0
내 응용 프로그램에 스프링 보안을 구현하려고하는데 로그에 보안을 인식하지만 내가 설정 한 규칙을 적용하지 않는다는 메시지가 있습니다. 내 login.xhtml도 login 메소드를 호출하지만 올바로 반환하지 않으므로 내 구성에서 무언가를 놓쳤다 고 추측 할 수는 있지만 찾을 수는 없습니다. 미리 감사드립니다.스프링 보안 구성 문제
나는이 여러 번 요청되었습니다하지만 난 여기에
내 설정 파일 (부분이다 예를 일치 광산을 말할 수있는 지금까지 여러 가지 예제를 이제 몇 일 동안 고개 것을 알고있다)
스프링 security.xml
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_ADMIN"/>
<form-login login-processing-url="/j_spring_security_check"
login-page="/views/login.xhtml"
default-target-url="/views/index.xhtml"
authentication-failure-url="/views/error.xhtml" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="dummy" password="dummy" authorities="ROLE_DUMMY"/>
<user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
web.xml의
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/META-INF/spring/applicationContext.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
server.log에
19:48:45,028 INFO [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization started
19:48:45,058 INFO [org.springframework.web.context.support.XmlWebApplicationContext] (ServerService Thread Pool -- 460) Refreshing Root WebApplicationContext: startup date [Tue Aug 20 19:48:45 PDT 2013]; root of context hierarchy
19:48:45,081 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from class path resource [META-INF/spring/applicationContext.xml]
19:48:45,152 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (ServerService Thread Pool -- 460) Loading XML bean definitions from ServletContext resource [/WEB-INF/spring-security.xml]
19:48:45,162 INFO [org.springframework.security.core.SpringSecurityCoreVersion] (ServerService Thread Pool -- 460) You are running with Spring Security Core 3.1.4.RELEASE
19:48:45,163 INFO [org.springframework.security.config.SecurityNamespaceHandler] (ServerService Thread Pool -- 460) Spring Security 'config' module version is 3.1.4.RELEASE
19:48:45,187 INFO [org.springframework.security.config.http.HttpSecurityBeanDefinitionParser] (ServerService Thread Pool -- 460) Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 800, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1900, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2000]
19:48:45,258 INFO [org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor] (ServerService Thread Pool -- 460) JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
19:48:45,282 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] (ServerService Thread Pool -- 460) Pre-instantiating singletons in org.s[email protected]23c50d4e: defining beans [dataSource,entityManager,entityManagerFactory,distroStoreConverter,distroStaffBean,distroStoreBean,distroTastingBean,editDistroStaffBean,editDistroStoreBean,editDistroTastingBean,loginBean,newDistroStoreBean,newDistroTastingBean,scheduleBean,staffDaoImpl,storeDaoImpl,tastingDaoImp,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,jpaPropertyMap,hibernateVendor,transactionManager,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.provisioning.InMemoryUserDetailsManager#0,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,org.springframework.context.annotation.ConfigurationClassPostProcessor$ImportAwareBeanPostProcessor#0]; root of factory hierarchy
19:48:45,292 INFO [org.springframework.jdbc.datasource.DriverManagerDataSource] (ServerService Thread Pool -- 460) Loaded JDBC driver: org.postgresql.Driver
19:48:45,331 INFO [org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean] (ServerService Thread Pool -- 460) Building JPA container EntityManagerFactory for persistence unit 'default'
19:48:46,047 INFO [org.springframework.security.web.DefaultSecurityFilterChain] (ServerService Thread Pool -- 460) Creating filter chain: [email protected], [org.spring[email protected]5151d7c2, org.[email protected]542c2b43, org.springframework.s[email protected]1fcc66e1, org.springfram[email protected]24764e16, org.sp[email protected]5300990d, org.springframework.[email protected]4c404f0d, org.springfram[email protected]12060597, o[email protected]495905bf, org[email protected]73886437, org.springfr[email protected]7f6b9222]
19:48:46,055 INFO [org.springframework.security.config.http.DefaultFilterChainValidator] (ServerService Thread Pool -- 460) Checking whether login URL '/views/login.xhtml' is accessible with your configuration
19:48:46,062 INFO [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 460) Root WebApplicationContext: initialization completed in 1034 ms
19:48:46,064 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Initializing Mojarra 2.1.19-jbossorg-1 20130304-0420 for context '/LuxuryLiquor'
19:48:46,575 INFO [javax.enterprise.resource.webcontainer.jsf.config] (ServerService Thread Pool -- 460) Monitoring jndi:/default-host/LuxuryLiquor/WEB-INF/faces-config.xml for modifications
19:48:47,591 INFO [org.jboss.as.server] (management-handler-thread - 16) JBAS018562: Redeployed "LuxuryLiquor.war"
19:48:47,592 INFO [org.jboss.as.server] (management-handler-thread - 16) JBAS018565: Replaced deployment "LuxuryLiquor.war" with deployment "LuxuryLiquor.war"
19:48:47,596 INFO [org.jboss.as.repository] (management-handler-thread - 16) JBAS014901: Content removed from location C:\Program Files\jboss-eap-6.1\standalone\data\content\8f\21f2c1f876b95cd37a0207b0fb9148ce3e00b0\content
login.xhtml
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui" style="background: black;">
<h:head>
<meta />
<h:outputStylesheet library="css" name="screen.css" />
<title>Login</title>
</h:head>
<h:body>
<div id="container">
<div id="content">
<div class="stores-position">
<h1>Login</h1>
<h:form id="loginForm">
<p:panelGrid>
<p:row>
<p:column>
<h:outputLabel value="Username" />
</p:column>
<p:column>
<h:inputText id="j_username" value="#{loginBean.username}" required="true" />
</p:column>
</p:row>
<p:row>
<p:column>
<h:outputLabel value="Password" />
</p:column>
<p:column>
<h:inputSecret id="j_password" value="#{loginBean.password}" required="true" />
</p:column>
</p:row>
</p:panelGrid>
<p:commandButton id="login" type="submit"
action="#{loginBean.doLogin}" value="Login" />
</h:form>
</div>
</div>
<div id="aside">
<h:graphicImage value="/resources/gfx/LL_logo-1-1.jpg" />
</div>
<div id="footer" />
</div>
</h:body>
</html>
그게 전부 였어! 나는 철자법 오류나 작게 생각할 것이라고 생각했습니다. 링크를 포함 해 주셔서 감사합니다. 지금 내 CSS를 차단 해제하는 방법을 알아야합니다. – Chris