The absolute uri: http://www.springframework.org/security/tags cannot be resolved in either web.xml or the jar files deployed with this application
需要添加spring-security-taglibs-3.0.5.RELEASE.jar包及其依賴包
對於spring security我只是初學者,原來只是想找一個用於權限驗證的源碼借鑒一下,結果一搜索,就搜到了spring security安全機制框架,我現在要將這個安全機制框架整合到我原來的ssh項目中去。
我現在只是在實驗和學習階段,沒有深入的東西,用戶名密碼及其權限均是在xml文件配置的,以后有時間再學習一下如何和數據庫交互,下面僅是簡單的整合,將spring security的示例整合到項目中去。如果你是下載的spring security的發行包,會在其dist目錄下找到一個spring-security-samples-tutorial-x.x.x.xxxxx.war的war包,我直接使用了這里的applicationContext-security.xml和jsp文件。
下面開始整合:
1.首先添加jar包依賴,我使用的maven來管理依賴包,只需添加下面依賴:
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- <version>3.0.5.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>3.0.5.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>3.0.5.RELEASE</version>
- </dependency>
版本號自己控制,我使用的3.0.5.RELEASE版本,自己手動管理jar包依賴的,將dist目錄下的除了war包和***-sources.jar外的所有jar包添加項目下。
2.在web.xml下配置spring security的過濾器和spring security的配置文件的位置,這里注意,在ssh框架整合spring security時,一定要將spring security的filter-mapping配置在struts2的filter-mapping之前,否則會出現如下錯誤:
- HTTP ERROR 404
- Problem accessing /Struts_Spring_Maven/spring_security_login. Reason:
- There is no Action mapped for namespace [/] and action name [spring_security_login] associated with context path [/Struts_Spring_Maven].
struts2和spring security配置如下:
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>
- classpath:applicationContext.xml
- /WEB-INF/applicationContext-security.xml
- </param-value>
- </context-param>
- <!-- 配置Struts中心過濾器 -->
- <filter>
- <filter-name>struts2</filter-name>
- <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
- <init-param>
- <param-name>actionPackages</param-name>
- <param-value>zwh.struts.maven.action</param-value>
- </init-param>
- </filter>
- <!-- 配置spring security的過濾器 -->
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <!-- spring security的filter-mapping一定要配置struts的前面 -->
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- struts的filter-mapping -->
- <filter-mapping>
- <filter-name>struts2</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
3.添加applicationContext-security.xml文件,我是直接將示例項目中的文件直接拷貝到我的項目中去的,拷貝到WEB-INF目錄下。文件內容如下:
- <?xml version="1.0" encoding="UTF-8"?>
- <beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
- <global-method-security pre-post-annotations="enabled">
- <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
- <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
- -->
- </global-method-security>
- <http use-expressions="true">
- <intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/>
- <intercept-url pattern="/secure/**" access="isAuthenticated()" />
- <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
- <intercept-url pattern="/listAccounts.html" access="isRememberMe()" />
- <intercept-url pattern="/post.html" access="hasRole('ROLE_TELLER')" />
- -->
- <intercept-url pattern="/**" access="permitAll" />
- <form-login />
- <logout />
- <remember-me />
- <!--
- Uncomment to enable X509 client authentication support
- <x509 />
- -->
- <!-- Uncomment to limit the number of sessions a user can have -->
- <session-management invalid-session-url="/timeout.jsp">
- <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
- </session-management>
- </http>
- <!--
- Usernames/Passwords are
- rod/koala
- dianne/emu
- scott/wombat
- peter/opal
- -->
- <authentication-manager>
- <authentication-provider>
- <password-encoder hash="md5"/>
- <user-service>
- <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
- <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
- <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
- <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
- </user-service>
- </authentication-provider>
- </authentication-manager>
- </beans:beans>
從該文件中可以看到/secure路徑下面的所有文件的訪問需要登陸才能訪問,而/secure/extreme路徑下的所有文件的訪問必須是超級用戶,即具備ROLE_SUPERVISOR的角色。rod是超級用戶,密碼是koala,后面登陸需要使用。
4.在項目目錄下創建secure目錄和secure/extreme目錄,並在這些目錄下放一些需要驗證才能訪問的頁面,我為了省事,將示例中jsp頁面直接拷貝到項目目錄下了。
5.下面將該項目添加到tomcat中去,運行,訪問http://localhost:8080/項目名稱/secure/index.jsp 。這時你發現並不是展示出你訪問的頁面,而是出現了一個登陸頁面。如下: 
6.輸入用戶名rod和密碼koala,提交,這時就可以看到了你想要訪問的頁面了。
7.如果遇到如下問題:
- The absolute uri: http://www.springframework.org/security/tags cannot be resolved in either web.xml or the jar files deployed with this application.
對於maven還需要添加如下依賴
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-taglibs</artifactId>
- <version>3.0.5.RELEASE</version>
- </dependency>
自己管理jar包需要添加spring-security-taglibs-3.0.5.RELEASE.jar包及其依賴包。