39

始める前に、私が見つけた最も近い答えはここにあると言わざるを得ませんが、正直なところ、そこで何が起こっているのかよくわかりません。

「ROLE_」プレフィックスの必要性を取り除くために、Struts2 + Spring Security 2.06 をカスタム認証プロバイダーとアクセス決定マネージャーと共に使用しています。

私の applicationContext-security.xml は次のようになります。

    <beans:bean id="customAuthenticationProvider"
                class="com.test.testconsole.security.CustomAuthenticationProvider">
        <beans:property name="userManagementService" ref="userManagementService"/>
        <custom-authentication-provider/>
    </beans:bean>

    <!--Customize Spring Security's access decision manager to remove need for "ROLE_" prefix-->
    <beans:bean
            id="accessDecisionManager"
            class="org.springframework.security.vote.AffirmativeBased">
        <beans:property name="decisionVoters">
            <beans:list>
                <beans:ref bean="roleVoter"/>
                <beans:ref bean="authenticatedVoter"/>
            </beans:list>
        </beans:property>
    </beans:bean>

    <beans:bean
            id="roleVoter"
            class="org.springframework.security.vote.RoleVoter">
        <beans:property name="rolePrefix" value=""/>
    </beans:bean>

    <beans:bean
            id="authenticatedVoter"
            class="org.springframework.security.vote.AuthenticatedVoter">
    </beans:bean>

<global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>

私の web.xml の関連部分:

    <!--Spring Security-->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter>
    <filter-name>struts2</filter-name>
    <filter-class>
        org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
    </filter-class>
</filter>

<!--Has to be placed _Before_ the struts2 filter-mapping-->
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

そして、私は単純に私のアクションクラスの 1 つで @Secured を次のように使用しています。

@Secured({"TEST_ADMIN"})
public String editAccount() {
    logger.info("Editing account for: " + email);
    //blah blah blah
}

アクションのメソッドに @Secured アノテーションを追加すると、すべてのパラメーターが null になり、実際には valuestack が null のように見えます。

154379 [1146701440@qtp-1897259366-0] DEBUG com.opensymphony.xwork2.conversion.impl.InstantiatingNullHandler  - Entering nullPropertyValue [target=[com.test.testconsole.sections.SettingsAction@da47641, com.opensymphony.xwork2.DefaultTextProvider@1cc50164], property=currentPage]        
154379 [1146701440@qtp-1897259366-0] WARN  com.opensymphony.xwork2.ognl.OgnlValueStack  - Caught an exception while evaluating expression 'currentPage.equals('Summary')' against value stack
    java.lang.NullPointerException: target is null for method equals
        at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1347)
        at ognl.ASTMethod.getValueBody(ASTMethod.java:90)
        at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
        at ognl.SimpleNode.getValue(SimpleNode.java:258)
        at ognl.ASTChain.getValueBody(ASTChain.java:141)
        at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
        at ognl.SimpleNode.getValue(SimpleNode.java:258)
        at ognl.Ognl.getValue(Ognl.java:494)
        at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:217)
        at com.opensymphony.xwork2.ognl.OgnlValueStack.getValue(OgnlValueStack.java:342)
        at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:331)
        at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:307)
        at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:293)
        at org.apache.struts2.components.Component.findValue(Component.java:382)
        at org.apache.struts2.components.If.start(If.java:86)
        at org.apache.struts2.views.jsp.ComponentTagSupport.doStartTag(ComponentTagSupport.java:53)
        at org.apache.jsp.WEB_002dINF.views.layouts.header_jsp._jspx_meth_s_if_0(org.apache.jsp.WEB_002dINF.views.layouts.header_jsp:252)
        at org.apache.jsp.WEB_002dINF.views.layouts.header_jsp._jspService(org.apache.jsp.WEB_002dINF.views.layouts.header_jsp:97)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
        at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:192)
        at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:1013)
        at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:698)
        at org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:80)
        at org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:73)
        at org.apache.tiles.context.TilesRequestContextWrapper.dispatch(TilesRequestContextWrapper.java:72)
        at org.apache.struts2.tiles.StrutsTilesRequestContext.dispatch(StrutsTilesRequestContext.java:88)
        at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:283)
        at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140)
        at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117)
        at org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:154)
        at org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75)
        at org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80)
        at org.apache.jsp.WEB_002dINF.views.layouts.bodyWithSidebar_jsp._jspx_meth_tiles_insertAttribute_0(org.apache.jsp.WEB_002dINF.views.layouts.bodyWithSidebar_jsp:121)
        at org.apache.jsp.WEB_002dINF.views.layouts.bodyWithSidebar_jsp._jspService(org.apache.jsp.WEB_002dINF.views.layouts.bodyWithSidebar_jsp:58)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
        at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:192)
        at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:1013)
        at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:698)
        at org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:80)
        at org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:73)
        at org.apache.tiles.context.TilesRequestContextWrapper.dispatch(TilesRequestContextWrapper.java:72)
        at org.apache.struts2.tiles.StrutsTilesRequestContext.dispatch(StrutsTilesRequestContext.java:88)
        at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:606)
        at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:280)
        at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140)
        at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117)
        at org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:154)
        at org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75)
        at org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80)
        at org.apache.jsp.WEB_002dINF.views.layouts.main_jsp._jspx_meth_tiles_insertAttribute_0(org.apache.jsp.WEB_002dINF.views.layouts.main_jsp:473)
        at org.apache.jsp.WEB_002dINF.views.layouts.main_jsp._jspService(org.apache.jsp.WEB_002dINF.views.layouts.main_jsp:157)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
        at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
        at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
        at org.apache.tiles.servlet.context.ServletTilesRequestContext.forward(ServletTilesRequestContext.java:198)
        at org.apache.tiles.servlet.context.ServletTilesRequestContext.dispatch(ServletTilesRequestContext.java:179)
        at org.apache.tiles.context.TilesRequestContextWrapper.dispatch(TilesRequestContextWrapper.java:72)
        at org.apache.struts2.tiles.StrutsTilesRequestContext.dispatch(StrutsTilesRequestContext.java:88)
        at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:606)
        at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:246)
        at org.apache.struts2.views.tiles.TilesResult.doExecute(TilesResult.java:105)
        at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
        at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:373)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:277)
        at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
        at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:263)
        at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
        at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:133)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:207)
        at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:207)
        at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:75)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:94)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:270)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
        at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:176)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:190)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:187)
        at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
        at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
        at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:498)
        at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
        at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:91)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
        at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
        at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
        at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
        at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
        at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
        at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
        at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
        at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
        at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
        at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
        at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
        at org.mortbay.jetty.Server.handle(Server.java:326)
        at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:536)
        at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:915)
        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
        at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
        at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

