내 파일 업로드 기능에 대한 액세스를 제한하고 싶습니다. 보안 파일에 intercept url을 썼지 만 Spring Security는이 URL을 매핑하지 않습니다. 3.0.3 버전의 스프링 보안을 사용합니다. 이 내 XML 파일은 다음과 같습니다스프링 보안 매핑
security.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:global-method-security secured-annotations="enabled" />
<http auto-config="true" use-expressions="true" access-denied-page="/forbidden.jsp">
<intercept-url pattern="/files/**"/>
<intercept-url pattern="/resources/**" filters="none"/>
<form-login login-page="/login.htm"
authentication-failure-url = "/login.htm?login_error=1"
default-target-url="/forbidden.htm"/>
<logout logout-success-url="/login.htm" />
<anonymous username="guest" granted-authority="ROLE_ANONYMOUS" />
<remember-me />
</http>
<beans:bean id="accountService" name="accountService" class="com.demo.service.impl.AccountServiceImpl" />
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="accountService"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="accountService" />
</authentication-manager>
</beans:beans>
dispatcher-servlet.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
<mvc:annotation-driven />
<context:component-scan base-package="com.demo"/>
<mvc:resources mapping="/resources/**" location="/resources/" />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/"
p:suffix=".jsp" />
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver"/>
</beans>
web.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/application-dao.xml
/WEB-INF/applicationContext.xml
/WEB-INF/security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
좋은 대답을 누락, 그것은 주목해야한다 그의 설정에서 오는 경우 액세스 속성을 추가하는 것은 현재 제한이 없으므로 액세스를 제한하는 것과 같습니다. 또한 표준 접근 방식은 기본적으로 영역에 대한 액세스를 제한 한 다음 필요한 경우에만 액세스 권한을 부여하는 것입니다. – Carsten
좋은 의견, 의견을 주셔서 감사합니다. –
해결책을 주셔서 감사합니다. @Maksim Kolesnikov. 이 솔루션을 시도하고 보안이 작동하기 시작했습니다. –