问题:
Spring安全不会拦截使用 IIS ISAPI 配置的雄猫中的 URL
诸新霁
我是Spring Security性的新手,并试图将其与现有应用程序集成。此旧版应用程序部署在 IIS 后面的 tomcat 7 服务器中。ISAPI 筛选器用于将请求分派到此雄猫实例。
由于我早期尝试将Spring Security集成到这个遗留应用程序中的尝试没有成功,我将一个工作的Spring Security应用程序示例(经过测试)复制到tomcat实例中,并完全删除了遗留应用程序。令我惊讶的是,它仍然无法拦截安全网址。(但是当我使用maven tomcat插件运行时,这个示例应用程序工作正常。),所以我想知道为什么我的应用程序在配置了ISAPI和IIS的tomcat实例中无法工作。
我已经将转发URL模式添加到url工作线程映射中,并且我可以成功地击中安全控制器,而无需先进行身份验证。
请找到我的tomcat日志
Jul 06, 2016 11:32:13 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [C:\Server_APP_Location\XYZ_APP\Tomcat\7.0.30\shared\classes], exists: [false], isDirectory: [false], canRead: [false]
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'minProcessors' to '5' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxProcessors' to '300' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching 'Server/Service/Engine/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlValidation' to 'false' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlNamespaceAware' to 'false' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching 'Server/Service/Engine/Host/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching 'Server/Service/Engine/Host/Context/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 575 ms
Jul 06, 2016 11:32:14 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 06, 2016 11:32:14 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.30
Jul 06, 2016 11:32:15 PM org.apache.catalina.util.SessionIdGenerator createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [158] milliseconds.
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext resourcesStart
SEVERE: Error starting static Resources
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error in resourceStart()
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error getConfigured
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
Jul 06, 2016 11:32:15 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Server_APP_Location\XYZ_APP\Tomcat\7.0.30\webapps\someWebApplication
Jul 06, 2016 11:32:16 PM org.apache.catalina.core.ApplicationContext log
INFO: No Spring WebApplicationInitializer types detected on classpath
Jul 06, 2016 11:32:16 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
INFO ContextLoader:273 - Root WebApplicationContext: initialization started
INFO XmlWebApplicationContext:510 - Refreshing Root WebApplicationContext: startup date [Wed Jul 06 23:32:16 AEST 2016]; root of context hierarchy
INFO XmlBeanDefinitionReader:315 - Loading XML bean definitions from URL [file:/C:/Server_APP_Location/XYZ_APP/Tomcat/7.0.30/webapps/someWebApplication/WEB-INF/classes/application-context.xml]
DEBUG DefaultDocumentLoader:72 - Using JAXP provider [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
DEBUG PluggableSchemaResolver:140 - Loading schema mappings from [META-INF/spring.schemas]
DEBUG PluggableSchemaResolver:118 - Found XML schema [http://www.springframework.org/schema/security/spring-security-3.2.xsd] in classpath: org/springframework/security/config/spring-security-3.2.xsd
DEBUG BeanUtils:443 - No property editor [org.springframework.web.context.request.WebRequestInterceptorEditor] found for type org.springframework.web.context.request.WebRequestInterceptor according to 'Editor' suffix convention
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.web.servlet.handler.MappedInterceptor#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.handler.MappedInterceptor#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0'
DEBUG RequestMappingHandlerMapping:105 - Looking for request mappings in application context: Root WebApplicationContext: startup date [Wed Jul 06 23:32:16 AEST 2016]; root of context hierarchy
INFO RequestMappingHandlerMapping:185 - Mapped "{[/api/json/{id}],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public rest.demo.JsonRestObject rest.demo.RestController.getJsonRestObject(java.lang.Integer)
INFO RequestMappingHandlerMapping:185 - Mapped "{[/apiv2/json/{id}],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public rest.demo.JsonRestObject rest.demo.RestController2.getJsonResponse(java.lang.Integer)
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.format.support.FormattingConversionServiceFactoryBean#0'
