有没有人在整合spring security3.1.X和struts2遇到过这么问,登陆成功通过后不跳转到指定跳转页面,而是跳转到项目index.jsp,
此时点浏览器后退,再次登陆,跳转到指定跳转页面,原因未知
其中spring security 配置文件代码如下
<!-- 开启注解支持 -->
<context:annotation-config />
<!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
<bean id="customInvocationSecurityMetadataSource"
class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
<property name="systemRoleService" ref="systemRoleService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 身份校验器:获取当前登录用户信息 -->
<bean id="customUserDetailsServiceImpl"
class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
<property name="systemUserService" ref="systemUserService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 权限校验器:判断用户是否需要权限访问 -->
<bean id="customAccessDecisionManagerImpl"
class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
</bean>
<!-- MD5加密器 -->
<bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
</bean>
<!-- 过滤器 -->
<bean id="customFilterSecurityInterceptorImpl"
class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
<property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
<property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- 配置认证管理器 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
user-service-ref="customUserDetailsServiceImpl">
<security:password-encoder ref="md5Encoder">
<!-- 添加盐值,增强系统的安全性 -->
<security:salt-source system-wide="system" />
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config='true'>
<!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
注:可以技持正则表达式 -->
<!-- 不拦截静态资源 -->
<security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- 不拦截登录页面 -->
<security:intercept-url pattern="/login.jsp*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
access="ROLE_ADMIN,ROLE_SUPER" />
<security:intercept-url pattern="/rept/*"
access="ROLE_MASTER,ROLE_SUPER" />
<security:intercept-url pattern="/sale/*"
access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/cus/*|/~cust/cust/**"
access="ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/service/*"
access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />
<security:custom-filter ref="customFilterSecurityInterceptorImpl"
before="FILTER_SECURITY_INTERCEPTOR" />
<!-- 配置登录页面 -->
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
login-processing-url:发送的登录请求 -->
<security:form-login
default-target-url="/error.jsp"
login-page="/login.jsp"
authentication-failure-url="/login.jsp"
login-processing-url="/loginForSpringSecurity" />
<!-- 控制session 的并发数量 -->
<security:session-management
session-fixation-protection="migrateSession">
<security:concurrency-control
max-sessions="1" expired-url="/login.jsp" />
</security:session-management>
</security:http>
<!-- 开启注解支持 -->
<context:annotation-config />
<!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
<bean id="customInvocationSecurityMetadataSource"
class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
<property name="systemRoleService" ref="systemRoleService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 身份校验器:获取当前登录用户信息 -->
<bean id="customUserDetailsServiceImpl"
class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
<property name="systemUserService" ref="systemUserService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 权限校验器:判断用户是否需要权限访问 -->
<bean id="customAccessDecisionManagerImpl"
class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
</bean>
<!-- MD5加密器 -->
<bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
</bean>
<!-- 过滤器 -->
<bean id="customFilterSecurityInterceptorImpl"
class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
<property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
<property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- 配置认证管理器 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
user-service-ref="customUserDetailsServiceImpl">
<security:password-encoder ref="md5Encoder">
<!-- 添加盐值,增强系统的安全性 -->
<security:salt-source system-wide="system" />
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config='true'>
<!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
注:可以技持正则表达式 -->
<!-- 不拦截静态资源 -->
<security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- 不拦截登录页面 -->
<security:intercept-url pattern="/login.jsp*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
access="ROLE_ADMIN,ROLE_SUPER" />
<security:intercept-url pattern="/rept/*"
access="ROLE_MASTER,ROLE_SUPER" />
<security:intercept-url pattern="/sale/*"
access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/cus/*|/~cust/cust/**"
access="ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/service/*"
access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />
<security:custom-filter ref="customFilterSecurityInterceptorImpl"
before="FILTER_SECURITY_INTERCEPTOR" />
<!-- 配置登录页面 -->
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
login-processing-url:发送的登录请求 -->
<security:form-login
default-target-url="/error.jsp"
login-page="/login.jsp"
authentication-failure-url="/login.jsp"
login-processing-url="/loginForSpringSecurity" />
<!-- 控制session 的并发数量 -->
<security:session-management
session-fixation-protection="migrateSession">
<security:concurrency-control
max-sessions="1" expired-url="/login.jsp" />
</security:session-management>
</security:http>
<!-- 开启注解支持 -->
