问题描述
在我的Web中,我需要2种URL,一种具有访问限制,而另一种没有访问限制。 这是模式:
对myApp:
- myApp / *。do <-需要授权
- myApp / public / * <-无需授权
(1)URL工作正常,但是我不知道如何为(2)实现/配置spring。 这是我对servlet映射的实际配置:
在web.xml
<servlet>
<servlet-name>myApp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>myApp</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
在context-security.xml中,我可以进行以下公共访问:
<http pattern="/public/**" security="none"/>
我试图在Web.xml中添加另一个url模式,其内容如下:
<url-pattern>/public/*</url-pattern>
但这不能正常工作,我可以使用必需的授权访问所有URL,而无需使用myApp / public / xxx.do登录。
我应该只为公共URL创建另一个servlet,还是更简单一些?
编辑:
我的context-security.xml :
<?xml version="1.0" encoding="UTF-8"?>
<!--
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Debug -->
<!--
<debug />
-->
<global-method-security pre-post-annotations="enabled" />
<!-- No securizamos los recursos públicos -->
<http pattern="/public/**" security="none"/>
<http use-expressions="true" entry-point-ref="myAppAuthenticationEntryPoint">
<intercept-url pattern="/ProcessResponseServlet" access="permitAll" />
<intercept-url pattern="/CallAuthenticationServlet" access="permitAll" />
<intercept-url pattern="/ReturnAuthenticationServlet" access="permitAll" />
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login
login-page="/login.jsp"
default-target-url="/index.jsp"
authentication-failure-url="/login.jsp?login_error"
/>
<logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID"/>
<remember-me />
</http>
<!-- myApp authentication entry point -->
<beans:bean id="myAppAuthenticationEntryPoint"
class="com.home.myApp.webapp.security.myAppAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp" />
</beans:bean>
<!-- Autenticación de pruebas-->
<authentication-manager>
<authentication-provider ref="mockProvider">
</authentication-provider>
</authentication-manager>
<beans:bean id="mockProvider" class="com.home.myApp.webapp.security.MockAuthenticationProvider" >
</beans:bean>
1楼
您应该使用Spring安全性。 1.添加到您的web.xml Spring Security过滤器(例如)
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/dispatcher.xml
/WEB-INF/context-security.xml
</param-value>
</context-param>
添加到您的context-security.xml
<http auto-config='true' use-expressions="true"> <intercept-url pattern="/public/**" access="permitAll"/> <intercept-url pattern="/res/**" access="permitAll"/> <intercept-url pattern="/*.do" access="isAuthenticated()"/> </http>