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.filterChains': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.filterChainProxy': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.PortMapperImpl#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.PortResolverImpl#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.ProviderManager#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.context.NullSecurityContextRepository#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.savedrequest.NullRequestCache#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.access.vote.AffirmativeBased#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.userDetailsServiceFactory': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.DefaultSecurityFilterChain#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'authenticationEntryPoint': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'customRestFilter': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authenticationManager': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'restAuthenticationProvider': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor': no URL paths identified
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.filterChains'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.filterChains'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.context.NullSecurityContextRepository#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG StandardServletEnvironment:112 - Initializing new StandardServletEnvironment
DEBUG DLBF:215 - Creating shared instance of singleton bean 'customRestFilter'
DEBUG DLBF:435 - Creating instance of bean 'customRestFilter'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'restAuthenticationProvider'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authenticationManager' to allow for resolving potential circular references
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authenticationManager'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authenticationManager'
DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0' to allow for resolving potential circular references
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.ProviderManager#0' to allow for resolving potential circular references
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#19'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name '(inner bean)#19'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#19'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'authenticationEntryPoint'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.savedrequest.NullRequestCache#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#21'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' to allow for resolving potential circular references
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#22'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#22'
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#23'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#23'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.access.vote.AffirmativeBased#0' to allow for resolving potential circular references
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG FilterSecurityInterceptor:159 - Validated configuration attributes
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
INFO DefaultSecurityFilterChain:28 - Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@3ba71e33, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@58afc4dd, rest.demo.CustomRestSecurityFilter@7ba5b6a7, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3c7acd5c, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@22407209, org.springframework.security.web.access.ExceptionTranslationFilter@34febe70, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4088c63e]
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.filterChains'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.filterChains'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.filterChainProxy'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.filterChainProxy'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.filterChains'
DEBUG StandardEnvironment:116 - Initialized StandardEnvironment with PropertySources [systemProperties,systemEnvironment]
DEBUG BeanUtils:443 - No property editor [org.springframework.security.web.SecurityFilterChainEditor] found for type org.springframework.security.web.SecurityFilterChain according to 'Editor' suffix convention
DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.filterChainProxy' to allow for resolving potential circular references
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#26'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#26'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.filterChainProxy'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.filterChainProxy'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.PortMapperImpl#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.PortResolverImpl#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.PortResolverImpl#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.PortResolverImpl#0' to allow for resolving potential circular references
