1. ホーム
  2. 質問と答え
  3. スプリングセキュリティ4.2が動作していません

スプリングセキュリティ4.2が動作していません

2016-11-30 5 views
0

私は立ち往生しています。なぜこのことがうまくいかないのか分かりません。 私はSpring-Core 4.3.4.RELEASEとSpring-security 4.2.0.RELEASEを使用します 私は基本的なHTTP認証を実装しようとしています。しかし、私は何か間違っているようです...私はそれを動作させる方法を理解できないので。スプリングセキュリティ4.2が動作していません

主な問題は、スプリングセキュリティは何もフィルタリングせず、誰もが自分のRESTコントローラにアクセスできることです。

私は「/」、「/ *」、「/ **」で遊んでみましたが、何も変わりません。 また、「アクセス」パラメータをhasRole( 'ROLE_NAME')に変更しようとしましたが、変更

ここに私のコードです。

私のweb.xml

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
    http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" 
    version="3.1"> 
<display-name>Voting System</display-name> 

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     classpath:spring/spring-app.xml 
     classpath:spring/spring-db.xml 
    </param-value> 
</context-param> 

<!-- Spring MVC --> 
<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 
<servlet> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>classpath:spring/spring-mvc.xml</param-value> 
    </init-param> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <url-pattern>/</url-pattern> 
</servlet-mapping> 

<filter> 
    <filter-name>encodingFilter</filter-name> 
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
    <init-param> 
     <param-name>encoding</param-name> 
     <param-value>UTF-8</param-value> 
    </init-param> 
    <init-param> 
     <param-name>forceEncoding</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 
<filter-mapping> 
    <filter-name>encodingFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<!-- Spring Security --> 
<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/**</url-pattern> 
</filter-mapping>

マイ春-app.xml

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> 

<import resource="spring-tools.xml"/> 
<import resource="spring-security.xml"/> 

<context:annotation-config/> 

<context:component-scan base-package="ru.emitrohin.**.service"/>

マイ春-のsecurity.xml

<beans:beans xmlns:beans="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns="http://www.springframework.org/schema/security" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security.xsd"> 

<http use-expressions="true" create-session="stateless"> 
    <http-basic/> 
    <intercept-url pattern="/**" access="isAuthenticated()"/> 
    <csrf disabled="true"/> 
</http> 

<authentication-manager> 
    <authentication-provider user-service-ref="userService"> 

    </authentication-provider> 
</authentication-manager>

私のユーザー・サービス・クラス

@Service("userService") 
public class UserServiceImpl implements UserService, UserDetailsService { 

private UserRepository repository; 

@Autowired 
public UserServiceImpl(UserRepository repository) { 
    this.repository = repository; 
} 

@Override 
@CacheEvict(value = "users", allEntries = true) 
public User save(User user) { 
    Assert.notNull(user, "user must not be null"); 
    return repository.save(user); 
} 

@Override 
public void delete(int id) { 
    ExceptionUtil.checkNotFoundWithId(repository.delete(id), id); 
} 

@Override 
public User get(int id) { 
    return ExceptionUtil.checkNotFoundWithId(repository.get(id), id); 
} 

@CacheEvict(value = "users", allEntries = true) 
@Override 
public void update(User user) { 
    Assert.notNull(user, "user must not be null"); 
    /*user.setPassword(PasswordUtil.encode(user.getPassword())); 
    user.setEmail(user.getEmail().toLowerCase());*/ 
    repository.save(user); 
} 

@Cacheable("users") 
@Override 
public List<User> getAll() { 
    return repository.getAll(); 
} 

@CacheEvict(value = "users", allEntries = true) 
@Transactional 
public void enable(int id, boolean enabled) { 
    User user = get(id); 
    user.setEnabled(enabled); 
    repository.save(user); 
} 

@CacheEvict(value = "users", allEntries = true) 
@Override 
public void evictCache() { 
} 

@Override 
public AuthorizedUser loadUserByUsername(String login) throws UsernameNotFoundException { 
    User user = repository.findByLogin(login); 
    if (user == null) { 
     throw new UsernameNotFoundException("User is not found"); 
    } 
    AuthorizedUser a = new AuthorizedUser(user); 
    return a; 
} 
}

私のpom.xml

<?xml version="1.0" encoding="UTF-8"?> 
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://maven.apache.org/POM/4.0.0" 
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0  http://maven.apache.org/xsd/maven-4.0.0.xsd"> 
<modelVersion>4.0.0</modelVersion> 

<groupId>xxxx</groupId> 
<artifactId>xxx</artifactId> 
<packaging>war</packaging> 

<version>1.0-SNAPSHOT</version> 


<properties> 
    <java.version>1.8</java.version> 
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> 
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> 

    <tomcat.version>8.0.33</tomcat.version> 
    <spring.version>4.3.4.RELEASE</spring.version> 
    <spring-security.version>4.2.0.RELEASE</spring-security.version> 
    <spring-data-jpa.version>1.10.4.RELEASE</spring-data-jpa.version> 

