×
首页编程设计正文

我正在关注这篇文章以在我的 GAE 项目中实现 spring 安全性 http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/

我无法让它工作,我配置为 protected URL 没有得到保护,应用程序没有将我重定向到谷歌登录页面。这是我的 web.xml 和 security-config.xml。请帮忙,因为我已经花了很多时间在这上面。我认为有一些我无法捕捉到的小问题。

web.xml

    <context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
        /WEB-INF/security-config.xml 
    </param-value> 
</context-param> 
 
<!-- Enables Spring Security --> 
<filter> 
    <filter-name>authenticationFilter</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
 
<!-- Reads request input using UTF-8 encoding --> 
<filter> 
    <filter-name>characterEncodingFilter</filter-name> 
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
    <init-param> 
        <param-name>encoding</param-name> 
        <param-value>UTF-8</param-value> 
    </init-param> 
    <init-param> 
        <param-name>forceEncoding</param-name> 
        <param-value>true</param-value> 
    </init-param> 
</filter> 
 
<filter-mapping> 
    <filter-name>authenticationFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
 
<filter-mapping> 
    <filter-name>characterEncodingFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
 
<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 
 
<servlet> 
    <servlet-name>controller</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
 
<servlet-mapping> 
    <servlet-name>controller</servlet-name> 
    <url-pattern>/</url-pattern> 
</servlet-mapping>

安全配置.xml

   <beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:security="http://www.springframework.org/schema/security" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
   http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
 
<security:http pattern="/static/**" security="none" /> 
<security:http pattern="/favicon.ico" security="none" /> 
 
<security:http use-expressions="true" entry-point-ref="entryPoint" 
    access-denied-page="/"> 
    <security:intercept-url pattern="/" access="isAuthenticated()" /> 
    <security:intercept-url pattern="/sample" 
        access="isAuthenticated()" /> 
    <security:custom-filter position="PRE_AUTH_FILTER" 
        ref="authenticationFilter" /> 
</security:http> 
 
<bean id="entryPoint" 
    class="com.generic.gae.security.GoogleAccountsAuthenticationEntryPoint" /> 
 
<bean id="authenticationFilter" class="com.generic.gae.security.GaeAuthenticationFilter"> 
    <property name="authenticationManager" ref="authenticationManager" /> 
</bean> 
 
<security:authentication-manager alias="authenticationManager"> 
    <security:authentication-provider 
        ref="authenticationProvider" /> 
</security:authentication-manager> 
 
<bean id="authenticationProvider" 
    class="com.generic.gae.security.GoogleAccountsAuthenticationProvider" />

谢谢

请您参考如下方法:

authenticationFilter 在 security-config.xml 中定义的不是您在 web.xml 中使用的那个。默认情况下,Spring Security 为您提供名称为 springSecurityFilterChain 的过滤器 bean。所以你在 web.xml 中的过滤器声明应该是:

    <filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
 
... 
 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

参见第 2.2 节 Security Namespace Configuration


评论关闭
IT干货网
IT干货网 Spring

微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!