0

Spring セキュリティ 3.2 を使用して、次のように URL を傍受しようとしています。

<security:http  use-expressions="true"  path-type="regex" >

    <security:intercept-url pattern="/jsp/Error_403.jsp" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" />
    <security:intercept-url pattern="/jsp/LoggedOut.jsp" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" />
    <security:intercept-url pattern="/jsp/home/header.html" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')"/>
    <security:intercept-url pattern="/unjust?action=statistics" access="hasAnyRole('ROLE_ADMIN','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" />
    <security:intercept-url pattern="/unjust?action=browse" access="hasAnyRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/unjust?action=search" access="hasAnyRole('ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" />
    <security:intercept-url pattern="/unjust?action=home" access="hasAnyRole('ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')" />
            <security:intercept-url pattern="/unjust" access="hasAnyRole('ROLE_VISITOR','ROLE_ADMIN','ROLE_BRONZE_SUB','ROLE_BRONZE_TEST','ROLE_SILVER_SUB','ROLE_SILVER_TEST','ROLE_GOLD_SUB','ROLE_GOLD_TEST')"/>


    <security:intercept-url pattern="/**" access="denyAll" />
    <access-denied-handler error-page="/jsp/Error_403.jsp"/>

    <security:logout  />
    <security:openid-login login-page="/openidlogin.jsp"
        user-service-ref="registeringUserService" authentication-failure-url="/openidlogin.jsp?login_error=true">
        <attribute-exchange identifier-match="https://www.google.com/.*">
            <openid-attribute name="email"
                type="http://axschema.org/contact/email" required="true" count="1" />
            <openid-attribute name="firstname"
                type="http://axschema.org/namePerson/first" required="true" />
            <openid-attribute name="lastname"
                type="http://axschema.org/namePerson/last" required="true" />
        </attribute-exchange>

        <attribute-exchange identifier-match=".*myopenid.com.*">
            <openid-attribute name="email"
                type="http://schema.openid.net/contact/email" required="true" />
            <openid-attribute name="fullname"
                type="http://schema.openid.net/namePerson" required="true" />
        </attribute-exchange>
    </security:openid-login>
    <remember-me token-repository-ref="tokenRepo" />
</security:http>

たとえば、参照アクションを実行しようとすると、認証できず、ログに次のように表示されます。

12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.FilterChainProxy  - /unjust?action=statistics at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/jsp/Error_403.jsp'
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/jsp/LoggedOut.jsp'
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/jsp/home/header.html'
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=statistics'
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=browse'
12889 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=search$'
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/unjust?action=home'
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.util.RegexRequestMatcher  - Checking match of request : '/unjust?action=statistics'; against '/unjust'
12890 [http-bio-8080-exec-14] DEBUG    org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /unjust?action=statistics; Attributes: [denyAll]
12890 [http-bio-8080-exec-14] DEBUG   org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Previously  Authenticated: [org.springframework.security.openid.OpenIDAuthenticationToken@c8f995e9: Principal: unjust.beans.CustomUserDetails@d66c4fbd: Username: https://www.google.com/accounts/o8/id?xxxxx; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_BRONZE_SUB; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 6F57A4A404D2BC3CD82391F6973FA715; Granted Authorities: ROLE_BRONZE_SUB, attributes : xxxxxx
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.access.vote.AffirmativeBased  - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@b041b0, returned: -1
12890 [http-bio-8080-exec-14] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied

上記のものから 

<security:intercept-url pattern="\A^/unjust?action=search.$\Z"

Ant パス マッチャーを使用して一致を生成できましたが、次のような要求があると失敗します。

/unjust?action=browseUNDT&sEcho=1&iColumns=7&sColumns=&iDisplayStart=0&iDisplayLength=10&mDataProp_0=caseName&mDataProp_1=caseId&mDataProp_2=judgmentDate&mDataProp_3=judgmentType&mDataProp_4=judgmentNo&mDataProp_5=docId&mDataProp_6=displayCase&sSearch=&bRegex=false&sSearch_0=&bRegex_0=false&bSearchable_0=true&sSearch_1=&bRegex_1=false&bSearchable_1=true&sSearch_2=&bRegex_2=false&bSearchable_2=true&sSearch_3=&bRegex_3=false&bSearchable_3=true&sSearch_4=&bRegex_4=false&bSearchable_4=true&sSearch_5=&bRegex_5=false&bSearchable_5=true&sSearch_6=&bRegex_6=false&bSearchable_6=true&iSortCol_0=0&sSortDir_0=asc&iSortingCols=1&bSortable_0=true&bSortable_1=true&bSortable_2=true&bSortable_3=true&bSortable_4=true&bSortable_5=true&bSortable_6=true&_=1379771161138

そしてその間のすべて。

誰かがこのパターン マッチングの正しいセットアップと構文に向けて私を操縦できますか?

4

1 に答える 1

1

デフォルトでは、Spring は URL でのパラメータ マッチングをサポートしていません。request-matcher="regex" または path-type="regex" を使用する正規表現マッチャーを使用すると、正規表現を使用して URL を照合できます。今あなたが提供したパターンで = /unjust?action=browse"?" 正規表現の 1 回の出現または 0 回の特殊記号を意味します。あなたは逃げるべきですか?を使用してパターンで"\\?"

于 2013-09-23T06:56:23.057 に答える