具有 Spring Security 的 Sitemesh 不会重定向到目标 url
我正在将 spring security 与我使用 sitemesh 的 Web 项目集成。我可以打开登录页面,但经过身份验证后,它不会重定向到目标网址。
下面是我的 web 项目中的 web.xml。
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext-persistance.xml
classpath*:applicationContext.xml
classpath:spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!--
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/*.app</url-pattern>
</servlet-mapping>
-->
<!-- <servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/index.html</url-pattern>
</servlet-mapping>
-->
<!-- Sitemesh -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>
com.opensymphony.module.sitemesh.filter.PageFilter
</filter-class>
</filter>
<!-- <filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping> -->
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--<welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list>-- >
</web-app>
以下是来自 AppSecurity 项目的 spring-security.xml。
<security:http auto-config="true" use-expressions="true">
<security:form-login login-page="/login"
default-target-url="/index.html" always-use-default-target="true"
authentication-failure-url="/loginfailed"
authentication-success-handler-ref="postSuccessAuthHandler" />
<security:logout invalidate-session="true" logout-success-url="/app" />
<!-- <security:remember-me /> -->
<security:intercept-url pattern="/app" access="isAuthenticated()" />
<security:intercept-url pattern="/app/**" access="isAuthenticated()" />
<!-- <security:intercept-url pattern="/acct/app"
access="isAuthenticated()" /> -->
</security:http>
<!--<bean id="postSuccessAuthHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthentication SuccessHandler">
<property name="defaultTargetUrl" value="/index.html" />-->
我的 Loginpage.jsp 位于 webapp\WEB-INF\views 中,它由 sitemesh 装饰 -
<div id="mainNav"><div class="navWrapper">
<ul>
<li class="${fn:startsWith(menuPath, 'M')? 'selected':'first'}"><a
href="${pageContext.request.contextPath}/index.html"><spring:message
code="mnu.home" /></a></li>
LoginController.java 处理此问题 -
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "loginpage";
}
所以这里的问题是访问 url - http://localhost:8080/acct/app,显示登录页面。身份验证成功后,它会尝试重定向到 http://localhost:8080/acct/app。不知道为什么会发生这种情况,而不是像 default-target-url 中提到的那样发生在 /index.html 上。
tomcat 的日志行显示 -
DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'appServlet' processing GET request for
[/acct/login]
DEBUG: org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping - Mapping [/login] to HandlerExecutionCh
ain with handler [com.mycomp.security.controller.LoginController@1e5348f] and 2 interceptors
DEBUG: org.springframework.web.servlet.DispatcherServlet - Last-Modified value for [/acct/login] is: -1
DEBUG: org.springframework.web.bind.annotation.support.HandlerMethodInvoker - Invoking request handler method: public java.lan
g.String com.mycomp.security.controller.LoginController.login(org.springframework.ui.ModelMap)
DEBUG: org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.JstlView: name
'loginpage'; URL [/WEB-INF/views/loginpage.jsp]] in DispatcherServlet with name 'appServlet'
DEBUG: org.springframework.web.servlet.view.JstlView - Forwarding to resource [/WEB-INF/views/loginpage.jsp] in InternalResour
ceView 'loginpage'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request
DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'appServlet' processing GET request for
[/acct/app]
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/acct/app] in DispatcherServ
let with name 'appServlet'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request
DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'appServlet' processing GET request for
[/acct/app]
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/acct/app] in DispatcherServ
let with name 'appServlet'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request
通过将 DispatcherServlet 映射更改为 / 而不是 /index.html 尝试进行大量调试。将 sitemesh 过滤器映射更改为 /* 而不是 /index.html。 如果与示例 Web 项目(没有 sitemesh)集成,相同的 AppSecurity 项目可以正常工作。 不确定我在 sitemesh 项目中缺少什么。任何帮助都会很棒。
I am integrating spring security with my web project which uses sitemesh. I am able to bring the login page but after authentication it is not redirecting to target-url.
Below is my web.xml from web project.
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext-persistance.xml
classpath*:applicationContext.xml
classpath:spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!--
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/*.app</url-pattern>
</servlet-mapping>
-->
<!-- <servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/index.html</url-pattern>
</servlet-mapping>
-->
<!-- Sitemesh -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>
com.opensymphony.module.sitemesh.filter.PageFilter
</filter-class>
</filter>
<!-- <filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping> -->
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--<welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list>-- >
</web-app>
Below is spring-security.xml from AppSecurity project.
<security:http auto-config="true" use-expressions="true">
<security:form-login login-page="/login"
default-target-url="/index.html" always-use-default-target="true"
authentication-failure-url="/loginfailed"
authentication-success-handler-ref="postSuccessAuthHandler" />
<security:logout invalidate-session="true" logout-success-url="/app" />
<!-- <security:remember-me /> -->
<security:intercept-url pattern="/app" access="isAuthenticated()" />
<security:intercept-url pattern="/app/**" access="isAuthenticated()" />
<!-- <security:intercept-url pattern="/acct/app"
access="isAuthenticated()" /> -->
</security:http>
<!--<bean id="postSuccessAuthHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthentication SuccessHandler">
<property name="defaultTargetUrl" value="/index.html" />-->
I have my loginpage.jsp is in webapp\WEB-INF\views, which is decorated by sitemesh -
<div id="mainNav"><div class="navWrapper">
<ul>
<li class="${fn:startsWith(menuPath, 'M')? 'selected':'first'}"><a
href="${pageContext.request.contextPath}/index.html"><spring:message
code="mnu.home" /></a></li>
LoginController.java which handles this is -
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "loginpage";
}
So the issue here is on accessing the url - http://localhost:8080/acct/app, it shows login page. After successful authentication it's trying to redirect to http://localhost:8080/acct/app. Not sure why it happens instead of to /index.html as mentioned in default-target-url.
Log lines from tomcat shows -
DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'appServlet' processing GET request for
[/acct/login]
DEBUG: org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping - Mapping [/login] to HandlerExecutionCh
ain with handler [com.mycomp.security.controller.LoginController@1e5348f] and 2 interceptors
DEBUG: org.springframework.web.servlet.DispatcherServlet - Last-Modified value for [/acct/login] is: -1
DEBUG: org.springframework.web.bind.annotation.support.HandlerMethodInvoker - Invoking request handler method: public java.lan
g.String com.mycomp.security.controller.LoginController.login(org.springframework.ui.ModelMap)
DEBUG: org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.JstlView: name
'loginpage'; URL [/WEB-INF/views/loginpage.jsp]] in DispatcherServlet with name 'appServlet'
DEBUG: org.springframework.web.servlet.view.JstlView - Forwarding to resource [/WEB-INF/views/loginpage.jsp] in InternalResour
ceView 'loginpage'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request
DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'appServlet' processing GET request for
[/acct/app]
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/acct/app] in DispatcherServ
let with name 'appServlet'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request
DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'appServlet' processing GET request for
[/acct/app]
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/acct/app] in DispatcherServ
let with name 'appServlet'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request
Tried debugging a lot by changing the DispatcherServlet mapping to / instead of /index.html. Changing sitemesh filter-mapping to /* instead of /index.html.
Same AppSecurity project works fine if integrated with sample web project(without sitemesh).
Not sure what i am missing here in sitemesh project. Any help would be great here.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
"default-target-url=/index.html"这将在您成功登录后重定向页面。例如,您可以重定向到
/home.html或在控制器中使用/home.do在重定向到所需页面之前执行一些逻辑。"default-target-url=/index.html"this will redirect the page after you have success login.for example you can to redirect to
/home.htmlor used/home.doin the controller to do some logic before you want to redirect to the page you want.