文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Spring重定向请求以获取资源到我的控制器,而不应该这样做

Spring重定向请求以获取资源到我的控制器,而不应该这样做
EN

Stack Overflow用户
提问于 2014-11-05 20:18:39
回答 1查看 1.5K关注 0票数 1

我正在尝试在我的项目中使用聚合物。我正在使用Spring mvc和Spring安全性。

问题是spring将所有资源显示为我的管理视图。

结构:

代码语言:javascript
复制
-- webapp
  -- WEB-INF
    -- spring
      -- springs*.xml
    -- views
      -- all*.jsp
  -- web_resources
    -- bower_components
    -- layouts

一次资源请求日志:

代码语言:javascript
复制
2014-11-05T13:04:40.360+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/web_resources**'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-11-05T13:04:40.361+0100|Info: HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-11-05T13:04:40.361+0100|Info: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@678feca. A new one will be created.
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 3 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2014-11-05T13:04:40.362+0100|Info: Request 'GET /web_resources/bower_components/core-elements/core-elements.html' doesn't match 'POST /j_spring_security_logout
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-11-05T13:04:40.363+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-11-05T13:04:40.364+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-11-05T13:04:40.364+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/admin**'
2014-11-05T13:04:40.364+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/home**'
2014-11-05T13:04:40.364+0100|Info: Secure object: FilterInvocation: URL: /web_resources/bower_components/core-elements/core-elements.html; Attributes: [permitAll]
2014-11-05T13:04:40.364+0100|Info: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS
2014-11-05T13:04:40.364+0100|Info: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5ca24e29, returned: 1
2014-11-05T13:04:40.365+0100|Info: Authorization successful
2014-11-05T13:04:40.365+0100|Info: RunAsManager did not change Authentication object
2014-11-05T13:04:40.365+0100|Info: /web_resources/bower_components/core-elements/core-elements.html reached end of additional filter chain; proceeding with original chain
2014-11-05T13:04:40.365+0100|Info: DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/base/web_resources/bower_components/core-elements/core-elements.html]
2014-11-05T13:04:40.366+0100|Info: Looking up handler method for path /web_resources/bower_components/core-elements/core-elements.html
2014-11-05T13:04:40.366+0100|Info: Checking match of request : '/web_resources/bower_components/paper-elements/paper-elements.html'; against '/web_resources**'
2014-11-05T13:04:40.366+0100|Info: /web_resources/bower_components/paper-elements/paper-elements.html at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-11-05T13:04:40.366+0100|Info: Returning handler method [public org.springframework.web.servlet.ModelAndView com.base.controller.AdminController.admin()]
2014-11-05T13:04:40.366+0100|Info: Returning cached instance of singleton bean 'adminController'
2014-11-05T13:04:40.367+0100|Info: HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-11-05T13:04:40.367+0100|Info: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@678feca. A new one will be created.
2014-11-05T13:04:40.367+0100|Info: /web_resources/bower_components/paper-elements/paper-elements.html at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'

请求我的web_resources的日志(此返回mi管理视图)

代码语言:javascript
复制
2014-11-05T13:14:40.835+0100|Info: Secure object: FilterInvocation: URL: /web_resources/; Attributes: [permitAll]
2014-11-05T13:14:40.836+0100|Info: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS
2014-11-05T13:14:40.836+0100|Info: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5ca24e29, returned: 1
2014-11-05T13:14:40.837+0100|Info: Authorization successful
2014-11-05T13:14:40.837+0100|Info: RunAsManager did not change Authentication object
2014-11-05T13:14:40.837+0100|Info: /web_resources/ reached end of additional filter chain; proceeding with original chain
2014-11-05T13:14:40.838+0100|Info: DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/base/web_resources/]
2014-11-05T13:14:40.838+0100|Info: Looking up handler method for path /web_resources/
2014-11-05T13:14:40.838+0100|Info: Returning handler method [public org.springframework.web.servlet.ModelAndView com.base.controller.AdminController.admin()]
2014-11-05T13:14:40.839+0100|Info: Returning cached instance of singleton bean 'adminController'
2014-11-05T13:14:40.839+0100|Info: Last-Modified value for [/base/web_resources/] is: -1
2014-11-05T13:14:40.840+0100|Info: Rendering view [org.springframework.web.servlet.view.JstlView: name 'admin'; URL [/WEB-INF/views/admin.jsp]] in DispatcherServlet with name 'mvc-dispatcher'
2014-11-05T13:14:40.840+0100|Info: Returning cached instance of singleton bean 'requestDataValueProcessor'
2014-11-05T13:14:40.840+0100|Info: Forwarding to resource [/WEB-INF/views/admin.jsp] in InternalResourceView 'admin'

