我用Java Config编写了一个小型的Spring MVC应用程序,并使用Spring Security 3.2.5对其进行保护。它在Tomcat上运行良好,但在JBoss EAP 6.2上则不然。它已成功部署在 JBoss 上,但是当我请求 Spring MVC 定义的任何页面和浏览器中的 404 错误时,我会收到此警告。
< code > WARN[org . spring framework . web . servlet . pagenotfound](http-/127 . 0 . 0 . 1:8080-1)在DispatcherServlet中,未找到名为“dispatcher”的URI为[/example-web/pages/login.jsp]的HTTP请求的映射
由于使用了Spring Security,对于任何需要经过身份验证的用户的请求,例如http://localhost:8080/example-web/start
,Spring Security重定向到https://localhost:8443/example-web/login
即我看到警告和404错误。
在这里你可以看到我的代码:
public class WebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { RootConfiguration.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebMvcConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/*" };
}
@Override
protected Filter[] getServletFilters() {
return new Filter[] { new HiddenHttpMethodFilter() };
}
}
下面是我的Spring MVC配置:
@EnableWebMvc
@ComponentScan("com.spring.example.w.controller")
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("login").setViewName("login");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@Bean
public InternalResourceViewResolver getInternalResourceViewResolver(){
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/pages/");
resolver.setSuffix(".jsp");
return resolver;
}
}
以下是我的Spring Security配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.addFilter(myUsernamePasswordAuthenticationFilter())
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/admin/**").hasRole("Admin")
.antMatchers("/start/**").hasRole("Viewer")
.antMatchers("/user/**").hasRole("User")
.antMatchers("/**").hasRole("User")
.and()
.httpBasic().authenticationEntryPoint(loginUrlAuthenticationEntryPoint())
.and()
.logout()
.permitAll()
.and()
.requiresChannel()
.anyRequest().requiresSecure();
}
@Bean
public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint(){
LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
return loginUrlAuthenticationEntryPoint;
}
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider(){
ActiveDirectoryLdapAuthenticationProvider authProvider = new ActiveDirectoryLdapAuthenticationProvider(my_domain, my_url);
authProvider.setConvertSubErrorCodesToExceptions(true);
authProvider.setUseAuthenticationRequestCredentials(true);
authProvider.setUseAuthenticationRequestCredentials(true);
authProvider.setUserDetailsContextMapper(userDetailsContextMapper());
return authProvider;
}
@Bean
public UserDetailsContextMapper userDetailsContextMapper(){
CustomUserDetailsContextMapper myAuthoritiesPopulator = new CustomUserDetailsContextMapper();
return myAuthoritiesPopulator;
}
@Bean
public CustomUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter()
throws Exception {
CustomUsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter = new CustomUsernamePasswordAuthenticationFilter();
usernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManager());
usernamePasswordAuthenticationFilter.setAllowSessionCreation(true);
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
usernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(successHandler);
usernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login?error"));
usernamePasswordAuthenticationFilter.afterPropertiesSet();
return usernamePasswordAuthenticationFilter;
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
}
然后SecurityWebApplicationInitializer:
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
和根配置:
@Configuration
@ComponentScan
public class RootConfiguration {
}
下面是我如何为SSL配置JBoss:
<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ssl" password="<my_password>" certificate-key-file="c:\mykeystore.jks" protocol="TLSv1" verify-client="false"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
在部署过程中,我可以在日志中看到请求确实得到了映射:
INFO [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] (ServerService Thread Pool -- 71) Mapped "{[/start],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView com.spring.example.w.controller.StartController.handleStart() throws javax.servlet.ServletException,java.io.IOException
INFO [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] (ServerService Thread Pool -- 71) Mapped URL path [/login] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
INFO [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 71) Root WebApplicationContext: initialization completed in 2530 ms
INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/example-web]] (ServerService Thread Pool -- 71) Initializing Spring FrameworkServlet 'dispatcher'
INFO [org.springframework.web.servlet.DispatcherServlet] (ServerService Thread Pool -- 71) FrameworkServlet 'dispatcher': initialization started
关于为什么我得到404错误和这个警告的任何帮助都非常感谢。我应该再次强调它正在Tomcat上工作。提前感谢。
你能检查一下连接器端口是否启用了SSL。这个链接有一些细节。从非ssl端口8080重定向到ssl端口8443
希望有帮助