    <!-- Logging --> 
    <logback.version>1.1.7</logback.version> 
    <slf4j.version>1.7.21</slf4j.version> 

    <!--DB--> 
    <postgresql.version>9.4.1211</postgresql.version> 

    <!--Tests--> 
    <junit.version>4.12</junit.version> 

    <!-- Hibernate --> 
    <hibernate.version>5.2.4.Final</hibernate.version> 
    <hibernate-validator.version>5.3.2.Final</hibernate-validator.version> 

    <!--Tools--> 
    <ehcache.version>2.10.3</ehcache.version> 

</properties> 

<build> 
    <finalName>RestaurantVotingSystem</finalName> 
    <defaultGoal>package</defaultGoal> 
    <plugins> 
     <plugin> 
      <groupId>org.apache.maven.plugins</groupId> 
      <artifactId>maven-compiler-plugin</artifactId> 
      <version>3.1</version> 
      <configuration> 
       <source>${java.version}</source> 
       <target>${java.version}</target> 
      </configuration> 
     </plugin> 
     <plugin> 
      <groupId>org.apache.maven.plugins</groupId> 
      <artifactId>maven-surefire-plugin</artifactId> 
      <version>2.19.1</version> 
      <configuration> 
       <argLine>-Dfile.encoding=UTF-8</argLine> 
      </configuration> 
     </plugin> 

     <!-- http://stackoverflow.com/questions/4305935/is-it-possible-to-supply-tomcat6s-context-xml-file-via-the-maven-cargo-plugin#4417945 --> 
     <plugin> 
      <groupId>org.codehaus.cargo</groupId> 
      <artifactId>cargo-maven2-plugin</artifactId> 
      <version>1.5.0</version> 
      <configuration> 
       <container> 
        <containerId>tomcat8x</containerId> 
        <systemProperties> 
         <file.encoding>UTF-8</file.encoding> 
         <spring.profiles.active>tomcat,datajpa</spring.profiles.active> 
        </systemProperties> 
        <dependencies> 
         <dependency> 
          <groupId>org.postgresql</groupId> 
          <artifactId>postgresql</artifactId> 
         </dependency> 
        </dependencies> 
       </container> 
       <configuration> 
        <configfiles> 
         <configfile> 
          <file>src/main/resources/tomcat/context.xml</file> 
          <todir>conf/Catalina/localhost/</todir> 
          <tofile>context.xml.default</tofile> 
         </configfile> 
        </configfiles> 
       </configuration> 
       <deployables> 
        <deployable> 
         <groupId>ru.emitrohin</groupId> 
         <artifactId>RestaurantVotingSystem</artifactId> 
         <type>war</type> 
         <properties> 
          <context>${project.build.finalName}</context> 
         </properties> 
        </deployable> 
       </deployables> 
      </configuration> 
     </plugin> 
    </plugins> 
</build> 

<dependencies> 

    <!-- Logging with SLF4J & LogBack --> 

    <dependency> 
     <groupId>ch.qos.logback</groupId> 
     <artifactId>logback-classic</artifactId> 
     <version>${logback.version}</version> 
     <scope>runtime</scope> 
    </dependency> 

    <dependency> 
     <groupId>org.slf4j</groupId> 
     <artifactId>jcl-over-slf4j</artifactId> 
     <version>${slf4j.version}</version> 
     <scope>runtime</scope> 
    </dependency> 

    <dependency> 
     <groupId>ch.qos.logback</groupId> 
     <artifactId>logback-classic</artifactId> 
     <version>${logback.version}</version> 
     <scope>runtime</scope> 
    </dependency> 

    <!-- Spring --> 
    <dependency> 
     <groupId>org.springframework</groupId> 
     <artifactId>spring-context-support</artifactId> 
     <version>${spring.version}</version> 
     <exclusions> 
      <exclusion> 
       <groupId>commons-logging</groupId> 
       <artifactId>commons-logging</artifactId> 
      </exclusion> 
     </exclusions> 
    </dependency> 

    <dependency> 
     <groupId>org.springframework.data</groupId> 
     <artifactId>spring-data-jpa</artifactId> 
     <version>${spring-data-jpa.version}</version> 
    </dependency> 

    <dependency> 
     <groupId>org.springframework</groupId> 
     <artifactId>spring-webmvc</artifactId> 
     <version>${spring.version}</version> 
     <exclusions> 
      <exclusion> 
       <groupId>commons-logging</groupId> 
       <artifactId>commons-logging</artifactId> 
      </exclusion> 
     </exclusions> 
    </dependency> 

    <!-- spring security--> 

    <dependency> 
     <groupId>org.springframework.security</groupId> 
     <artifactId>spring-security-web</artifactId> 
     <version>${spring-security.version}</version> 
    </dependency> 

    <dependency> 
     <groupId>org.springframework.security</groupId> 
     <artifactId>spring-security-config</artifactId> 
     <version>${spring-security.version}</version> 
    </dependency> 

    <dependency> 
     <groupId>org.springframework.security</groupId> 
     <artifactId>spring-security-test</artifactId> 
     <version>${spring-security.version}</version> 
    </dependency> 

