce qui ne fonctionne pas exactement? – axtavt
rien ne se passe. avec la sécurité de printemps activée, et tous les fichiers jar ajoutés, lorsque je charge le système, il n'y a pas de page de connexion "de base". Même si je définis une page de connexion, elle ne s'affiche pas du tout. Je devrais également mentionner que j'utilise seulement un jsp et compte sur les appels de dojo json pour la fonctionnalité différente. Je ne suis pas sûr si cela pourrait être la cause du problème. – serena
J'ai mis à jour le message ci-dessus pour ajouter mon fichier web.xml et log4j.properties – serena