添加 Spring Security 后,我的 Spring 应用程序停止运行

Posted

技术标签:

【中文标题】添加 Spring Security 后,我的 Spring 应用程序停止运行【英文标题】:My spring application stopped running after adding Spring Security 【发布时间】:2011-06-28 07:07:56 【问题描述】:

这个 web.xml 有问题吗?

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
         http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
     /WEB-INF/applicationContext.xml
     /WEB-INF/sec-config.xml
     /WEB-INF/idm-config.xml
     WEB-INF/ldap-config.xml
    </param-value>
  </context-param>

<display-name>KeyCard</display-name>


<context-param>
<param-name>webAppRootKey</param-name>
<param-value>KeyCardAppRoot</param-value>
</context-param>


  <context-param>
    <param-name>log4jConfigLocation</param-name>
    <param-value>/WEB-INF/log4j.properties</param-value>
  </context-param>

  <!-- Reads request input using UTF-8 encoding -->
  <filter>
    <filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
      <param-name>forceEncoding</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>characterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <listener>
    <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
  </listener>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <listener>  <!-- this is for session scoped objects -->
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
  </listener>

  <listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
  </listener>

  <!-- Handles all requests into the application -->
  <servlet>
    <servlet-name>KeyCard</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet>
    <servlet-name>tiles</servlet-name>
    <servlet-class>org.apache.tiles.web.startup.TilesServlet</servlet-class>
    <init-param>
      <param-name>
        org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
      </param-name>
      <param-value>
        /WEB-INF/tilesViewContext.xml
      </param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>KeyCard</servlet-name>
    <url-pattern>*.html</url-pattern>
  </servlet-mapping>

  <session-config>
    <session-timeout>
      120
    </session-timeout>
  </session-config>

  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>

  <!-- error-page>
    <exception-type>java.lang.Exception</exception-type>
    <location>/WEB-INF/error/error.jsp</location>
  </error-page -->

</web-app>

我得到请求的资源不可用。日志没有错误。

【问题讨论】:

当您尝试做什么时会收到该消息? WEB-INF/ldap-config 之前需要 / 吗?日志上可能没有错误,但是您是否将 org.springframework.* 记录到 INFO 或 DEBUG?安全配置有效吗?我们在这里需要更多信息。 我只是想运行我的应用程序。日志只说登录不成功,但这不是问题。我不知道安全方面可能出了什么问题。 看起来你的 spring 安全配置有问题。在此处添加 xml 可能会有所帮助。 【参考方案1】:

请把这个放在我的留言里

?xml 版本="1.0" 编码="UTF-8"?> http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http use-expressions="true" access-denied-page="/error/casfailed.html" entry-point-ref="headerAuthenticationEntryPoint">
    <intercept-url pattern="/" access="permitAll"/>
    <!-- <intercept-url pattern="/index.html" access="permitAll"/> -->
    <intercept-url pattern="/index.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/history.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/absence.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/search.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/employees.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/employee.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/contract.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/myforms.html" access="hasAnyRole('HLO','OPISK')"/>
    <intercept-url pattern="/vacationmsg.html" access="hasAnyRole('ROLE_USER')"/>
    <intercept-url pattern="/redirect.jsp" filters="none" />
    <intercept-url pattern="/error/**" filters="none" />
    <intercept-url pattern="/layout/**" filters="none" />
    <intercept-url pattern="/js/**" filters="none" />
    <intercept-url pattern="/**" access="isAuthenticated()" />

    <!-- session-management invalid-session-url="/absence.html"/ -->
    <!-- logout logout-success-url="/logout.html"/ -->
    <custom-filter ref="ssoHeaderAuthenticationFilter" before="CAS_FILTER"/> <!-- CAS_FILTER ??? -->
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="doNothingAuthenticationProvider"/>
</authentication-manager>

<beans:bean id="doNothingAuthenticationProvider" class="com.nixu.security.sso.web.DoNothingAuthenticationProvider"/>
<beans:bean id="ssoHeaderAuthenticationFilter" class="com.nixu.security.sso.web.HeaderAuthenticationFilter">
<beans:property name="groups">
    <beans:map>
      <beans:entry key="cn=lake,ou=confluence,dc=utu,dc=fi" value="ROLE_ADMIN"/>
    </beans:map>
</beans:property>
</beans:bean>
<beans:bean id="headerAuthenticationEntryPoint"
            class="com.nixu.security.sso.web.HeaderAuthenticationEntryPoint"/>

【讨论】:

【参考方案2】: 
<!--to specifically stop trouble with multiple apps on tomcat-->

<context-param>
<param-name>webAppRootKey</param-name>
<param-value>springsecuritywebapp_root</param-value>
</context-param>

在 web.xml 中添加这些行,它可能会起作用。

【讨论】:

以上是关于添加 Spring Security 后,我的 Spring 应用程序停止运行的主要内容,如果未能解决你的问题,请参考以下文章

添加 Spring Security 插件 3.1.1 后,Grails 3.2.4 应用程序不会加载

添加“spring-security-taglibs”后jsp中仍然报错:找不到spring security标签的标签库描述符

Spring:添加注册后表单上的错误按钮操作(Spring Security)

Spring cloud eureka 添加 spring-security

带有 grails 的 Spring Security 核心插件

Spring Security - 来自 JWT 的自定义主体