spring_security无法跳转

spring_security 发布于 2014/03/02 12:44
阅读 1K+
收藏 0

有没有人在整合spring security3.1.X和struts2遇到过这么问,登陆成功通过后不跳转到指定跳转页面,而是跳转到项目index.jsp,
此时点浏览器后退,再次登陆,跳转到指定跳转页面,原因未知
其中spring security 配置文件代码如下
 

<!-- 开启注解支持 -->
 <context:annotation-config />
 <!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
 <bean id="customInvocationSecurityMetadataSource"
  class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
  <property name="systemRoleService" ref="systemRoleService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 身份校验器:获取当前登录用户信息 -->
 <bean id="customUserDetailsServiceImpl"
  class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
  <property name="systemUserService" ref="systemUserService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 权限校验器:判断用户是否需要权限访问 -->
 <bean id="customAccessDecisionManagerImpl"
  class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
 </bean>
 <!-- MD5加密器 -->
 <bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
 </bean>
 <!-- 过滤器 -->
 <bean id="customFilterSecurityInterceptorImpl"
  class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
  <property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
  <property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
  <property name="authenticationManager" ref="authenticationManager"></property>
 </bean>
 
 <!-- 配置认证管理器 -->
 <security:authentication-manager alias="authenticationManager">
  <security:authentication-provider
   user-service-ref="customUserDetailsServiceImpl">
   <security:password-encoder ref="md5Encoder">
    <!-- 添加盐值,增强系统的安全性 -->
    <security:salt-source system-wide="system" />
   </security:password-encoder>
  </security:authentication-provider>
 </security:authentication-manager>

 <security:http auto-config='true'>
  <!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
   注:可以技持正则表达式 -->
  <!-- 不拦截静态资源 -->
  <security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <!-- 不拦截登录页面 -->
  <security:intercept-url pattern="/login.jsp*"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />


  <security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
   access="ROLE_ADMIN,ROLE_SUPER" />
  <security:intercept-url pattern="/rept/*"
   access="ROLE_MASTER,ROLE_SUPER" />
  <security:intercept-url pattern="/sale/*"
   access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/cus/*|/~cust/cust/**"
   access="ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/service/*"
   access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />


  <security:custom-filter ref="customFilterSecurityInterceptorImpl"
   before="FILTER_SECURITY_INTERCEPTOR" />

  <!-- 配置登录页面 -->
  <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
   login-processing-url:发送的登录请求 -->
            
  <security:form-login
   default-target-url="/error.jsp"
   login-page="/login.jsp"
   authentication-failure-url="/login.jsp"
   login-processing-url="/loginForSpringSecurity" />
  <!-- 控制session 的并发数量 -->
  <security:session-management
   session-fixation-protection="migrateSession">
   <security:concurrency-control
    max-sessions="1" expired-url="/login.jsp" />
  </security:session-management>
 </security:http>


<!-- 开启注解支持 -->
 <context:annotation-config />
 <!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
 <bean id="customInvocationSecurityMetadataSource"
  class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
  <property name="systemRoleService" ref="systemRoleService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 身份校验器:获取当前登录用户信息 -->
 <bean id="customUserDetailsServiceImpl"
  class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
  <property name="systemUserService" ref="systemUserService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 权限校验器:判断用户是否需要权限访问 -->
 <bean id="customAccessDecisionManagerImpl"
  class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
 </bean>
 <!-- MD5加密器 -->
 <bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
 </bean>
 <!-- 过滤器 -->
 <bean id="customFilterSecurityInterceptorImpl"
  class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
  <property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
  <property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
  <property name="authenticationManager" ref="authenticationManager"></property>
 </bean>
 
 <!-- 配置认证管理器 -->
 <security:authentication-manager alias="authenticationManager">
  <security:authentication-provider
   user-service-ref="customUserDetailsServiceImpl">
   <security:password-encoder ref="md5Encoder">
    <!-- 添加盐值,增强系统的安全性 -->
    <security:salt-source system-wide="system" />
   </security:password-encoder>
  </security:authentication-provider>
 </security:authentication-manager>

 <security:http auto-config='true'>
  <!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
   注:可以技持正则表达式 -->
  <!-- 不拦截静态资源 -->
  <security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <!-- 不拦截登录页面 -->
  <security:intercept-url pattern="/login.jsp*"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />


  <security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
   access="ROLE_ADMIN,ROLE_SUPER" />
  <security:intercept-url pattern="/rept/*"
   access="ROLE_MASTER,ROLE_SUPER" />
  <security:intercept-url pattern="/sale/*"
   access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/cus/*|/~cust/cust/**"
   access="ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/service/*"
   access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />


  <security:custom-filter ref="customFilterSecurityInterceptorImpl"
   before="FILTER_SECURITY_INTERCEPTOR" />

  <!-- 配置登录页面 -->
  <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
   login-processing-url:发送的登录请求 -->
            
  <security:form-login
   default-target-url="/error.jsp"
   login-page="/login.jsp"
   authentication-failure-url="/login.jsp"
   login-processing-url="/loginForSpringSecurity" />
  <!-- 控制session 的并发数量 -->
  <security:session-management
   session-fixation-protection="migrateSession">
   <security:concurrency-control
    max-sessions="1" expired-url="/login.jsp" />
  </security:session-management>
 </security:http>


