ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 其他分享> 文章详细

在GAE中使用Spring Security时面临的问题

2019-12-08 19:18:35  阅读:216  来源: 互联网

标签:google-app-engine spring-security spring


我正在关注本文,以在我的GAE项目http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/中实现Spring Security

我无法使其正常工作,我已配置为受保护的网址未受到保护,并且应用程序未将我重定向到Google登录页面.这是我的web.xml和security-config.xml.请帮忙,因为我已经花了很多时间在此上.我认为有一些小问题我无法解决.

web.xml

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/security-config.xml
    </param-value>
</context-param>

<!-- Enables Spring Security -->
<filter>
    <filter-name>authenticationFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<!-- Reads request input using UTF-8 encoding -->
<filter>
    <filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>authenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>characterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>controller</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>controller</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

security-config.xml

   <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http pattern="/static/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />

<security:http use-expressions="true" entry-point-ref="entryPoint"
    access-denied-page="/">
    <security:intercept-url pattern="/" access="isAuthenticated()" />
    <security:intercept-url pattern="/sample"
        access="isAuthenticated()" />
    <security:custom-filter position="PRE_AUTH_FILTER"
        ref="authenticationFilter" />
</security:http>

<bean id="entryPoint"
    class="com.generic.gae.security.GoogleAccountsAuthenticationEntryPoint" />

<bean id="authenticationFilter" class="com.generic.gae.security.GaeAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="authenticationProvider" />
</security:authentication-manager>

<bean id="authenticationProvider"
    class="com.generic.gae.security.GoogleAccountsAuthenticationProvider" />

谢谢

解决方法:

在security-config.xml中定义的authenticationFilter不是在web.xml中使用的那个.默认情况下,Spring Security使名称为springSecurityFilterChain的过滤器bean可供您使用.因此,您在web.xml中的过滤器声明应为:

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

...

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

参见第Security Namespace Configuration页的2.2节

标签:google-app-engine,spring-security,spring
来源: https://codeday.me/bug/20191208/2093577.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有