这个问题困扰我好久了,配置了Spring4.2.5+Spring security4.0(集成了cas)之后,采用Spring mvc框架,服务启动之后,访问服务时,如果第一个请求是Post请求,都返回403错误,跳转到指定的无权限页面,get请求就可以正常访问。打个比方就是我打开一个查询页面,按照查询条件查询了一些数据,这就等于是做了一次post请求,然后我关闭服务再重启,重启之后,我在刚才的查询页面按F5刷新,就跳转到了403页面。。。如果在浏览器地址栏中敲回车则能访问到查询页面。。。求大神帮忙解决。
applicationContext-security-cas.xml代码如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<!-- 浏览权限设定,根据自己的情况修改 -->
<sec:http auto-config="true" use-expressions="true"
disable-url-rewriting="true" entry-point-ref="casProcessingFilterEntryPoint">
<sec:anonymous enabled="false" />
<sec:intercept-url pattern="/**/*.jsp" access="isAuthenticated()" />
<sec:intercept-url pattern="/**/*.do" access="isAuthenticated()" />
<sec:intercept-url pattern="/**/*.html" access="isAuthenticated()" />
<sec:intercept-url pattern="/**/*.htm" access="isAuthenticated()" />
<sec:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
<sec:logout logout-success-url="${cas-server-url}/logout?service=${cas-service-url}" />
<sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<sec:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
<sec:session-management invalid-session-url="">
<sec:concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" expired-url="/common/timeout.jsp" />
</sec:session-management>
</sec:http>
<!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
<!-- This filter redirects to the CAS Server to signal Single Logout should
be performed -->
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="${cas-server-url}/logout?service=${cas-service-url}" />
<constructor-arg>
<bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="casAuthenticationProvider" />
</sec:authentication-manager>
<bean id="casAuthenticationFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<!-- 单点登录服务器登录URL -->
<property name="loginUrl" value="${cas-server-url}/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="loginServiceImpl" />
</bean>
</property>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="${cas-server-url}" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="${cas-service-url}/login/cas" />
<property name="sendRenew" value="true" />
</bean>
</beans>
Controller代码如下:
@RequestMapping(value = "/findDevice", method = { RequestMethod.POST,
RequestMethod.GET })//
public ModelAndView findDevice(HttpServletRequest request,
String deviceName, String deviceNO) throws AppException {
/**
* 获取页面查询标志位,如果flag.equals("query") == true,则封装查询条件。
*/
String flag = request.getParameter("flag");
// 封装查询条件
Map<String, String> map = new HashMap<String, String>();
if (null != flag && "query".equals(flag)) {
map.put("deviceName", deviceName);
map.put("deviceNO", deviceNO);
}
// 分页框架,该代码后的第一个查询接口会被执行分页操作
PageHelper.startPage(this.getPageNum(request),
this.getPageSize(request));
// 查询资产集合
List<DeviceDTO> deviceDTOList = this.deviceServiceImpl
.findAllDeviceList(map);
// 初始化分页数据
PageInfo<DeviceDTO> pagehelper = new PageInfo<DeviceDTO>(deviceDTOList);
// 封装页面所需数据
ModelAndView modelAndView = new ModelAndView();
modelAndView.addObject("pagehelper", pagehelper);
modelAndView.addObject("deviceName", deviceName);
modelAndView.addObject("deviceNO", deviceNO);
modelAndView.setViewName("jb/sbgla/device/findDevice");
return modelAndView;
}