Spring Security 4.2 不工作

Posted 2023-02-27

【中文标题】Spring Security 4.2 不工作

【英文标题】：Spring Security 4.2 isn't working

【发布时间】：2017-04-14 17:10:52

【问题描述】：

我被困住了。我不明白为什么这件事不起作用。 我使用 Spring-Core 4.3.4.RELEASE 和 Spring-security 4.2.0.RELEASE 我正在尝试实现基本的 http 身份验证。但似乎我做错了什么......因为我不知道如何让它发挥作用。

主要问题是 spring security 不过滤任何东西，并且允许每个人访问我的 REST 控制器。

我尝试过使用“/”、“/*”、“/**”，但没有任何变化 我也尝试将“访问”参数更改为 hasRole('ROLE_NAME') 但没有任何变化

这是我的代码。

我的 web.xml

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
     http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
     version="3.1">
<display-name>Voting System</display-name>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:spring/spring-app.xml
        classpath:spring/spring-db.xml
    </param-value>
</context-param>

<!-- Spring MVC -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
    <servlet-name>mvc-dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring/spring-mvc.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>encodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>encodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/**</url-pattern>
</filter-mapping>

我的 spring-app.xml

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:context="http://www.springframework.org/schema/context"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
   http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

<import resource="spring-tools.xml"/>
<import resource="spring-security.xml"/>

<context:annotation-config/>

<context:component-scan base-package="ru.emitrohin.**.service"/>

我的 spring-security.xml

<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://www.springframework.org/schema/security"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">

<http use-expressions="true" create-session="stateless">
    <http-basic/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>
    <csrf disabled="true"/>
</http>

<authentication-manager>
    <authentication-provider user-service-ref="userService">

    </authentication-provider>
</authentication-manager>

我的用户服务类

@Service("userService")
 public class UserServiceImpl implements UserService, UserDetailsService 

private UserRepository repository;

@Autowired
public UserServiceImpl(UserRepository repository) 
    this.repository = repository;


@Override
@CacheEvict(value = "users", allEntries = true)
public User save(User user) 
    Assert.notNull(user, "user must not be null");
    return repository.save(user);


@Override
public void delete(int id) 
    ExceptionUtil.checkNotFoundWithId(repository.delete(id), id);


@Override
public User get(int id) 
    return ExceptionUtil.checkNotFoundWithId(repository.get(id), id);


@CacheEvict(value = "users", allEntries = true)
@Override
public void update(User user) 
    Assert.notNull(user, "user must not be null");
    /*user.setPassword(PasswordUtil.encode(user.getPassword()));
    user.setEmail(user.getEmail().toLowerCase());*/
    repository.save(user);


@Cacheable("users")
@Override
public List<User> getAll() 
    return repository.getAll();


@CacheEvict(value = "users", allEntries = true)
@Transactional
public void enable(int id, boolean enabled) 
    User user = get(id);
    user.setEnabled(enabled);
    repository.save(user);


@CacheEvict(value = "users", allEntries = true)
@Override
public void evictCache() 


@Override
public AuthorizedUser loadUserByUsername(String login) throws UsernameNotFoundException 
    User user = repository.findByLogin(login);
    if (user == null) 
        throw new UsernameNotFoundException("User is not found");
    
    AuthorizedUser a = new AuthorizedUser(user);
    return a;

我的 pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://maven.apache.org/POM/4.0.0"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0       http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>xxxx</groupId>
<artifactId>xxx</artifactId>
<packaging>war</packaging>

<version>1.0-SNAPSHOT</version>


<properties>
    <java.version>1.8</java.version>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

    <tomcat.version>8.0.33</tomcat.version>
    <spring.version>4.3.4.RELEASE</spring.version>
    <spring-security.version>4.2.0.RELEASE</spring-security.version>
    <spring-data-jpa.version>1.10.4.RELEASE</spring-data-jpa.version>

    <!-- Logging -->
    <logback.version>1.1.7</logback.version>
    <slf4j.version>1.7.21</slf4j.version>

    <!--DB-->
    <postgresql.version>9.4.1211</postgresql.version>

    <!--Tests-->
    <junit.version>4.12</junit.version>

    <!-- Hibernate -->
    <hibernate.version>5.2.4.Final</hibernate.version>
    <hibernate-validator.version>5.3.2.Final</hibernate-validator.version>

    <!--Tools-->
    <ehcache.version>2.10.3</ehcache.version>

</properties>

<build>
    <finalName>RestaurantVotingSystem</finalName>
    <defaultGoal>package</defaultGoal>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>3.1</version>
            <configuration>
                <source>$java.version</source>
                <target>$java.version</target>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-surefire-plugin</artifactId>
            <version>2.19.1</version>
            <configuration>
                <argLine>-Dfile.encoding=UTF-8</argLine>
            </configuration>
        </plugin>

