c04s31602
c04s31602
2014-06-10 14:50

spring security不登陆也可以任意访问

已采纳

项目中准备用spring security,根据网上搜索的资料做了一个demo,但是测试结果是不用登陆也能正常任意访问,请各位帮忙看下哪里有问题,谢谢。

以下是配置文件:

web.xml
[code="java"]<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >

xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd">

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:/applicationContext.xml,classpath*:/spring-security.xml</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>encodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>encodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Spring Security Filter -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    <!-- <init-param>
        <param-name>struts.i18n.encoding</param-name>
        <param-value>GBK</param-value>
    </init-param> -->
</filter>
<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


<session-config>
    <session-timeout>30</session-timeout>
</session-config>


[/code]

spring-security.xml
[code="java"]<?xml version="1.0" encoding="UTF-8"?>
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
beans:descriptionSpring Security安全配置/beans:description

<http auto-config="true">

    <form-login  login-page="/login.htm"
        authentication-failure-url="/login.htm?error=1"  authentication-success-handler-ref="customAuthenticationSuccessHandler" />

    <logout logout-success-url="/index.htm" />

    <remember-me key="oms123456789" token-validity-seconds="1209600"/> 

    <access-denied-handler ref="accessDeniedHandler" /> 

    <custom-filter ref="CustomFilterSecurityInterceptorImpl" before="FILTER_SECURITY_INTERCEPTOR" />
    <http-basic />
</http>

<!-- 登录成功后 操作类-->
<beans:bean id="customAuthenticationSuccessHandler" class="com.ule.oms.user.security.CustomAuthenticationSuccessHandler" >
    <beans:constructor-arg value="/index.htm" />
    <beans:property name="customAlwaysUseDefTargUrl" value="false"/>
</beans:bean>

<!-- 拒绝访问操作类 -->
<beans:bean id="accessDeniedHandler" class="com.ule.oms.user.security.CustomAccessDeniedHandler" >
    <beans:property name="errorPage" value="/denied.htm"/>
</beans:bean>

 <!-- 一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性。 -->
<beans:bean id="CustomFilterSecurityInterceptorImpl" class="com.ule.oms.user.security.CustomFilterSecurityInterceptorImpl">
    <beans:property name="authenticationManager" ref="autheticationManager" /><!-- 登陆的认证 -->
    <beans:property name="accessDecisionManager" ref="customAccessDecisionManager" /><!-- 资源访问决策 -->
    <beans:property name="securityMetadataSource" ref="customSecurityMetadataSource" /><!-- 资源和权限列表 -->
</beans:bean>

<authentication-manager alias="autheticationManager">  
    <authentication-provider user-service-ref="userDetailsServiceImpl">  
    </authentication-provider>  
</authentication-manager>  

/beans:beans [/code]

不胜感激。

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • lxm_yl ascendlin 7年前

    [code="xml"][/code]

    点赞 评论 复制链接分享

相关推荐