开发者

Facing Problems when using Spring Security in GAE

开发者 https://www.devze.com 2023-02-10 08:06 出处:网络
I am following this article to implement spring security in my GAE project http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/

I am following this article to implement spring security in my GAE project http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/

I could not make it work, URLs that i have configured to be protected are not getting protected and application is not redirecting me to google log in page. Here is my web.xml and security-config.xml. Please help, as i have already spent lot of time on this. I think there is some small issue which i am unable to catch.

web.xml

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/security-config.xml
    </param-value>
</context-param>

<!-- Enables Spring Security -->
<filter>
    <filter-name>authenticationFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<!--开发者_如何学Go Reads request input using UTF-8 encoding -->
<filter>
    <filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>authenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>characterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>controller</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>controller</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

security-config.xml

   <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http pattern="/static/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />

<security:http use-expressions="true" entry-point-ref="entryPoint"
    access-denied-page="/">
    <security:intercept-url pattern="/" access="isAuthenticated()" />
    <security:intercept-url pattern="/sample"
        access="isAuthenticated()" />
    <security:custom-filter position="PRE_AUTH_FILTER"
        ref="authenticationFilter" />
</security:http>

<bean id="entryPoint"
    class="com.generic.gae.security.GoogleAccountsAuthenticationEntryPoint" />

<bean id="authenticationFilter" class="com.generic.gae.security.GaeAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="authenticationProvider" />
</security:authentication-manager>

<bean id="authenticationProvider"
    class="com.generic.gae.security.GoogleAccountsAuthenticationProvider" />

Thanks


authenticationFilter defined in security-config.xml is not the one you use in web.xml. Spring Security by default makes the filter bean available to you with name springSecurityFilterChain. So your filter declaration in web.xml should be:

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

...

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

See section 2.2 of page Security Namespace Configuration

0

精彩评论

暂无评论...
验证码 换一张
取 消