Spring重定向请求以获取资源到我的控制器,不应该这样做
Posted
技术标签:
【中文标题】Spring重定向请求以获取资源到我的控制器,不应该这样做【英文标题】:Spring redirect request to get resources to my controller and should not do that 【发布时间】:2015-01-01 15:15:48 【问题描述】:我正在尝试在我的项目中使用 Polymer。 我正在使用带有 Spring 安全性的 Spring mvc。
问题是 spring 将所有资源显示为我的管理视图。
结构:
-- webapp
-- WEB-INF
-- spring
-- springs*.xml
-- views
-- all*.jsp
-- web_resources
-- bower_components
-- layouts
一个资源请求的日志:
2014-11-05T13:04:40.360+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/web_resources**'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-11-05T13:04:40.361+0100|Info: HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-11-05T13:04:40.361+0100|Info: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@678feca. A new one will be created.
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 3 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2014-11-05T13:04:40.362+0100|Info: Request 'GET /web_resources/bower_components/core-elements/core-elements.html' doesn't match 'POST /j_spring_security_logout
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-11-05T13:04:40.363+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-11-05T13:04:40.364+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-11-05T13:04:40.364+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/admin**'
2014-11-05T13:04:40.364+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/home**'
2014-11-05T13:04:40.364+0100|Info: Secure object: FilterInvocation: URL: /web_resources/bower_components/core-elements/core-elements.html; Attributes: [permitAll]
2014-11-05T13:04:40.364+0100|Info: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS
2014-11-05T13:04:40.364+0100|Info: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5ca24e29, returned: 1
2014-11-05T13:04:40.365+0100|Info: Authorization successful
2014-11-05T13:04:40.365+0100|Info: RunAsManager did not change Authentication object
2014-11-05T13:04:40.365+0100|Info: /web_resources/bower_components/core-elements/core-elements.html reached end of additional filter chain; proceeding with original chain
2014-11-05T13:04:40.365+0100|Info: DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/base/web_resources/bower_components/core-elements/core-elements.html]
2014-11-05T13:04:40.366+0100|Info: Looking up handler method for path /web_resources/bower_components/core-elements/core-elements.html
2014-11-05T13:04:40.366+0100|Info: Checking match of request : '/web_resources/bower_components/paper-elements/paper-elements.html'; against '/web_resources**'
2014-11-05T13:04:40.366+0100|Info: /web_resources/bower_components/paper-elements/paper-elements.html at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-11-05T13:04:40.366+0100|Info: Returning handler method [public org.springframework.web.servlet.ModelAndView com.base.controller.AdminController.admin()]
2014-11-05T13:04:40.366+0100|Info: Returning cached instance of singleton bean 'adminController'
2014-11-05T13:04:40.367+0100|Info: HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-11-05T13:04:40.367+0100|Info: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@678feca. A new one will be created.
2014-11-05T13:04:40.367+0100|Info: /web_resources/bower_components/paper-elements/paper-elements.html at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
请求我的 web_resources 的日志(此返回 mi 管理视图)
2014-11-05T13:14:40.835+0100|Info: Secure object: FilterInvocation: URL: /web_resources/; Attributes: [permitAll]
2014-11-05T13:14:40.836+0100|Info: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS
2014-11-05T13:14:40.836+0100|Info: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5ca24e29, returned: 1
2014-11-05T13:14:40.837+0100|Info: Authorization successful
2014-11-05T13:14:40.837+0100|Info: RunAsManager did not change Authentication object
2014-11-05T13:14:40.837+0100|Info: /web_resources/ reached end of additional filter chain; proceeding with original chain
2014-11-05T13:14:40.838+0100|Info: DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/base/web_resources/]
2014-11-05T13:14:40.838+0100|Info: Looking up handler method for path /web_resources/
2014-11-05T13:14:40.838+0100|Info: Returning handler method [public org.springframework.web.servlet.ModelAndView com.base.controller.AdminController.admin()]
2014-11-05T13:14:40.839+0100|Info: Returning cached instance of singleton bean 'adminController'
2014-11-05T13:14:40.839+0100|Info: Last-Modified value for [/base/web_resources/] is: -1
2014-11-05T13:14:40.840+0100|Info: Rendering view [org.springframework.web.servlet.view.JstlView: name 'admin'; URL [/WEB-INF/views/admin.jsp]] in DispatcherServlet with name 'mvc-dispatcher'
2014-11-05T13:14:40.840+0100|Info: Returning cached instance of singleton bean 'requestDataValueProcessor'
2014-11-05T13:14:40.840+0100|Info: Forwarding to resource [/WEB-INF/views/admin.jsp] in InternalResourceView 'admin'
我的 spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http pattern="/web_resources**" security="none" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/home**" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/**" access="permitAll" />
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/home"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="userService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
</beans>
我的 web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>base</display-name>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/spring-mvc-dispatcher.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/spring-database.xml,
/WEB-INF/spring/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces/faces-config.xml</param-value>
</context-param>
</web-app>
例如一个视图:
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html>
<html>
<head>
<link rel="import" href='<c:url value="/web_resources/bower_components/core-elements/core-elements.html"></c:url>'>
<link rel="import" href="/base/web_resources/bower_components/paper-elements/paper-elements.html">
<link rel="import" href="/base/web_resources/layouts/app-main.html">
<link rel="import" href="/base/web_resources/bower_components/polymer/polymer.html">
</head>
<body>
<app-home></app-home>
</body>
</html>
<polymer-element name="app-home">
<template>
<link rel="stylesheet" href="css/app-login.css">
<app-main selected="Home">
Home
</app-main>
</template>
<script>
Polymer('app-home',
);
</script>
</polymer-element>
更新
管理控制器:
@控制器 公共类 AdminController 扩展 GenericController
@RequestMapping(name = "/admin")
public ModelAndView admin()
ModelAndView model = new ModelAndView(Name.VIEW_ADMIN);
model.setViewName(Name.VIEW_ADMIN);
return model;
如果我删除注释 @Controller 和 @RequestMapping 并将这两行添加到我的调度程序中,资源就可以工作:
<mvc:resources mapping="/web_resources/bower_components/**" location="/web_resources/bower_components/" />
<mvc:resources mapping="/web_resources/layouts/**" location="/web_resources/layouts/" />
但我不明白为什么我的管理员控制器会收到所有资源请求。有人可以帮我吗?
【问题讨论】:
【参考方案1】:我的问题出在
@RequestMapping(name = "/admin").
它的错误使用,我需要将"name" 更改为"value" 并且一切正常。
【讨论】:
以上是关于Spring重定向请求以获取资源到我的控制器,不应该这样做的主要内容,如果未能解决你的问题,请参考以下文章
Grails spring security oauth2 提供者对具有正确承载令牌的资源的请求重定向到登录