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.PortResolverImpl#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.userDetailsServiceFactory'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.userDetailsServiceFactory'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.userDetailsServiceFactory' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.userDetailsServiceFactory'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'authenticationEntryPoint'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'customRestFilter'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'restAuthenticationProvider'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor'
DEBUG XmlWebApplicationContext:858 - Unable to locate LifecycleProcessor with name 'lifecycleProcessor': using default [org.springframework.context.support.DefaultLifecycleProcessor@3b6ecdb3]
DEBUG ContextLoader:308 - Published root WebApplicationContext as ServletContext attribute with name [org.springframework.web.context.WebApplicationContext.ROOT]
INFO ContextLoader:313 - Root WebApplicationContext: initialization completed in 2371 ms
DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG DelegatingFilterProxy:172 - Initializing filter 'springSecurityFilterChain'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.filterChainProxy'
当我点击宁静的控制器时,我可以看到以下日志,
DEBUG DispatcherServlet:823 - DispatcherServlet with name 'RestFulServlet' processing GET request for [/retail/online/api/json/1]
DEBUG RequestMappingHandlerMapping:226 - Looking up handler method for path /api/json/1
DEBUG RequestMappingHandlerMapping:233 - Returning handler method [public rest.demo.JsonRestObject rest.demo.RestController.getJsonRestObject(java.lang.Integer)]
DEBUG DefaultListableBeanFactory:246 - Returning cached instance of singleton bean 'restController'
DEBUG DispatcherServlet:912 - Last-Modified value for [/retail/online/api/json/1] is: -1
DEBUG RequestResponseBodyMethodProcessor:150 - Written [rest.demo.JsonRestObject@1493b4f0] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJacksonHttpMessageConverter@6d4c031d]
DEBUG DispatcherServlet:999 - Null ModelAndView returned to DispatcherServlet with name 'RestFulServlet': assuming HandlerAdapter completed request handling
DEBUG DispatcherServlet:966 - Successfully completed request
网站.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:application-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>RestFulServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RestFulServlet</servlet-name>
<url-pattern>/online/*</url-pattern>
</servlet-mapping>
应用程序上下文
<context:component-scan base-package="rest.demo" />
<mvc:annotation-driven />
<security:http create-session="stateless" entry-point-ref="authenticationEntryPoint" authentication-manager-ref="authenticationManager">
<security:custom-filter ref="customRestFilter" position="BASIC_AUTH_FILTER" />
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="Username: jack Password: jill" />
</bean>
<bean id="customRestFilter" class="rest.demo.CustomRestSecurityFilter">
<constructor-arg name="authenticationManager" ref="authenticationManager" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="restAuthenticationProvider" />
</security:authentication-manager>
<bean id="restAuthenticationProvider" class="rest.demo.RestAuthenticationProvider" />
我运行的是spring security和framework版本3.2.2。
共有1个答案
漆雕令秋
出现此问题的原因是,来自tomcat的请求被另一个web应用程序转发给我尝试实现Spring Security性的应用程序,如下所示
RequestDispatcher dispatcher = context.getRequestDispatcher(uri);
dispatcher.forward(req, rsp);
所以我所要做的就是将调度程序标志添加到Spring Security过滤器
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
因此,如果您遇到类似的问题,请确保如何将请求分派到您的应用程序。
类似资料:
-
我想添加spring mvc拦截器作为Java配置的一部分。我已经有了一个基于xml的配置,但是我正在尝试使用Java的配置。对于拦截器,我从spring的文档中知道可以这样做- 但我的拦截器使用了一个spring豆,就像下面这样- SomeService类如下所示- 我使用这样的注释来扫描bean,并且没有在配置类中将它们指定为 根据我的理解,由于Java配置使用new来创建对象,所以sprin
-
然后我添加了一个SecurityConfig。从那时起,CorsFilter停止工作,我在angular应用程序中得到了一个异常: CORS策略阻止了从origin“http://localhost:8080/users/999/folders/%2f/media/”从“http://localhost:4200”访问“http://localhost:8080/users/999/folders
-
问题内容: 我知道Struts2 Action类是线程安全的,因为这些操作放在了值堆栈中。值堆栈又是动作上下文的一部分。由于操作上下文是线程本地的,因此存储在操作上下文中的值(包括值堆栈)在每个线程中都是唯一的。因此,动作是线程安全的。 但是考虑一下拦截器:它们确实很有用,它们为程序员完成了所有繁琐的小工作……例如验证,获取参数值等。但是要考虑的是:拦截器可以在多个请求之间共享。那么这会使拦截器线
-
我为spring-boot创建了一个spring安全配置类。我的登录页面有资源css、js和ico文件。这些资源由于安全原因而被拒绝,并且每次都被重定向到登录页面。为什么EnableWebMVCSecurity不添加类路径资源位置。在更改代码后,如第二个代码片段所示,将添加I Classpath资源位置。不明白第一段代码中的资源缺少什么。 我通过将代码更改为 在更改代码之后,我注意到忽略路径被添加
-
现在,当我到达spring-boot应用程序的endpoint时,它工作得很好 基本上,它根本不调用preandle。我错过了什么????
-
1. 前言 拦截器这个名词定义的非常形象,就像导弹要攻击目标的时候,可能会被先进的反导系统拦截,此处的反导系统就是一种拦截器。 我们开发的应用,对外暴露的是控制器中定义的 API 方法,我们可以在 API 方法的外围放置拦截器,所有对 API 的访问都可以通过拦截器进行过滤。 OK,那么这样的拦截有什么意义吗,其实已经很明显了,反导系统可以保护目标的安全并识别对目标的攻击行为。同理,拦截器可以跟踪