    <!--hibernate--> 
    <dependency> 
     <groupId>org.hibernate</groupId> 
     <artifactId>hibernate-core</artifactId> 
     <version>${hibernate.version}</version> 
    </dependency> 

    <dependency> 
     <groupId>javax.transaction</groupId> 
     <artifactId>jta</artifactId> 
     <version>1.1</version> 
     <scope>runtime</scope> 
    </dependency> 

    <dependency> 
     <groupId>org.hibernate</groupId> 
     <artifactId>hibernate-validator</artifactId> 
     <version>${hibernate-validator.version}</version> 
    </dependency> 

    <dependency> 
     <groupId>org.hibernate</groupId> 
     <artifactId>hibernate-ehcache</artifactId> 
     <version>${hibernate.version}</version> 
    </dependency> 

    <dependency> 
     <groupId>net.sf.ehcache</groupId> 
     <artifactId>ehcache</artifactId> 
     <version>${ehcache.version}</version> 
    </dependency> 

    <!--Web--> 
    <dependency> 
     <groupId>org.apache.tomcat</groupId> 
     <artifactId>tomcat-servlet-api</artifactId> 
     <version>${tomcat.version}</version> 
     <scope>provided</scope> 
    </dependency> 

    <dependency> 
     <groupId>javax.servlet</groupId> 
     <artifactId>jstl</artifactId> 
     <version>1.2</version> 
    </dependency> 

    <!--Test--> 
    <dependency> 
     <groupId>junit</groupId> 
     <artifactId>junit</artifactId> 
     <version>${junit.version}</version> 
     <scope>test</scope> 
    </dependency> 
    <dependency> 
     <groupId>org.springframework</groupId> 
     <artifactId>spring-test</artifactId> 
     <version>${spring.version}</version> 
     <scope>test</scope> 
    </dependency> 
    <dependency> 
     <groupId>org.mockito</groupId> 
     <artifactId>mockito-core</artifactId> 
     <version>2.2.21</version> 
    </dependency> 
    <dependency> 
     <groupId>com.fasterxml.jackson.core</groupId> 
     <artifactId>jackson-annotations</artifactId> 
     <version>2.8.1</version> 
    </dependency> 
    <dependency> 
     <groupId>com.fasterxml.jackson.core</groupId> 
     <artifactId>jackson-databind</artifactId> 
     <version>2.8.1</version> 
    </dependency> 
    <dependency> 
     <groupId>com.fasterxml.jackson.datatype</groupId> 
     <artifactId>jackson-datatype-jsr310</artifactId> 
     <version>2.8.4</version> 
    </dependency> 
    <dependency> 
     <groupId>com.fasterxml.jackson.datatype</groupId> 
     <artifactId>jackson-datatype-hibernate5</artifactId> 
     <version>2.8.4</version> 
    </dependency> 
    <dependency> 
     <groupId>org.hamcrest</groupId> 
     <artifactId>hamcrest-library</artifactId> 
     <version>1.3</version> 
     <scope>test</scope> 
    </dependency> 
</dependencies> 


<profiles> 
    <profile> 
     <id>hsqldb</id> 
     <dependencies> 
      <dependency> 
       <groupId>org.hsqldb</groupId> 
       <artifactId>hsqldb</artifactId> 
       <version>2.3.4</version> 
      </dependency> 
     </dependencies> 
    </profile> 
    <profile> 
     <id>heroku</id> 
     <build> 
      <plugins> 
       <plugin> 
        <groupId>org.apache.maven.plugins</groupId> 
        <artifactId>maven-dependency-plugin</artifactId> 
        <version>2.10</version> 
        <executions> 
         <execution> 
          <phase>package</phase> 
          <goals> 
           <goal>copy</goal> 
          </goals> 
          <configuration> 
           <artifactItems> 
            <artifactItem> 
             <groupId>com.github.jsimone</groupId> 
             <artifactId>webapp-runner</artifactId> 
             <version>8.0.33.1</version> 
             <destFileName>webapp-runner.jar</destFileName> 
            </artifactItem> 
           </artifactItems> 
          </configuration> 
         </execution> 
        </executions> 
       </plugin> 
      </plugins> 
     </build> 
    </profile> 
</profiles> 

<dependencyManagement> 
    <dependencies> 
     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-framework-bom</artifactId> 
      <version>${spring.version}</version> 
      <type>pom</type> 
      <scope>import</scope> 
     </dependency> 
    </dependencies> 
</dependencyManagement>

出典

2016-11-30 Evgeny Mitrokhin

+0

これをどのように実行するのですか?プロジェクト全体、アプリケーションログ内のすべてを共有できますか? –

+0

Github.com/emitrohin/votingsystem –

答えて

1

url-patternの値が間違っていると思います。 Ant式であってはなりません。 /**の代わりに値/*が必要になることがあります。

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

What is url-pattern in web.xmlも参照してください。

出典

2016-11-30 12:55:25 holmis83

関連する問題

 関連する問題