Spring Security FAQ で、コントローラー/アクションはメソッドを保護するのに最適な場所ではないことを読みましたが、FAQ で説明されている失敗は、@Secured アノテーションが機能しない、つまりメソッドが保護されないことです。

私の場合、そのメソッドに到達する前でも null 値スタックを取得します。execute() は保護されておらず、 editUser() のみであり、まだ呼び出されていません。

誰かが同じ経験をして解決策を見つけたことを願っています..ありがとう。

更新: これが役立つかどうか疑問に思います: Spring Security - メソッド セキュリティ アノテーションを有効にするにはどうすればよいですか?

私の Action クラスは現在、一般的な機能を配置する BaseAction クラスを拡張しています..

4

4 に答える 4

2

スタック トレースは、タグに問題がある「header.jsp」ファイルの問題を示しています。タグ内の式に nullpointer の問題があるだけだと思います。header.jsp の JSP スニペットを共有できますか?

于 2012-10-27T12:32:01.300 に答える
2

ROLE_接頭辞付きの名前が必要な Spring Security のデフォルト構成を使用すると、この問題が発生するのが不思議です。

この質問を参照してください: Spring Security でカスタム ロール/権限を使用するにはどうすればよいですか?

ロールが「ROLE_」プレフィックスで始まることを期待するデフォルトの構成ウィッチを使用しています。カスタム セキュリティ構成を追加し、rolePrefix を "" に設定する必要があります。

構成例: Spring Security Role Prefix および Custom User Details Service

<beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
    <beans:property name="rolePrefix" value="" />
</beans:bean>

関連する質問:

于 2012-09-05T08:57:57.713 に答える
1

これはあなたの質問に直接答えることはありませんが、アノテーション付きのSpring 3 MVCコントローラーを利用し、それに一致するSpring Securityバージョンを使用すると、統合がはるかに簡単になります。これにより、より迅速に開発でき、コントローラーのXML構成を破棄でき、切り替えに数分しかかからないという追加の利点が得られます。実装のどこまで進んでいるかによっては、これがオプションになる場合があります。通常、Springアノテーションは、SpringマネージドBean内にある場合、またはコンパイル時または実行時に非Springクラスに依存関係を織り込んでいる場合にのみ機能します。

于 2012-10-22T12:50:08.603 に答える
1

私はすでにこのようなプロジェクトで働いていました。Struts 2、Spring 3.0.0、および Spring Security を使用しました。

@org.springframework.stereotype.Controller を使用して struts アクションにアノテーションを付けることができると思います。これが、Spring が Struts アクションを管理する現在の方法です。あなたが関連していた春のセキュリティ問題を修正すると思います。

このアーキテクチャに関するもう 1 つの特殊性を覚えています。web.xml では、Struts 2 フィルターの前にスプリング リスナーとフィルターを設定する必要があります。古いプロジェクトを見つけ、web.xml は次のようになりました。

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="starter" version="2.4" 
         xmlns="http://java.sun.com/xml/ns/j2ee" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>Onleague.com</display-name>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:META-INF/app-context.xml</param-value>
    </context-param>

    <!-- Spring -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>    
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>openSessionInViewFilter</filter-name>
        <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>openSessionInViewFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- Struts 2 -->
    <filter>
        <filter-name>action2-cleanup</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>action2-cleanup</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <filter>
        <filter-name>action2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>action2</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

    <!-- Sitemesh -->    
    <filter>
        <filter-name>sitemesh</filter-name>
        <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>sitemesh</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

    <!-- Servlets -->
    <servlet>
        <servlet-name>dwr</servlet-name>
        <servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>
    <servlet>
        <servlet-name>jspSupportServlet</servlet-name>
        <servlet-class>org.apache.struts2.views.JspSupportServlet</servlet-class>
        <load-on-startup>5</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>dwr</servlet-name>
        <url-pattern>/dwr/*</url-pattern>
    </servlet-mapping>


    <!-- Welcome file lists -->
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.jsp</welcome-file>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

</web-app>

幸運を!

于 2012-11-01T13:48:12.997 に答える