Spring Security 与 Struts 的集成

发布于 2024-12-21 11:47:46 字数 7186 浏览 0 评论 0原文

我正在尝试在一个简单的应用程序中将 spring security 与 struts1.2 (使用 LDAP)集成 有applicationContext-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<s:http>
    <s:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
    <s:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
    <s:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <s:form-login />
    <s:anonymous />
    <s:logout />
</s:http>


<!-- Simple namespace-based configuration -->

<s:ldap-server ldif="classpath:users.ldif" port="33389"/>

<s:authentication-manager>
    <s:ldap-authentication-provider
        group-search-filter="member={0}"
        group-search-base="ou=groups"
        user-search-base="ou=people"
        user-search-filter="uid={0}"
    />
    <s:authentication-provider ref='secondLdapProvider' />
</s:authentication-manager>


<!-- Traditional Bean version of the same configuration -->

<!-- This bean points at the embedded directory server created by the ldap-server element above  -->
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
</bean>

<bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
        <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <constructor-arg ref="contextSource" />
            <property name="userSearch">
                <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                  <constructor-arg index="0" value="ou=people"/>
                  <constructor-arg index="1" value="(uid={0})"/>
                  <constructor-arg index="2" ref="contextSource" />
                </bean>
            </property>
        </bean>
    </constructor-arg>
    <constructor-arg>
        <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
            <constructor-arg ref="contextSource" />
            <constructor-arg value="ou=groups" />
            <property name="groupSearchFilter" value="(member={0})"/>
            <property name="rolePrefix" value="ROLE_"/>
            <property name="searchSubtree" value="true"/>
            <property name="convertToUpperCase" value="true"/>
        </bean>
    </constructor-arg>
</bean>

、struts-config.xml

<?xml version="1.0" encoding="ISO-8859-1" ?> 
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.3//EN" "http://struts.apache.org/dtds/struts-config_1_3.dtd">
 <struts-config>

<form-beans>
    <form-bean name="helloForm" type="com.form.HelloForm"/>
</form-beans>   

<action-mappings>
    <action path="/helloForm" type="com.action.HelloAction" name="helloForm">
        <forward name="success" path="/secure/helloForm.jsp" />
    </action>
</action-mappings> 
</struts-config>

和web.xml,

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<servlet>
    <servlet-name>action</servlet-name>
        <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>                   
    <init-param>
        <param-name>config</param-name>
        <param-value>/WEB-INF/struts-config.xml</param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>action</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>



<display-name>Spring Security LDAP Demo Application</display-name>

<!--
  - Location of the XML file that defines the root application context
  - Applied by ContextLoaderListener.
  -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/applicationContext-security.xml
        /WEB-INF/struts-config.xml
    </param-value>
</context-param>

<context-param>
    <param-name>webAppRootKey</param-name>
    <param-value>ldap.root</param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

<!--
  - Loads the root application context of this web app at startup.
  - The application context is then available via
  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> 
</web-app>

我的index.jsp中

<p><a href="secure/index.jsp">Secure page</a></p>
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>

所以当我尝试访问安全时 春季安全工作正常,当我成功登录但是 在安全/index.jsp 我使用

和 helloForm.jsp

<body>
<h1>
    <bean:write name="helloForm" property="message" />

</h1>
<h2>Hello and Welcome</h2>
</body>

当我运行它时

,我显示

你好和欢迎,但我无法收到消息我在 FormAction 中设置的 actionForm

public class HelloAction extends Action {

@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
        HttpServletRequest request, HttpServletResponse response)
        throws Exception {
    // TODO Auto-generated method stub

    HelloForm helloForm = new HelloForm();
    helloForm.setMessage("Welcome this is secure page");

    return mapping.findForward("success");
}
}

i am trying to integrate spring security with struts1.2 (using LDAP) in a simple application
i have applicationContext-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<s:http>
    <s:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
    <s:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
    <s:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <s:form-login />
    <s:anonymous />
    <s:logout />
</s:http>


