Magnolia CMS 与 Blossom + spring 安全性
Posted
技术标签:
【中文标题】Magnolia CMS 与 Blossom + spring 安全性【英文标题】:Magnolia CMS with Blossom + spring security 【发布时间】:2014-07-12 15:41:33 【问题描述】:我对木兰花用户提出了有关春季安全的问题 我正在尝试遵循 magnolia cms 页面上提供的所有指南,但没有一个对我有用。我已经按照描述的方式配置了 web.xml 和 spring 安全上下文 + 我自己的配置,用于从数据库中检索用户。我可以使用jetty(eclipse)启动应用程序而没有任何关于bean etx的错误,但是当登录页面出现时我无法实现。 在我的开发人员 magnolia jetty 实例上运行时,我被要求使用 magnolia 页面登录,成功登录后没有弹簧安全性迫使我再次登录。这是示例网址
http://localhost:9999/magnolia-blossom-sample-webapp/home/tours/statues-tour.html
在 tomcat 上部署到公共 magnolia 实例时,我没有被要求登录到 magnolia,但我的页面没有使用 spring 安全性登录页面。
http://localhost:8080/magnoliaPublic/home/tours.html
问题是我可能会错过什么我无法获得授权页面以使用 Spring Security 登录。
这是我的配置
Magnolia public/author web.xml(因为 web.xml 没有放在我的开花模块中)
<filter>
<display-name>Magnolia global filters</display-name>
<filter-name>magnoliaFilterChain</filter-name>
<filter-class>info.magnolia.cms.filters.MgnlMainFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>magnoliaFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>info.magnolia.module.blossom.web.InstallationAwareDelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/home/*</url-pattern> // /* doesn't work neither
</filter-mapping>
<listener>
<listener-class>info.magnolia.init.MagnoliaServletContextListener</listener-class>
</listener>
<context-param>
<description>Vaadin production mode</description>
<param-name>productionMode</param-name>
<param-value>true</param-value>
</context-param>
Spring 安全上下文 applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"
default-autowire="byType">
<beans:bean id="authSuccessHandler" class="security.auth.AuthenticationSuccessHandler">
<beans:property name="userLogic" ref="userLogic"/>
</beans:bean>
<beans:bean id="authFailureHandler" class="security.auth.AuthenticationFailureHandler">
</beans:bean>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()" />
<intercept-url pattern="/*" access="hasRole('adminMLM')" />
<form-login login-page="/login"
authentication-success-handler-ref="authSuccessHandler"
authentication-failure-handler-ref="authFailureHandler"
default-target-url="/"
/>
<logout />
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userLogic"/>
<beans:property name="passwordEncoder" ref="userLogic"/>
<beans:property name="saltSource" ref="userLogic"/>
</beans:bean>
<authentication-manager>
<authentication-provider ref="daoAuthenticationProvider" />
</authentication-manager>
</beans:beans>
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:blossom="http://www.magnolia-cms.com/schema/blossom"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.magnolia-cms.com/schema/blossom
http://www.magnolia-cms.com/schema/blossom.xsd ">
<bean class="info.magnolia.blossom.sample.module.service.SalesApplicationWebServiceImpl" />
<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>
</beans>
blossom-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config/>
<context:component-scan base-package="logic.impl" />
<context:component-scan base-package="info.magnolia.blossom.sample.module" use-default-filters="false">
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.Template"/>
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.Area"/>
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.DialogFactory"/>
<context:include-filter type="annotation" expression="info.magnolia.module.blossom.annotation.VirtualURIMapper"/>
<context:include-filter type="assignable" expression="info.magnolia.cms.beans.config.VirtualURIMapping"/>
</context:component-scan>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
<property name="customArgumentResolvers">
<list>
<bean class="info.magnolia.module.blossom.web.BlossomHandlerMethodArgumentResolver" />
</list>
</property>
<!-- For @Valid - JSR-303 Bean Validation API -->
<property name="webBindingInitializer">
