Ich habe ein komplett funktionierendes Projekt und möchte Sicherheit hinzufügen. Nach dem Hinzufügen von DelegatingFilterProxy zu web.xml funktioniert es nicht. Hier ist es:Warum funktioniert mein Spring-Projekt nach dem Hinzufügen eines Filters nicht?
Alle meine Feder-Sicherheits-Abhängigkeiten sind der Version 4.1.0.RELEASE. Ich kann in meinen Protokollen sehen, dass der Filter geladen wurde, aber es wird kein Fehler angezeigt, daher muss ich herausfinden, warum die Webseite nicht geladen wird. Hier ist meine securityContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="testuser" authorities="ROLE_SUPERADMIN" password="password"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/**" access="denyAll"/>
<security:intercept-url pattern="/test" access="permitAll"/>
<security:form-login />
</security:http>
Diese meine Protokolle sind:
2016-06-28 18:59:40 INFO ContextLoader:305 - Root WebApplicationContext: initialization started
2016-06-28 18:59:41 INFO XmlWebApplicationContext:578 - Refreshing Root WebApplicationContext: startup date [Tue Jun 28 18:59:41 CEST 2016]; root of context hierarchy
2016-06-28 18:59:41 INFO XmlBeanDefinitionReader:317 - Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/applicationContext.xml]
2016-06-28 18:59:41 INFO XmlBeanDefinitionReader:317 - Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/securityContext.xml]
2016-06-28 18:59:41 INFO SpringSecurityCoreVersion:74 - You are running with Spring Security Core 4.1.0.RELEASE
2016-06-28 18:59:41 INFO SecurityNamespaceHandler:78 - Spring Security 'config' module version is 4.1.0.RELEASE
2016-06-28 18:59:41 INFO FilterInvocationSecurityMetadataSourceParser:173 - Creating access control expression attribute 'denyAll' for /**
2016-06-28 18:59:41 INFO FilterInvocationSecurityMetadataSourceParser:173 - Creating access control expression attribute 'permitAll' for /test
2016-06-28 18:59:41 INFO AuthenticationConfigBuilder:539 - No login page configured. The default internal one will be used. Use the 'login-page' attribute to set the URL of the login page.
2016-06-28 18:59:41 INFO HttpSecurityBeanDefinitionParser:306 - Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, Root bean: class [org.springframework.security.web.header.HeaderWriterFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 500, Root bean: class [org.springframework.security.web.csrf.CsrfFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 600, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 700, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 1100, Root bean: class [org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1500, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1600, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2000, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2100, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2200, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2300]
2016-06-28 18:59:42 INFO Version:66 - HCANN000001: Hibernate Commons Annotations {4.0.5.Final}
2016-06-28 18:59:42 INFO Version:54 - HHH000412: Hibernate Core {4.3.11.Final}
2016-06-28 18:59:42 INFO Environment:239 - HHH000206: hibernate.properties not found
2016-06-28 18:59:42 INFO Environment:346 - HHH000021: Bytecode provider name : javassist
2016-06-28 18:59:43 INFO Dialect:145 - HHH000400: Using dialect: org.hibernate.dialect.MySQLDialect
2016-06-28 18:59:43 INFO LobCreatorBuilder:97 - HHH000423: Disabling contextual LOB creation as JDBC driver reported JDBC version [3] less than 4
2016-06-28 18:59:43 INFO TransactionFactoryInitiator:62 - HHH000399: Using default transaction strategy (direct JDBC transactions)
2016-06-28 18:59:43 INFO ASTQueryTranslatorFactory:47 - HHH000397: Using ASTQueryTranslatorFactory
2016-06-28 18:59:43 INFO Version:30 - HV000001: Hibernate Validator 5.2.4.Final
2016-06-28 18:59:44 INFO DefaultSecurityFilterChain:43 - Creating filter chain: Ant [pattern='/'], []
2016-06-28 18:59:44 INFO DefaultSecurityFilterChain:43 - Creating filter chain: [email protected]1, [org.spring[email protected]4e8f2204, org.springframework.secu[email protected]184da4ba, [email protected]dcf, [email protected], org.[email protected]57e50b8a, org.springframework.s[email protected]22781db8, org.springframework.[email protected]3886489d, org.springfram[email protected]3493e43a, org.sp[email protected]4b550079, org.springframework.[email protected]29a24176, org.springfram[email protected]23ea267f, o[email protected]8f3b40c, org[email protected]6b462ba3, org.springframework.security.web.access.intercept.FilterSecurityIntercept[email protected]]
2016-06-28 18:59:44 INFO DefaultFilterChainValidator:154 - Checking whether login URL '/login' is accessible with your configuration
2016-06-28 18:59:44 INFO ContextLoader:345 - Root WebApplicationContext: initialization completed in 4021 ms
2016-06-28 18:59:44 INFO XmlWebApplicationContext:960 - Closing Root WebApplicationContext: startup date [Tue Jun 28 18:59:41 CEST 2016]; root of context hierarchy
cze 28, 2016 6:59:45 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 6515 ms
Haben Sie den Servlet-Teil zu Ihrer web.xml hinzugefügt? http://docs.spring.io/autorepo/docs/spring-framework/4.1.x/javadoc-api/org/springframework/web/WebApplicationInitializer.html – Hannes
Wenn ich mich richtig erinnere, muss Ihr Filter eher springSecurityFilterChain genannt werden SpringSecurityFilterChain (kleingeschriebener Anfangsbuchstabe), um den Namen der von der Sicherheitskonfiguration erstellten Filter-Bean abzugleichen – kem
Worin besteht das Problem, vor dem Sie stehen? –