        <!--  http://***.com/questions/4305935/is-it-possible-to-supply-tomcat6s-context-xml-file-via-the-maven-cargo-plugin#4417945 -->
        <plugin>
            <groupId>org.codehaus.cargo</groupId>
            <artifactId>cargo-maven2-plugin</artifactId>
            <version>1.5.0</version>
            <configuration>
                <container>
                    <containerId>tomcat8x</containerId>
                    <systemProperties>
                        <file.encoding>UTF-8</file.encoding>
                        <spring.profiles.active>tomcat,datajpa</spring.profiles.active>
                    </systemProperties>
                    <dependencies>
                        <dependency>
                            <groupId>org.postgresql</groupId>
                            <artifactId>postgresql</artifactId>
                        </dependency>
                    </dependencies>
                </container>
                <configuration>
                    <configfiles>
                        <configfile>
                            <file>src/main/resources/tomcat/context.xml</file>
                            <todir>conf/Catalina/localhost/</todir>
                            <tofile>context.xml.default</tofile>
                        </configfile>
                    </configfiles>
                </configuration>
                <deployables>
                    <deployable>
                        <groupId>ru.emitrohin</groupId>
                        <artifactId>RestaurantVotingSystem</artifactId>
                        <type>war</type>
                        <properties>
                            <context>$project.build.finalName</context>
                        </properties>
                    </deployable>
                </deployables>
            </configuration>
        </plugin>
    </plugins>
</build>

<dependencies>

    <!-- Logging with SLF4J & LogBack -->

    <dependency>
        <groupId>ch.qos.logback</groupId>
        <artifactId>logback-classic</artifactId>
        <version>$logback.version</version>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>jcl-over-slf4j</artifactId>
        <version>$slf4j.version</version>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>ch.qos.logback</groupId>
        <artifactId>logback-classic</artifactId>
        <version>$logback.version</version>
        <scope>runtime</scope>
    </dependency>

    <!-- Spring -->
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context-support</artifactId>
        <version>$spring.version</version>
        <exclusions>
            <exclusion>
                <groupId>commons-logging</groupId>
                <artifactId>commons-logging</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <dependency>
        <groupId>org.springframework.data</groupId>
        <artifactId>spring-data-jpa</artifactId>
        <version>$spring-data-jpa.version</version>
    </dependency>

    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-webmvc</artifactId>
        <version>$spring.version</version>
        <exclusions>
            <exclusion>
                <groupId>commons-logging</groupId>
                <artifactId>commons-logging</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <!-- spring security-->

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>$spring-security.version</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>$spring-security.version</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <version>$spring-security.version</version>
    </dependency>

    <!--hibernate-->
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
        <version>$hibernate.version</version>
    </dependency>

    <dependency>
        <groupId>javax.transaction</groupId>
        <artifactId>jta</artifactId>
        <version>1.1</version>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-validator</artifactId>
        <version>$hibernate-validator.version</version>
    </dependency>

    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-ehcache</artifactId>
        <version>$hibernate.version</version>
    </dependency>

    <dependency>
        <groupId>net.sf.ehcache</groupId>
        <artifactId>ehcache</artifactId>
        <version>$ehcache.version</version>
    </dependency>

    <!--Web-->
    <dependency>
        <groupId>org.apache.tomcat</groupId>
        <artifactId>tomcat-servlet-api</artifactId>
        <version>$tomcat.version</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>jstl</artifactId>
        <version>1.2</version>
    </dependency>

    <!--Test-->
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>$junit.version</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-test</artifactId>
        <version>$spring.version</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.mockito</groupId>
        <artifactId>mockito-core</artifactId>
        <version>2.2.21</version>
    </dependency>
    <dependency>
        <groupId>com.fasterxml.jackson.core</groupId>
        <artifactId>jackson-annotations</artifactId>
        <version>2.8.1</version>
    </dependency>
    <dependency>
        <groupId>com.fasterxml.jackson.core</groupId>
        <artifactId>jackson-databind</artifactId>
        <version>2.8.1</version>
    </dependency>
    <dependency>
        <groupId>com.fasterxml.jackson.datatype</groupId>
        <artifactId>jackson-datatype-jsr310</artifactId>
        <version>2.8.4</version>
    </dependency>
    <dependency>
        <groupId>com.fasterxml.jackson.datatype</groupId>
        <artifactId>jackson-datatype-hibernate5</artifactId>
        <version>2.8.4</version>
    </dependency>
    <dependency>
        <groupId>org.hamcrest</groupId>
        <artifactId>hamcrest-library</artifactId>
        <version>1.3</version>
        <scope>test</scope>
    </dependency>
</dependencies>


<profiles>
    <profile>
        <id>hsqldb</id>
        <dependencies>
            <dependency>
                <groupId>org.hsqldb</groupId>
                <artifactId>hsqldb</artifactId>
                <version>2.3.4</version>
            </dependency>
        </dependencies>
    </profile>
    <profile>
        <id>heroku</id>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-dependency-plugin</artifactId>
                    <version>2.10</version>
                    <executions>
                        <execution>
                            <phase>package</phase>
                            <goals>
                                <goal>copy</goal>
                            </goals>
                            <configuration>
                                <artifactItems>
                                    <artifactItem>
                                        <groupId>com.github.jsimone</groupId>
                                        <artifactId>webapp-runner</artifactId>
                                        <version>8.0.33.1</version>
                                        <destFileName>webapp-runner.jar</destFileName>
                                    </artifactItem>
                                </artifactItems>
                            </configuration>
                        </execution>
                    </executions>
                </plugin>
            </plugins>
        </build>
    </profile>
</profiles>

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-framework-bom</artifactId>
            <version>$spring.version</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

【问题讨论】：

你如何运行它，你能分享整个项目，应用程序日志中的任何内容吗？

Github.com/emitrohin/votingsystem

【参考方案1】：

我认为url-pattern 的值是错误的。它不应该是 Ant 表达式。您可能需要值 /* 而不是 /**。

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

另见What is url-pattern in web.xml。