<!-- 开启注解支持 -->
 <context:annotation-config />
 <!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
 <bean id="customInvocationSecurityMetadataSource"
  class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
  <property name="systemRoleService" ref="systemRoleService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 身份校验器:获取当前登录用户信息 -->
 <bean id="customUserDetailsServiceImpl"
  class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
  <property name="systemUserService" ref="systemUserService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 权限校验器:判断用户是否需要权限访问 -->
 <bean id="customAccessDecisionManagerImpl"
  class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
 </bean>
 <!-- MD5加密器 -->
 <bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
 </bean>
 <!-- 过滤器 -->
 <bean id="customFilterSecurityInterceptorImpl"
  class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
  <property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
  <property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
  <property name="authenticationManager" ref="authenticationManager"></property>
 </bean>
 
 <!-- 配置认证管理器 -->
 <security:authentication-manager alias="authenticationManager">
  <security:authentication-provider
   user-service-ref="customUserDetailsServiceImpl">
   <security:password-encoder ref="md5Encoder">
    <!-- 添加盐值,增强系统的安全性 -->
    <security:salt-source system-wide="system" />
   </security:password-encoder>
  </security:authentication-provider>
 </security:authentication-manager>

 <security:http auto-config='true'>
  <!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
   注:可以技持正则表达式 -->
  <!-- 不拦截静态资源 -->
  <security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <!-- 不拦截登录页面 -->
  <security:intercept-url pattern="/login.jsp*"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />


  <security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
   access="ROLE_ADMIN,ROLE_SUPER" />
  <security:intercept-url pattern="/rept/*"
   access="ROLE_MASTER,ROLE_SUPER" />
  <security:intercept-url pattern="/sale/*"
   access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/cus/*|/~cust/cust/**"
   access="ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/service/*"
   access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />


  <security:custom-filter ref="customFilterSecurityInterceptorImpl"
   before="FILTER_SECURITY_INTERCEPTOR" />

  <!-- 配置登录页面 -->
  <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
   login-processing-url:发送的登录请求 -->
            
  <security:form-login
   default-target-url="/error.jsp"
   login-page="/login.jsp"
   authentication-failure-url="/login.jsp"
   login-processing-url="/loginForSpringSecurity" />
  <!-- 控制session 的并发数量 -->
  <security:session-management
   session-fixation-protection="migrateSession">
   <security:concurrency-control
    max-sessions="1" expired-url="/login.jsp" />
  </security:session-management>
 </security:http>


<!-- 开启注解支持 -->
 <context:annotation-config />
 <!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
 <bean id="customInvocationSecurityMetadataSource"
  class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
  <property name="systemRoleService" ref="systemRoleService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 身份校验器:获取当前登录用户信息 -->
 <bean id="customUserDetailsServiceImpl"
  class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
  <property name="systemUserService" ref="systemUserService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 权限校验器:判断用户是否需要权限访问 -->
 <bean id="customAccessDecisionManagerImpl"
  class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
 </bean>
 <!-- MD5加密器 -->
 <bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
 </bean>
 <!-- 过滤器 -->
 <bean id="customFilterSecurityInterceptorImpl"
  class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
  <property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
  <property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
  <property name="authenticationManager" ref="authenticationManager"></property>
 </bean>
 
 <!-- 配置认证管理器 -->
 <security:authentication-manager alias="authenticationManager">
  <security:authentication-provider
   user-service-ref="customUserDetailsServiceImpl">
   <security:password-encoder ref="md5Encoder">
    <!-- 添加盐值,增强系统的安全性 -->
    <security:salt-source system-wide="system" />
   </security:password-encoder>
  </security:authentication-provider>
 </security:authentication-manager>

 <security:http auto-config='true'>
  <!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
   注:可以技持正则表达式 -->
  <!-- 不拦截静态资源 -->
  <security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <!-- 不拦截登录页面 -->
  <security:intercept-url pattern="/login.jsp*"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />


  <security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
   access="ROLE_ADMIN,ROLE_SUPER" />
  <security:intercept-url pattern="/rept/*"
   access="ROLE_MASTER,ROLE_SUPER" />
  <security:intercept-url pattern="/sale/*"
   access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/cus/*|/~cust/cust/**"
   access="ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/service/*"
   access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />


  <security:custom-filter ref="customFilterSecurityInterceptorImpl"
   before="FILTER_SECURITY_INTERCEPTOR" />

  <!-- 配置登录页面 -->
  <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
   login-processing-url:发送的登录请求 -->
            
  <security:form-login
   default-target-url="/error.jsp"
   login-page="/login.jsp"
   authentication-failure-url="/login.jsp"
   login-processing-url="/loginForSpringSecurity" />
  <!-- 控制session 的并发数量 -->
  <security:session-management
   session-fixation-protection="migrateSession">
   <security:concurrency-control
    max-sessions="1" expired-url="/login.jsp" />
  </security:session-management>
 </security:http>

