添加 Spring Security 后,我的 Spring 应用程序停止运行
Posted
技术标签:
【中文标题】添加 Spring Security 后,我的 Spring 应用程序停止运行【英文标题】:My spring application stopped running after adding Spring Security 【发布时间】:2011-06-28 07:07:56 【问题描述】:这个 web.xml 有问题吗?
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/sec-config.xml
/WEB-INF/idm-config.xml
WEB-INF/ldap-config.xml
</param-value>
</context-param>
<display-name>KeyCard</display-name>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>KeyCardAppRoot</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<!-- Reads request input using UTF-8 encoding -->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener> <!-- this is for session scoped objects -->
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<!-- Handles all requests into the application -->
<servlet>
<servlet-name>KeyCard</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>tiles</servlet-name>
<servlet-class>org.apache.tiles.web.startup.TilesServlet</servlet-class>
<init-param>
<param-name>
org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
</param-name>
<param-value>
/WEB-INF/tilesViewContext.xml
</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>KeyCard</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
120
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/WEB-INF/error/error.jsp</location>
</error-page -->
</web-app>
我得到请求的资源不可用。日志没有错误。
【问题讨论】:
当您尝试做什么时会收到该消息? WEB-INF/ldap-config 之前需要 / 吗?日志上可能没有错误,但是您是否将 org.springframework.* 记录到 INFO 或 DEBUG?安全配置有效吗?我们在这里需要更多信息。 我只是想运行我的应用程序。日志只说登录不成功,但这不是问题。我不知道安全方面可能出了什么问题。 看起来你的 spring 安全配置有问题。在此处添加 xml 可能会有所帮助。 【参考方案1】:请把这个放在我的留言里
?xml 版本="1.0" 编码="UTF-8"?> http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http use-expressions="true" access-denied-page="/error/casfailed.html" entry-point-ref="headerAuthenticationEntryPoint">
<intercept-url pattern="/" access="permitAll"/>
<!-- <intercept-url pattern="/index.html" access="permitAll"/> -->
<intercept-url pattern="/index.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/history.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/absence.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/search.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/employees.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/employee.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/contract.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/myforms.html" access="hasAnyRole('HLO','OPISK')"/>
<intercept-url pattern="/vacationmsg.html" access="hasAnyRole('ROLE_USER')"/>
<intercept-url pattern="/redirect.jsp" filters="none" />
<intercept-url pattern="/error/**" filters="none" />
<intercept-url pattern="/layout/**" filters="none" />
<intercept-url pattern="/js/**" filters="none" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<!-- session-management invalid-session-url="/absence.html"/ -->
<!-- logout logout-success-url="/logout.html"/ -->
<custom-filter ref="ssoHeaderAuthenticationFilter" before="CAS_FILTER"/> <!-- CAS_FILTER ??? -->
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="doNothingAuthenticationProvider"/>
</authentication-manager>
<beans:bean id="doNothingAuthenticationProvider" class="com.nixu.security.sso.web.DoNothingAuthenticationProvider"/>
<beans:bean id="ssoHeaderAuthenticationFilter" class="com.nixu.security.sso.web.HeaderAuthenticationFilter">
<beans:property name="groups">
<beans:map>
<beans:entry key="cn=lake,ou=confluence,dc=utu,dc=fi" value="ROLE_ADMIN"/>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="headerAuthenticationEntryPoint"
class="com.nixu.security.sso.web.HeaderAuthenticationEntryPoint"/>
【讨论】:
【参考方案2】:<!--to specifically stop trouble with multiple apps on tomcat-->
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>springsecuritywebapp_root</param-value>
</context-param>
在 web.xml 中添加这些行,它可能会起作用。
【讨论】:
以上是关于添加 Spring Security 后,我的 Spring 应用程序停止运行的主要内容,如果未能解决你的问题,请参考以下文章
添加 Spring Security 插件 3.1.1 后,Grails 3.2.4 应用程序不会加载
添加“spring-security-taglibs”后jsp中仍然报错:找不到spring security标签的标签库描述符
Spring:添加注册后表单上的错误按钮操作(Spring Security)
Spring cloud eureka 添加 spring-security