我是 Spring 安全的新手,正在尝试将其与现有应用程序集成。这个遗留应用程序部署在 IIS 后面的 tomcat 7 服务器中。 ISAPI 过滤器用于将请求分派(dispatch)到此 tomcat 实例。
由于我早期尝试将 spring security 集成到这个遗留应用程序中没有成功,我将一个工作的 spring security 应用程序示例(已测试)复制到 tomcat 实例并完全删除了遗留应用程序。令我惊讶的是,它仍然无法拦截安全网址。 (但是当我使用 maven tomcat 插件运行时,这个示例应用程序工作正常。),所以我想知道为什么我的应用程序不能在配置了 ISAPI 和 IIS 的 tomcat 实例中工作。
我已将转发 url 模式添加到 url worker 映射中,我可以在不先进行身份验证的情况下成功访问 protected Controller 。
请找到我的tomcat日志
Jul 06, 2016 11:32:13 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [C:\Server_APP_Location\XYZ_APP\Tomcat\7.0.30\shared\classes], exists: [false], isDirectory: [false], canRead: [false]
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'minProcessors' to '5' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxProcessors' to '300' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching 'Server/Service/Engine/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlValidation' to 'false' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 'xmlNamespaceAware' to 'false' did not find a matching property.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching 'Server/Service/Engine/Host/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching 'Server/Service/Engine/Host/Context/Logger'.
Jul 06, 2016 11:32:14 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Jul 06, 2016 11:32:14 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 575 ms
Jul 06, 2016 11:32:14 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 06, 2016 11:32:14 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.30
Jul 06, 2016 11:32:15 PM org.apache.catalina.util.SessionIdGenerator createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [158] milliseconds.
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext resourcesStart
SEVERE: Error starting static Resources
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error in resourceStart()
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error getConfigured
Jul 06, 2016 11:32:15 PM org.apache.catalina.core.StandardContext startInternal
Jul 06, 2016 11:32:15 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Server_APP_Location\XYZ_APP\Tomcat\7.0.30\webapps\someWebApplication
Jul 06, 2016 11:32:16 PM org.apache.catalina.core.ApplicationContext log
INFO: No Spring WebApplicationInitializer types detected on classpath
Jul 06, 2016 11:32:16 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
INFO ContextLoader:273 - Root WebApplicationContext: initialization started
INFO XmlWebApplicationContext:510 - Refreshing Root WebApplicationContext: startup date [Wed Jul 06 23:32:16 AEST 2016]; root of context hierarchy
INFO XmlBeanDefinitionReader:315 - Loading XML bean definitions from URL [file:/C:/Server_APP_Location/XYZ_APP/Tomcat/7.0.30/webapps/someWebApplication/WEB-INF/classes/application-context.xml]
DEBUG DefaultDocumentLoader:72 - Using JAXP provider [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
DEBUG PluggableSchemaResolver:140 - Loading schema mappings from [META-INF/spring.schemas]
DEBUG PluggableSchemaResolver:118 - Found XML schema [http://www.springframework.org/schema/security/spring-security-3.2.xsd] in classpath: org/springframework/security/config/spring-security-3.2.xsd
DEBUG BeanUtils:443 - No property editor [org.springframework.web.context.request.WebRequestInterceptorEditor] found for type org.springframework.web.context.request.WebRequestInterceptor according to 'Editor' suffix convention
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.web.servlet.handler.MappedInterceptor#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.handler.MappedInterceptor#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0'
DEBUG RequestMappingHandlerMapping:105 - Looking for request mappings in application context: Root WebApplicationContext: startup date [Wed Jul 06 23:32:16 AEST 2016]; root of context hierarchy
INFO RequestMappingHandlerMapping:185 - Mapped "{[/api/json/{id}],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public rest.demo.JsonRestObject rest.demo.RestController.getJsonRestObject(java.lang.Integer)
INFO RequestMappingHandlerMapping:185 - Mapped "{[/apiv2/json/{id}],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public rest.demo.JsonRestObject rest.demo.RestController2.getJsonResponse(java.lang.Integer)
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.format.support.FormattingConversionServiceFactoryBean#0'
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.filterChains': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.filterChainProxy': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.PortMapperImpl#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.PortResolverImpl#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.ProviderManager#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.context.NullSecurityContextRepository#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.savedrequest.NullRequestCache#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.access.vote.AffirmativeBased#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.userDetailsServiceFactory': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.web.DefaultSecurityFilterChain#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'authenticationEntryPoint': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'customRestFilter': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.security.authenticationManager': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'restAuthenticationProvider': no URL paths identified
DEBUG BNUHM:86 - Rejected bean name 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor': no URL paths identified
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.filterChains'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.filterChains'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.context.NullSecurityContextRepository#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG StandardServletEnvironment:112 - Initializing new StandardServletEnvironment
DEBUG DLBF:215 - Creating shared instance of singleton bean 'customRestFilter'
DEBUG DLBF:435 - Creating instance of bean 'customRestFilter'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'restAuthenticationProvider'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authenticationManager' to allow for resolving potential circular references
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authenticationManager'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authenticationManager'
DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0' to allow for resolving potential circular references
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.authentication.ProviderManager#0' to allow for resolving potential circular references
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#19'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name '(inner bean)#19'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#19'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'authenticationEntryPoint'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.savedrequest.NullRequestCache#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#21'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' to allow for resolving potential circular references