<!-- 开启注解支持 -->
 <context:annotation-config />
 <!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
 <bean id="customInvocationSecurityMetadataSource"
  class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
  <property name="systemRoleService" ref="systemRoleService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 身份校验器:获取当前登录用户信息 -->
 <bean id="customUserDetailsServiceImpl"
  class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
  <property name="systemUserService" ref="systemUserService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 权限校验器:判断用户是否需要权限访问 -->
 <bean id="customAccessDecisionManagerImpl"
  class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
 </bean>
 <!-- MD5加密器 -->
 <bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
 </bean>
 <!-- 过滤器 -->
 <bean id="customFilterSecurityInterceptorImpl"
  class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
  <property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
  <property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
  <property name="authenticationManager" ref="authenticationManager"></property>
 </bean>
 
 <!-- 配置认证管理器 -->
 <security:authentication-manager alias="authenticationManager">
  <security:authentication-provider
   user-service-ref="customUserDetailsServiceImpl">
   <security:password-encoder ref="md5Encoder">
    <!-- 添加盐值,增强系统的安全性 -->
    <security:salt-source system-wide="system" />
   </security:password-encoder>
  </security:authentication-provider>
 </security:authentication-manager>

 <security:http auto-config='true'>
  <!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
   注:可以技持正则表达式 -->
  <!-- 不拦截静态资源 -->
  <security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <!-- 不拦截登录页面 -->
  <security:intercept-url pattern="/login.jsp*"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />


  <security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
   access="ROLE_ADMIN,ROLE_SUPER" />
  <security:intercept-url pattern="/rept/*"
   access="ROLE_MASTER,ROLE_SUPER" />
  <security:intercept-url pattern="/sale/*"
   access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/cus/*|/~cust/cust/**"
   access="ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/service/*"
   access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />


  <security:custom-filter ref="customFilterSecurityInterceptorImpl"
   before="FILTER_SECURITY_INTERCEPTOR" />

  <!-- 配置登录页面 -->
  <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
   login-processing-url:发送的登录请求 -->
            
  <security:form-login
   default-target-url="/error.jsp"
   login-page="/login.jsp"
   authentication-failure-url="/login.jsp"
   login-processing-url="/loginForSpringSecurity" />
  <!-- 控制session 的并发数量 -->
  <security:session-management
   session-fixation-protection="migrateSession">
   <security:concurrency-control
    max-sessions="1" expired-url="/login.jsp" />
  </security:session-management>
 </security:http>

<!-- 开启注解支持 -->
 <context:annotation-config />
 <!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
 <bean id="customInvocationSecurityMetadataSource"
  class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
  <property name="systemRoleService" ref="systemRoleService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 身份校验器:获取当前登录用户信息 -->
 <bean id="customUserDetailsServiceImpl"
  class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
  <property name="systemUserService" ref="systemUserService"></property>
  <property name="mapper" ref="mapper"></property>
 </bean>
 <!-- 权限校验器:判断用户是否需要权限访问 -->
 <bean id="customAccessDecisionManagerImpl"
  class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
 </bean>
 <!-- MD5加密器 -->
 <bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
 </bean>
 <!-- 过滤器 -->
 <bean id="customFilterSecurityInterceptorImpl"
  class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
  <property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
  <property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
  <property name="authenticationManager" ref="authenticationManager"></property>
 </bean>
 
 <!-- 配置认证管理器 -->
 <security:authentication-manager alias="authenticationManager">
  <security:authentication-provider
   user-service-ref="customUserDetailsServiceImpl">
   <security:password-encoder ref="md5Encoder">
    <!-- 添加盐值,增强系统的安全性 -->
    <security:salt-source system-wide="system" />
   </security:password-encoder>
  </security:authentication-provider>
 </security:authentication-manager>

 <security:http auto-config='true'>
  <!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
   注:可以技持正则表达式 -->
  <!-- 不拦截静态资源 -->
  <security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <!-- 不拦截登录页面 -->
  <security:intercept-url pattern="/login.jsp*"
   access="IS_AUTHENTICATED_ANONYMOUSLY" />


  <security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
   access="ROLE_ADMIN,ROLE_SUPER" />
  <security:intercept-url pattern="/rept/*"
   access="ROLE_MASTER,ROLE_SUPER" />
  <security:intercept-url pattern="/sale/*"
   access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/cus/*|/~cust/cust/**"
   access="ROLE_MAN,ROLE_SUPER" />
  <security:intercept-url pattern="/service/*"
   access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />


  <security:custom-filter ref="customFilterSecurityInterceptorImpl"
   before="FILTER_SECURITY_INTERCEPTOR" />

  <!-- 配置登录页面 -->
  <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
   login-processing-url:发送的登录请求 -->
            
  <security:form-login
   default-target-url="/error.jsp"
   login-page="/login.jsp"
   authentication-failure-url="/login.jsp"
   login-processing-url="/loginForSpringSecurity" />
  <!-- 控制session 的并发数量 -->
  <security:session-management
   session-fixation-protection="migrateSession">
   <security:concurrency-control
    max-sessions="1" expired-url="/login.jsp" />
  </security:session-management>
 </security:http>

加载中
返回顶部
顶部