我的spring-security.xml

代码语言:javascript
复制
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-3.2.xsd">

        <http pattern="/web_resources**" security="none" />

        <http auto-config="true" use-expressions="true">

            <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
            <intercept-url pattern="/home**" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')" />
            <intercept-url pattern="/**" access="permitAll" />

            <access-denied-handler error-page="/403" />

            <form-login
                login-page="/login"
                default-target-url="/home"
                authentication-failure-url="/login?error"
                username-parameter="username"
                password-parameter="password" />

            <logout logout-success-url="/login?logout" />

            <csrf />

        </http>

        <authentication-manager>
            <authentication-provider user-service-ref="userService">
                <password-encoder hash="bcrypt" />
            </authentication-provider>
        </authentication-manager>
</beans>

我的web.xml

代码语言:javascript
复制
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <display-name>base</display-name>
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/spring/spring-mvc-dispatcher.xml
            </param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring/spring-database.xml,
            /WEB-INF/spring/spring-security.xml
        </param-value>
    </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <context-param>
        <param-name>javax.faces.CONFIG_FILES</param-name>
        <param-value>/WEB-INF/faces/faces-config.xml</param-value>
    </context-param>
</web-app>

例如,一个视图:

代码语言:javascript
复制
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<!DOCTYPE html>
<html>

    <head>
        <link rel="import" href='<c:url value="/web_resources/bower_components/core-elements/core-elements.html"></c:url>'>
        <link rel="import" href="/base/web_resources/bower_components/paper-elements/paper-elements.html">
        <link rel="import" href="/base/web_resources/layouts/app-main.html">
        <link rel="import" href="/base/web_resources/bower_components/polymer/polymer.html">
    </head>

    <body>
        <app-home></app-home>
    </body>

</html>

<polymer-element name="app-home">

    <template>
      <link rel="stylesheet" href="css/app-login.css">

      <app-main selected="Home">

            Home

      </app-main>

    </template>

    <script>
        Polymer('app-home', {

        });
    </script>

</polymer-element>

更新

管理控制器:

@控制器公共类AdminController扩展了GenericController {

代码语言:javascript
复制
@RequestMapping(name = "/admin")
public ModelAndView admin() {

    ModelAndView model = new ModelAndView(Name.VIEW_ADMIN);
    model.setViewName(Name.VIEW_ADMIN);


    return model;
}

}

如果我删除注释@Controller和@RequestMapping,并在我的dispatcher中添加以下两行,则资源将工作:

代码语言:javascript
复制
<mvc:resources mapping="/web_resources/bower_components/**" location="/web_resources/bower_components/" />
<mvc:resources mapping="/web_resources/layouts/**" location="/web_resources/layouts/" />

但是我不明白为什么我的管理员控制器会得到所有的资源请求。有人能帮我吗?

jsp
spring-mvc
spring-security
resources
EN

回答 1

Stack Overflow用户

发布于 2014-11-06 19:19:00

我的问题是

代码语言:javascript
复制
 @RequestMapping(name = "/admin").

它的错误使用,我需要将"name"更改为"value"和所有工作。

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/26757047

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档