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#22'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#22'
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#23'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#23'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.access.vote.AffirmativeBased#0' to allow for resolving potential circular references
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG FilterSecurityInterceptor:159 - Validated configuration attributes
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
INFO DefaultSecurityFilterChain:28 - Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@3ba71e33, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@58afc4dd, rest.demo.CustomRestSecurityFilter@7ba5b6a7, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3c7acd5c, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@22407209, org.springframework.security.web.access.ExceptionTranslationFilter@34febe70, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4088c63e]
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.filterChains'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.filterChains'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.filterChainProxy'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.filterChainProxy'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.filterChains'
DEBUG StandardEnvironment:116 - Initialized StandardEnvironment with PropertySources [systemProperties,systemEnvironment]
DEBUG BeanUtils:443 - No property editor [org.springframework.security.web.SecurityFilterChainEditor] found for type org.springframework.security.web.SecurityFilterChain according to 'Editor' suffix convention
DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.filterChainProxy' to allow for resolving potential circular references
DEBUG DLBF:435 - Creating instance of bean '(inner bean)#26'
DEBUG DLBF:463 - Finished creating instance of bean '(inner bean)#26'
DEBUG DLBF:1531 - Invoking afterPropertiesSet() on bean with name 'org.springframework.security.filterChainProxy'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.filterChainProxy'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.PortMapperImpl#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.PortResolverImpl#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.PortResolverImpl#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.PortResolverImpl#0' to allow for resolving potential circular references
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.PortMapperImpl#0'
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.PortResolverImpl#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.ProviderManager#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.context.NullSecurityContextRepository#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.savedrequest.NullRequestCache#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.access.vote.AffirmativeBased#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.AnonymousAuthenticationProvider#0'
DEBUG DLBF:215 - Creating shared instance of singleton bean 'org.springframework.security.userDetailsServiceFactory'
DEBUG DLBF:435 - Creating instance of bean 'org.springframework.security.userDetailsServiceFactory'
DEBUG DLBF:509 - Eagerly caching bean 'org.springframework.security.userDetailsServiceFactory' to allow for resolving potential circular references
DEBUG DLBF:463 - Finished creating instance of bean 'org.springframework.security.userDetailsServiceFactory'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'authenticationEntryPoint'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'customRestFilter'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'restAuthenticationProvider'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor'
DEBUG XmlWebApplicationContext:858 - Unable to locate LifecycleProcessor with name 'lifecycleProcessor': using default [org.springframework.context.support.DefaultLifecycleProcessor@3b6ecdb3]
DEBUG ContextLoader:308 - Published root WebApplicationContext as ServletContext attribute with name [org.springframework.web.context.WebApplicationContext.ROOT]
INFO ContextLoader:313 - Root WebApplicationContext: initialization completed in 2371 ms
DEBUG StandardServletEnvironment:116 - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG DelegatingFilterProxy:172 - Initializing filter 'springSecurityFilterChain'
DEBUG DLBF:246 - Returning cached instance of singleton bean 'org.springframework.security.filterChainProxy'
当我点击 restful Controller 时,我可以看到以下日志,
DEBUG DispatcherServlet:823 - DispatcherServlet with name 'RestFulServlet' processing GET request for [/retail/online/api/json/1]
DEBUG RequestMappingHandlerMapping:226 - Looking up handler method for path /api/json/1
DEBUG RequestMappingHandlerMapping:233 - Returning handler method [public rest.demo.JsonRestObject rest.demo.RestController.getJsonRestObject(java.lang.Integer)]
DEBUG DefaultListableBeanFactory:246 - Returning cached instance of singleton bean 'restController'
DEBUG DispatcherServlet:912 - Last-Modified value for [/retail/online/api/json/1] is: -1
DEBUG RequestResponseBodyMethodProcessor:150 - Written [rest.demo.JsonRestObject@1493b4f0] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJacksonHttpMessageConverter@6d4c031d]
DEBUG DispatcherServlet:999 - Null ModelAndView returned to DispatcherServlet with name 'RestFulServlet': assuming HandlerAdapter completed request handling
DEBUG DispatcherServlet:966 - Successfully completed request
Web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:application-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>RestFulServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RestFulServlet</servlet-name>
<url-pattern>/online/*</url-pattern>
</servlet-mapping>
应用上下文
<context:component-scan base-package="rest.demo" />
<mvc:annotation-driven />
<security:http create-session="stateless" entry-point-ref="authenticationEntryPoint" authentication-manager-ref="authenticationManager">
<security:custom-filter ref="customRestFilter" position="BASIC_AUTH_FILTER" />
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="Username: jack Password: jill" />
</bean>
<bean id="customRestFilter" class="rest.demo.CustomRestSecurityFilter">
<constructor-arg name="authenticationManager" ref="authenticationManager" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="restAuthenticationProvider" />
</security:authentication-manager>
<bean id="restAuthenticationProvider" class="rest.demo.RestAuthenticationProvider" />
我正在运行 spring security 和框架版本 3.2.2。
最佳答案
这个问题的原因是因为进入 tomcat 的请求被另一个 web 应用程序转发到我试图实现 spring security 的应用程序,如下所示
RequestDispatcher dispatcher = context.getRequestDispatcher(uri);
dispatcher.forward(req, rsp);
所以我所要做的就是将调度程序标志添加到 spring 安全过滤器
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
因此,如果您遇到类似问题,请确保如何将请求分派(dispatch)到您的应用程序。
关于在使用 IIS ISAPI 配置的 Tomcat 中,Spring 安全性不会拦截 URL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38226834/