<context:annotation-config />
<!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
<bean id="customInvocationSecurityMetadataSource"
class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
<property name="systemRoleService" ref="systemRoleService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 身份校验器:获取当前登录用户信息 -->
<bean id="customUserDetailsServiceImpl"
class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
<property name="systemUserService" ref="systemUserService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 权限校验器:判断用户是否需要权限访问 -->
<bean id="customAccessDecisionManagerImpl"
class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
</bean>
<!-- MD5加密器 -->
<bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
</bean>
<!-- 过滤器 -->
<bean id="customFilterSecurityInterceptorImpl"
class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
<property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
<property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- 配置认证管理器 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
user-service-ref="customUserDetailsServiceImpl">
<security:password-encoder ref="md5Encoder">
<!-- 添加盐值,增强系统的安全性 -->
<security:salt-source system-wide="system" />
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config='true'>
<!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
注:可以技持正则表达式 -->
<!-- 不拦截静态资源 -->
<security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- 不拦截登录页面 -->
<security:intercept-url pattern="/login.jsp*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
access="ROLE_ADMIN,ROLE_SUPER" />
<security:intercept-url pattern="/rept/*"
access="ROLE_MASTER,ROLE_SUPER" />
<security:intercept-url pattern="/sale/*"
access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/cus/*|/~cust/cust/**"
access="ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/service/*"
access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />
<security:custom-filter ref="customFilterSecurityInterceptorImpl"
before="FILTER_SECURITY_INTERCEPTOR" />
<!-- 配置登录页面 -->
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
login-processing-url:发送的登录请求 -->
<security:form-login
default-target-url="/error.jsp"
login-page="/login.jsp"
authentication-failure-url="/login.jsp"
login-processing-url="/loginForSpringSecurity" />
<!-- 控制session 的并发数量 -->
<security:session-management
session-fixation-protection="migrateSession">
<security:concurrency-control
max-sessions="1" expired-url="/login.jsp" />
</security:session-management>
</security:http>
<!-- 开启注解支持 -->
<context:annotation-config />
<!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
<bean id="customInvocationSecurityMetadataSource"
class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
<property name="systemRoleService" ref="systemRoleService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 身份校验器:获取当前登录用户信息 -->
<bean id="customUserDetailsServiceImpl"
class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
<property name="systemUserService" ref="systemUserService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 权限校验器:判断用户是否需要权限访问 -->
<bean id="customAccessDecisionManagerImpl"
class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
</bean>
<!-- MD5加密器 -->
<bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
</bean>
<!-- 过滤器 -->
<bean id="customFilterSecurityInterceptorImpl"
class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
<property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
<property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- 配置认证管理器 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
user-service-ref="customUserDetailsServiceImpl">
<security:password-encoder ref="md5Encoder">
<!-- 添加盐值,增强系统的安全性 -->
<security:salt-source system-wide="system" />
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config='true'>
<!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
注:可以技持正则表达式 -->
<!-- 不拦截静态资源 -->
<security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- 不拦截登录页面 -->
<security:intercept-url pattern="/login.jsp*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
access="ROLE_ADMIN,ROLE_SUPER" />
<security:intercept-url pattern="/rept/*"
access="ROLE_MASTER,ROLE_SUPER" />
<security:intercept-url pattern="/sale/*"
access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/cus/*|/~cust/cust/**"
access="ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/service/*"
access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />
<security:custom-filter ref="customFilterSecurityInterceptorImpl"
before="FILTER_SECURITY_INTERCEPTOR" />
<!-- 配置登录页面 -->
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
login-processing-url:发送的登录请求 -->
<security:form-login
default-target-url="/error.jsp"
login-page="/login.jsp"
authentication-failure-url="/login.jsp"
login-processing-url="/loginForSpringSecurity" />
<!-- 控制session 的并发数量 -->
<security:session-management
session-fixation-protection="migrateSession">
<security:concurrency-control
max-sessions="1" expired-url="/login.jsp" />
</security:session-management>
</security:http>
<!-- 开启注解支持 -->
<context:annotation-config />
<!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
<bean id="customInvocationSecurityMetadataSource"
class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
