저는 스프링 보안을 처음 사용하고있어서 문제가 있습니다. 제한 될 것으로 예상되는 페이지에 액세스하려고하면 요청 된 페이지가 표시되고, 403 페이지도 아니고 로그인 페이지로 리디렉션되거나, 로그에 오류가 없으며, 스프링 보안이 전혀 구현되지 않은 것처럼 표시되지 않습니다. 단지를 테스트하기 위해,스프링 보안은 액세스를 제한하지 않습니다.
INFO: Checking whether login URL '/security/credentials' is accessible with your configuration
내가 제한된 페이지로 로그인 페이지를 변경 시도 : 응용 프로그램이 나는 봄 보안이 적어도 시작 하더군요 로그에 다음을 참조 배포
실제로 제한되어 있고 다음과 같은 결과를 얻었습니다. 적어도 시뮬레이션에서 제한적이라는 말을 들었습니다.
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<welcome-file-list>
<welcome-file>
index.html
</welcome-file>
</welcome-file-list>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>messages</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
WEB-INF/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>logLevel</param-name>
<param-value>TRACE</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
</web-app>
봄 보안 구성 파일을 내 applicationContext.xml에서 수입
의 web.xml :
INFO: Checking whether login URL '/dashboard' is accessible with your configuration
org.springframework.security.config.http.DefaultFilterChainValidator checkLoginPageIsntProtected
WARNING: Anonymous access to the login page doesn't appear to be enabled. This is almost certainly an error. Please check your configuration allows unauthenticated access to the configured login page. (Simulated access was rejected: org.springframework.security.access.AccessDeniedException: Access is denied)
나는 다음과 같은 설정이있다.
실제로 /security/**
요청에는 인증 (access="permitAll"
)가 필요 없다고 봄을 말하고있다으로
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<form-login
login-page="/security/credentials"
login-processing-url="/security/signin"
default-target-url="/dashboard"
authentication-failure-url="/security/signin_failed" />
<intercept-url pattern="/resources/**" access="permitAll"/>
<intercept-url pattern="/security/**" access="permitAll" />
<intercept-url pattern="/favicon.ico" access="permitAll"/>
<intercept-url pattern="/**" access="denyAll"/>
<logout logout-success-url="/security/signout" />
<remember-me />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="test" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
액세스하려는 제한된 페이지의 전체 URL을 제공해주십시오. – coder
내가 액세스하려고하는 페이지의 전체 URL은 mydomain/dashboard입니다. – user2805089