<!-- Simple namespace-based configuration -->

<s:ldap-server ldif="classpath:users.ldif" port="33389"/>

<s:authentication-manager>
    <s:ldap-authentication-provider
        group-search-filter="member={0}"
        group-search-base="ou=groups"
        user-search-base="ou=people"
        user-search-filter="uid={0}"
    />
    <s:authentication-provider ref='secondLdapProvider' />
</s:authentication-manager>


<!-- Traditional Bean version of the same configuration -->

<!-- This bean points at the embedded directory server created by the ldap-server element above  -->
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
</bean>

<bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
        <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <constructor-arg ref="contextSource" />
            <property name="userSearch">
                <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                  <constructor-arg index="0" value="ou=people"/>
                  <constructor-arg index="1" value="(uid={0})"/>
                  <constructor-arg index="2" ref="contextSource" />
                </bean>
            </property>
        </bean>
    </constructor-arg>
    <constructor-arg>
        <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
            <constructor-arg ref="contextSource" />
            <constructor-arg value="ou=groups" />
            <property name="groupSearchFilter" value="(member={0})"/>
            <property name="rolePrefix" value="ROLE_"/>
            <property name="searchSubtree" value="true"/>
            <property name="convertToUpperCase" value="true"/>
        </bean>
    </constructor-arg>
</bean>

and struts-config.xml

<?xml version="1.0" encoding="ISO-8859-1" ?> 
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.3//EN" "http://struts.apache.org/dtds/struts-config_1_3.dtd">
 <struts-config>

<form-beans>
    <form-bean name="helloForm" type="com.form.HelloForm"/>
</form-beans>   

<action-mappings>
    <action path="/helloForm" type="com.action.HelloAction" name="helloForm">
        <forward name="success" path="/secure/helloForm.jsp" />
    </action>
</action-mappings> 
</struts-config>

and web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<servlet>
    <servlet-name>action</servlet-name>
        <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>                   
    <init-param>
        <param-name>config</param-name>
        <param-value>/WEB-INF/struts-config.xml</param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>action</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>



<display-name>Spring Security LDAP Demo Application</display-name>

<!--
  - Location of the XML file that defines the root application context
  - Applied by ContextLoaderListener.
  -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/applicationContext-security.xml
        /WEB-INF/struts-config.xml
    </param-value>
</context-param>

<context-param>
    <param-name>webAppRootKey</param-name>
    <param-value>ldap.root</param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

<!--
  - Loads the root application context of this web app at startup.
  - The application context is then available via
  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> 
</web-app>

in my index.jsp

<p><a href="secure/index.jsp">Secure page</a></p>
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>

so when i try to access secure
spring security work fine and when i login successfully but
at secure/index.jsp
i use <jsp:forward page="/helloForm.do"></jsp:forward>

and helloForm.jsp

<body>
<h1>
    <bean:write name="helloForm" property="message" />

</h1>
<h2>Hello and Welcome</h2>
</body>

when i run it

i show

hello and welcome but i can not get message of actionForm which i was set in FormAction

public class HelloAction extends Action {

@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
        HttpServletRequest request, HttpServletResponse response)
        throws Exception {
    // TODO Auto-generated method stub

    HelloForm helloForm = new HelloForm();
    helloForm.setMessage("Welcome this is secure page");

    return mapping.findForward("success");
}
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦归所梦 2024-12-28 11:47:46

您正在创建一个新的 HelloForm,设置它的值,并且绝对不对其执行任何其他操作 - 该表单将被垃圾收集并且再也不会出现。

使用传递给操作的表单,即 form 参数。将其转换为 HelloForm,填充值,然后返回转发。

You're creating a new HelloForm, setting it's value, and doing absolutely nothing else with it--the form will be garbage collected and never seen again.

Use the form passed in to the action, the form parameter. Cast it to a HelloForm, fill the value, and return the forward.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文