<bean class="org.springframework.web.bind.support.ConfigurableWebBindingInitializer">
<property name="validator">
<bean class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean" />
</property>
</bean>
</property>
</bean>
<bean class="info.magnolia.module.blossom.preexecution.BlossomHandlerMapping">
<property name="targetHandlerMappings">
<list>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
<property name="useSuffixPatternMatch" value="false" />
</bean>
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping" />
</list>
</property>
</bean>
<bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter" />
<bean class="info.magnolia.module.blossom.view.UuidRedirectViewResolver">
<property name="order" value="1" />
</bean>
<!-- JSP - renders all views that end with .jsp -->
<bean class="info.magnolia.module.blossom.view.TemplateViewResolver">
<property name="order" value="2"/>
<property name="prefix" value="/templates/blossomSampleModule/"/>
<property name="viewNames" value="*.jsp"/>
<property name="viewRenderer">
<bean class="info.magnolia.module.blossom.view.JspTemplateViewRenderer">
<property name="contextAttributes">
<map>
<entry key="damfn">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="damfn"/>
<property name="componentClass" value="info.magnolia.dam.asset.functions.DamTemplatingFunctions"/>
</bean>
</entry>
</map>
</property>
</bean>
</property>
</bean>
<!-- Freemarker - renders all views that end with .ftl -->
<bean class="info.magnolia.module.blossom.view.TemplateViewResolver">
<property name="order" value="3"/>
<property name="prefix" value="/blossomSampleModule/"/>
<property name="viewNames" value="*.ftl"/>
<property name="viewRenderer">
<bean class="info.magnolia.module.blossom.view.FreemarkerTemplateViewRenderer">
<property name="contextAttributes">
<map>
<entry key="cms">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="cms"/>
<property name="componentClass" value="info.magnolia.templating.freemarker.Directives"/>
</bean>
</entry>
<entry key="cmsfn">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="cmsfn"/>
<property name="componentClass" value="info.magnolia.templating.functions.TemplatingFunctions"/>
</bean>
</entry>
<entry key="damfn">
<bean class="info.magnolia.rendering.renderer.ContextAttributeConfiguration">
<property name="name" value="damfn"/>
<property name="componentClass" value="info.magnolia.dam.asset.functions.DamTemplatingFunctions"/>
</bean>
</entry>
</map>
</property>
</bean>
</property>
</bean>
</beans>
BlossomSampleModule.java
public class BlossomSampleModule extends BlossomModuleSupport implements ModuleLifecycle
public void start(ModuleLifecycleContext moduleLifecycleContext)
if (moduleLifecycleContext.getPhase() == ModuleLifecycleContext.PHASE_SYSTEM_STARTUP)
super.initRootWebApplicationContext("classpath:/applicationContext.xml");
super.initBlossomDispatcherServlet("blossom", "classpath:/blossom-servlet.xml, classpath:/applicationContext-security.xml");
public void stop(ModuleLifecycleContext moduleLifecycleContext)
if (moduleLifecycleContext.getPhase() == ModuleLifecycleContext.PHASE_SYSTEM_SHUTDOWN)
super.destroyDispatcherServlets();
super.closeRootWebApplicationContext();
最好的问候
【问题讨论】:
【参考方案1】:Magnolia 过滤器链中的最后一个过滤器 - RenderingFilter 在过滤器链中充当终止符。如果它从 Magnolia(或通过 Blossom)找到要渲染的内容,它将不会继续处理过滤器链,因此您的其他过滤器(弹簧安全)将不会被执行。您需要确保您的过滤器在 Magnolia 过滤器链之前或在 Magnolia 过滤器链内部执行。要实现后者,请在 Magnolia 的 AdminCentral 中的 config:/server/filters 下定义您的过滤器...在 ContextFilter 和 CacheFilter 之前的任何地方都可以。使用那里的其他过滤器作为示例,了解如何配置您的过滤器或查看 here 或 here。
HTH,
一月
【讨论】:
以上是关于Magnolia CMS 与 Blossom + spring 安全性的主要内容,如果未能解决你的问题,请参考以下文章
Magnolia CMS 中的 RichText 正在更改 HTML 文本
Magnolia Blossom : 两个页面共享同一个区域
从另一个 Magnolia 模块访问 Spring 服务(不使用 Spring Blossom)
如何在 Magnolia Blossom 中进行 AJAX 调用?