<property name="systemRoleService" ref="systemRoleService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 身份校验器:获取当前登录用户信息 -->
<bean id="customUserDetailsServiceImpl"
class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
<property name="systemUserService" ref="systemUserService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 权限校验器:判断用户是否需要权限访问 -->
<bean id="customAccessDecisionManagerImpl"
class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
</bean>
<!-- MD5加密器 -->
<bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
</bean>
<!-- 过滤器 -->
<bean id="customFilterSecurityInterceptorImpl"
class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
<property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
<property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- 配置认证管理器 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
user-service-ref="customUserDetailsServiceImpl">
<security:password-encoder ref="md5Encoder">
<!-- 添加盐值,增强系统的安全性 -->
<security:salt-source system-wide="system" />
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config='true'>
<!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
注:可以技持正则表达式 -->
<!-- 不拦截静态资源 -->
<security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- 不拦截登录页面 -->
<security:intercept-url pattern="/login.jsp*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
access="ROLE_ADMIN,ROLE_SUPER" />
<security:intercept-url pattern="/rept/*"
access="ROLE_MASTER,ROLE_SUPER" />
<security:intercept-url pattern="/sale/*"
access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/cus/*|/~cust/cust/**"
access="ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/service/*"
access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />
<security:custom-filter ref="customFilterSecurityInterceptorImpl"
before="FILTER_SECURITY_INTERCEPTOR" />
<!-- 配置登录页面 -->
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
login-processing-url:发送的登录请求 -->
<security:form-login
default-target-url="/error.jsp"
login-page="/login.jsp"
authentication-failure-url="/login.jsp"
login-processing-url="/loginForSpringSecurity" />
<!-- 控制session 的并发数量 -->
<security:session-management
session-fixation-protection="migrateSession">
<security:concurrency-control
max-sessions="1" expired-url="/login.jsp" />
</security:session-management>
</security:http>
<!-- 开启注解支持 -->
<context:annotation-config />
<!-- 数据源:服务器启动时获取所有权限的:URL和角色的访问权限:security -->
<bean id="customInvocationSecurityMetadataSource"
class="org.jb.crm.support.security.bean.CustomFilterInvocationSecurityMetadataSourceImpl">
<property name="systemRoleService" ref="systemRoleService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 身份校验器:获取当前登录用户信息 -->
<bean id="customUserDetailsServiceImpl"
class="org.jb.crm.support.security.bean.CustomUserDetailsServiceImpl">
<property name="systemUserService" ref="systemUserService"></property>
<property name="mapper" ref="mapper"></property>
</bean>
<!-- 权限校验器:判断用户是否需要权限访问 -->
<bean id="customAccessDecisionManagerImpl"
class="org.jb.crm.support.security.bean.CustomAccessDecisionManagerImpl">
</bean>
<!-- MD5加密器 -->
<bean id="md5Encoder" class="org.jb.crm.support.security.encoder.MD5Encoder">
</bean>
<!-- 过滤器 -->
<bean id="customFilterSecurityInterceptorImpl"
class="org.jb.crm.support.security.filter.CustomFilterSecurityInterceptorImpl">
<property name="securityMetadataSource" ref="customInvocationSecurityMetadataSource"></property>
<property name="accessDecisionManager" ref="customAccessDecisionManagerImpl" />
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- 配置认证管理器 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
user-service-ref="customUserDetailsServiceImpl">
<security:password-encoder ref="md5Encoder">
<!-- 添加盐值,增强系统的安全性 -->
<security:salt-source system-wide="system" />
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config='true'>
<!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 access="IS_AUTHENTICATED_ANONYMOUSLY":表示匿名访问
注:可以技持正则表达式 -->
<!-- 不拦截静态资源 -->
<security:intercept-url pattern="/images/**|/**/*.ico|/css/**|/script/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- 不拦截登录页面 -->
<security:intercept-url pattern="/login.jsp*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/jmx/*|/sys/*|/basd/*"
access="ROLE_ADMIN,ROLE_SUPER" />
<security:intercept-url pattern="/rept/*"
access="ROLE_MASTER,ROLE_SUPER" />
<security:intercept-url pattern="/sale/*"
access="ROLE_MASTER,ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/cus/*|/~cust/cust/**"
access="ROLE_MAN,ROLE_SUPER" />
<security:intercept-url pattern="/service/*"
access="ROLE_MASTER,ROLE_MANAGER,ROLE_SUPER" />
<security:custom-filter ref="customFilterSecurityInterceptorImpl"
before="FILTER_SECURITY_INTERCEPTOR" />
<!-- 配置登录页面 -->
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面.
login-processing-url:发送的登录请求 -->
<security:form-login
default-target-url="/error.jsp"
login-page="/login.jsp"
authentication-failure-url="/login.jsp"
login-processing-url="/loginForSpringSecurity" />
<!-- 控制session 的并发数量 -->
<security:session-management
session-fixation-protection="migrateSession">
<security:concurrency-control
max-sessions="1" expired-url="/login.jsp" />
</security:session-management>
</security:http>