问题描述
项目中准备用spring security,根据网上搜索的资料做了一个demo,但是测试结果是不用登陆也能正常任意访问,请各位帮忙看下哪里有问题,谢谢。以下是配置文件:web.xml<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" ><web-app id="WebApp_ID" version="2.5"xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd"><context-param><param-name>contextConfigLocation</param-name><param-value>classpath*:/applicationContext.xml,classpath*:/spring-security.xml</param-value></context-param><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><filter><filter-name>encodingFilter</filter-name><filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class><init-param><param-name>encoding</param-name><param-value>UTF-8</param-value></init-param><init-param><param-name>forceEncoding</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>encodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- Spring Security Filter --><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter><filter-name>struts2</filter-name><filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class><!-- <init-param><param-name>struts.i18n.encoding</param-name><param-value>GBK</param-value></init-param> --></filter><filter-mapping><filter-name>struts2</filter-name><url-pattern>/*</url-pattern></filter-mapping><session-config> <session-timeout>30</session-timeout> </session-config></web-app>spring-security.xml<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"><beans:description>Spring Security安全配置</beans:description><http auto-config="true"><form-login login-page="/login.htm"authentication-failure-url="/login.htm?error=1" authentication-success-handler-ref="customAuthenticationSuccessHandler" /><logout logout-success-url="/index.htm" /> <remember-me key="oms123456789" token-validity-seconds="1209600"/> <access-denied-handler ref="accessDeniedHandler" /> <custom-filter ref="CustomFilterSecurityInterceptorImpl" before="FILTER_SECURITY_INTERCEPTOR" /><http-basic /></http> <!-- 登录成功后 操作类--> <beans:bean id="customAuthenticationSuccessHandler" class="com.ule.oms.user.security.CustomAuthenticationSuccessHandler" > <beans:constructor-arg value="/index.htm" /> <beans:property name="customAlwaysUseDefTargUrl" value="false"/> </beans:bean> <!-- 拒绝访问操作类 --> <beans:bean id="accessDeniedHandler" class="com.ule.oms.user.security.CustomAccessDeniedHandler" > <beans:property name="errorPage" value="/denied.htm"/> </beans:bean> <!-- 一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性。 --> <beans:bean id="CustomFilterSecurityInterceptorImpl" class="com.ule.oms.user.security.CustomFilterSecurityInterceptorImpl"> <beans:property name="authenticationManager" ref="autheticationManager" /><!-- 登陆的认证 --> <beans:property name="accessDecisionManager" ref="customAccessDecisionManager" /><!-- 资源访问决策 --> <beans:property name="securityMetadataSource" ref="customSecurityMetadataSource" /><!-- 资源和权限列表 --> </beans:bean> <authentication-manager alias="autheticationManager"> <authentication-provider user-service-ref="userDetailsServiceImpl"> </authentication-provider> </authentication-manager> </beans:beans> 不胜感激。
解决方案
<intercept-url pattern="/**" access="isAuthenticated()" />