xml – 为什么’permitAll()’不起作用？

提到值得：我正在关注 Securing GWT apps with Spring Security的教程.

我不懂.我似乎无法获得permitAll,因为我需要它.

这是我目前的配置：

<http auto-config="true">
    <intercept-url pattern="/**" access="permitAll" />
    <form-login 
        login-page="/login" 
        default-target-url="/welcome" 
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
</http>

如果我在// localhost：8080上访问我的网站,则该网站因为请求而未完全加载

//localhost:8080/app/xsrf

因某种原因被禁止了403.如果我理解正确的话,我配置Spring Security的方式应该不是问题.

如果我简单地添加,我就无法工作

<intercept-url pattern="/**" access="permitAll" />

到< http ..>什么工作是添加这个：

<http pattern="/app/xsrf" security="none"/>

我想了解为什么,因为这不是我要配置Spring Security的方式..添加应该允许的每个URL.

我面临的另一个问题是,无论出于何种原因(可能相同),我都无法访问// localhost：8080 / login.这意味着如果我将登录信息提交到/ login,我将收到403 Forbidden.

现在,人们会认为添加< http pattern =“/ login”security =“none”/>会有所帮助,但没有.如果我将其添加到我的配置中,我将在此特定URL上找到404 Not Found.

这开始让我疯了,因为我被困在这里这么多天我不敢告诉你.您的帮助将得到赞赏和奖励.

整个applicationContext-service.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">
 
    <!-- Imports -->
    <beans:import resource="applicationContext-jooq.xml"/>
 
    <!-- /////////////////////////////////////////////////////////////// -->
    <!-- // BEGIN Spring Security -->
 
    <http pattern="/app/xsrf" security="none"/>
    <!-- <http pattern="/login" security="none"/> -->
 
    <http auto-config="true">
        <intercept-url pattern="/**" access="permitAll" />
 
        <form-login 
            login-page="/login" 
            default-target-url="/welcome" 
            authentication-failure-url="/login?error" 
            username-parameter="username"
            password-parameter="password" />
    </http>
 
    <beans:bean id="authenticationListener" 
            class="com.mz.server.web.auth.CustomAuthenticationListener"/>
 
    <beans:bean id="authenticationProvider" 
            class="com.mz.server.web.auth.CustomAuthenticationProvider"/>
 
    <beans:bean id="userDetailsService" 
            class="com.mz.server.web.service.CustomUserDetailsService"/>
 
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="authenticationProvider"/>
    </authentication-manager>
 
    <!-- // END Spring Security -->
    <!-- /////////////////////////////////////////////////////////////// -->
    <!-- // BEGIN Services -->
 
    <beans:bean id="loginService" class="com.mz.server.web.service.LoginService">
        <beans:constructor-arg ref="dslContext" />
    </beans:bean>
 
    <!-- // END Services -->
 
</beans:beans>

编辑：

减少了applicationContext-service.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">
 
    <!-- Imports -->
    <beans:import resource="applicationContext-jooq.xml"/>
 
    <!-- //////////////////////////////////////////////////////////////////////////////// -->
    <!-- // BEGIN Spring Security -->
 
    <global-method-security pre-post-annotations="enabled"/>
 
    <http auto-config="true">
        <intercept-url pattern="/**" access="permitAll" />
    </http>
 
    <!-- // END Spring Security-->
 
</beans:beans>

这是web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
 
    <display-name>GWT Application | mz</display-name>
 
    <welcome-file-list> <!-- Default page to serve -->
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>
 
    <!-- //////////////////////////////////////////////////////////////////////////////// -->
    <!-- // BEGIN Filters -->
 
    <!-- Spring Security -->
 
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
 
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
 
    <!-- // END FILTERS -->
    <!-- //////////////////////////////////////////////////////////////////////////////// -->
    <!-- // BEGIN Listeners -->
 
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
 
    <listener>
        <listener-class>com.mz.server.web.ServerConfig</listener-class>
    </listener>
 
    <!-- // END Listeners -->
    <!-- //////////////////////////////////////////////////////////////////////////////// -->
    <!-- // BEGIN Servlets -->
 
    <servlet>
        <servlet-name>login</servlet-name>
        <servlet-class>com.mz.server.web.servlet.LoginServletImpl</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>login</servlet-name>
        <url-pattern>/app/login</url-pattern>
    </servlet-mapping>
 
    <servlet>
        <servlet-name>xsrf</servlet-name>
        <servlet-class>com.google.gwt.user.server.rpc.XsrfTokenServiceServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>xsrf</servlet-name>
        <url-pattern>/app/xsrf</url-pattern>
    </servlet-mapping>
 
    <servlet> <!-- Dispatcher Servlet for REST API for Mobile Devices -->
        <servlet-name>mobile-restapi</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>    
    <servlet-mapping>
        <servlet-name>mobile-restapi</servlet-name>
        <url-pattern>/app/restapi/*</url-pattern>
    </servlet-mapping>
 
    <!-- // END Servlets -->
    <!-- //////////////////////////////////////////////////////////////////////////////// -->
    <!-- // BEGIN Context Parameter -->
 
    <context-param>
        <param-name>
            gwt.xsrf.session_cookie_name
        </param-name>
        <param-value>
            mzsid
        </param-value>
    </context-param>
 
    <context-param>
        <param-name>
            contextConfigLocation
        </param-name>
        <param-value>
            classpath:/**/spring-config.xml
            classpath*:applicationContext-service.xml
        </param-value>
    </context-param>
 
    <!-- // END Context Parameter -->
    <!-- //////////////////////////////////////////////////////////////////////////////// -->
 
</web-app>

看来错误发生在web.xml中.而不是< url-pattern> / *< / url-pattern> (正如我所遵循的教程中所述)它应该是/ **：

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <!-- It appears that this should say '/**' and not '/*' as stated in many
        tutorials 
        (e.g. http://websystique.com/spring-security/spring-security-4-hello-world-annotation-xml-example/).  -->
    <url-pattern>/**</url-pattern>
</filter-mapping>

有趣的是,我现在得到以下“信息”：

INFO: SuspicIoUs url pattern: "/**" in context [] - see section SRV.11.2 of the Servlet specification

我只能说,这开始变得个人化了……

xml – 为什么’permitAll()’不起作用？

猜你在找的XML相关文章