spring-security-4.0,重启服务后,post请求提示无权限

佐岸 发布于 2016/08/11 13:11
阅读 723
收藏 0

这个问题困扰我好久了,配置了Spring4.2.5+Spring security4.0(集成了cas)之后,采用Spring mvc框架,服务启动之后,访问服务时,如果第一个请求是Post请求,都返回403错误,跳转到指定的无权限页面,get请求就可以正常访问。打个比方就是我打开一个查询页面,按照查询条件查询了一些数据,这就等于是做了一次post请求,然后我关闭服务再重启,重启之后,我在刚才的查询页面按F5刷新,就跳转到了403页面。。。如果在浏览器地址栏中敲回车则能访问到查询页面。。。求大神帮忙解决。

applicationContext-security-cas.xml代码如下:


<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:sec="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans  
       http://www.springframework.org/schema/beans/spring-beans.xsd  
       http://www.springframework.org/schema/context  
       http://www.springframework.org/schema/context/spring-context.xsd  
       http://www.springframework.org/schema/security  
       http://www.springframework.org/schema/security/spring-security-4.0.xsd">

	<!-- 浏览权限设定,根据自己的情况修改 -->
	<sec:http auto-config="true" use-expressions="true"
		disable-url-rewriting="true" entry-point-ref="casProcessingFilterEntryPoint">
		<sec:anonymous enabled="false" />
 		<sec:intercept-url pattern="/**/*.jsp" access="isAuthenticated()" /> 
		<sec:intercept-url pattern="/**/*.do" access="isAuthenticated()" />
		<sec:intercept-url pattern="/**/*.html" access="isAuthenticated()" />
		<sec:intercept-url pattern="/**/*.htm" access="isAuthenticated()" />
		<sec:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
		<sec:logout logout-success-url="${cas-server-url}/logout?service=${cas-service-url}" />
		<sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
		<sec:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
		<sec:session-management invalid-session-url="">
			<sec:concurrency-control max-sessions="1"
				error-if-maximum-exceeded="false" expired-url="/common/timeout.jsp" />
		</sec:session-management>
	</sec:http>

	<!-- This filter handles a Single Logout Request from the CAS Server -->
	<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />

	<!-- This filter redirects to the CAS Server to signal Single Logout should 
		be performed -->
	<bean id="requestSingleLogoutFilter"
		class="org.springframework.security.web.authentication.logout.LogoutFilter">
		<constructor-arg value="${cas-server-url}/logout?service=${cas-service-url}" />
		<constructor-arg>
			<bean
				class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
		</constructor-arg>
		<property name="filterProcessesUrl" value="/logout" />
	</bean>

	<sec:authentication-manager alias="authenticationManager">
		<sec:authentication-provider ref="casAuthenticationProvider" />
	</sec:authentication-manager>

	<bean id="casAuthenticationFilter"
		class="org.springframework.security.cas.web.CasAuthenticationFilter">
		<property name="authenticationManager" ref="authenticationManager" />
	</bean>

	<bean id="casProcessingFilterEntryPoint"
		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
		<!-- 单点登录服务器登录URL -->
		<property name="loginUrl" value="${cas-server-url}/login" />
		<property name="serviceProperties" ref="serviceProperties" />
	</bean>
	<bean id="casAuthenticationProvider"
		class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
		<property name="authenticationUserDetailsService">
			<bean
				class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
				<constructor-arg ref="loginServiceImpl" />
			</bean>
		</property>
		<property name="serviceProperties" ref="serviceProperties" />
		<property name="ticketValidator">
			<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
				<constructor-arg index="0" value="${cas-server-url}" />
			</bean>
		</property>
		<property name="key" value="an_id_for_this_auth_provider_only" />
	</bean>

	<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
		<property name="service" value="${cas-service-url}/login/cas" />
		<property name="sendRenew" value="true" />
	</bean>
</beans>

Controller代码如下:

@RequestMapping(value = "/findDevice", method = { RequestMethod.POST,
			RequestMethod.GET })//
	public ModelAndView findDevice(HttpServletRequest request,
			String deviceName, String deviceNO) throws AppException {
		/**
		 * 获取页面查询标志位,如果flag.equals("query") == true,则封装查询条件。
		 */
		String flag = request.getParameter("flag");
		
		// 封装查询条件
		Map<String, String> map = new HashMap<String, String>();
		if (null != flag && "query".equals(flag)) {
			map.put("deviceName", deviceName);
			map.put("deviceNO", deviceNO);
		}
		
		// 分页框架,该代码后的第一个查询接口会被执行分页操作
		PageHelper.startPage(this.getPageNum(request),
				this.getPageSize(request));
		// 查询资产集合
		List<DeviceDTO> deviceDTOList = this.deviceServiceImpl
				.findAllDeviceList(map);
		// 初始化分页数据
		PageInfo<DeviceDTO> pagehelper = new PageInfo<DeviceDTO>(deviceDTOList);

		// 封装页面所需数据
		ModelAndView modelAndView = new ModelAndView();
		modelAndView.addObject("pagehelper", pagehelper);
		modelAndView.addObject("deviceName", deviceName);
		modelAndView.addObject("deviceNO", deviceNO);
		modelAndView.setViewName("jb/sbgla/device/findDevice");
		return modelAndView;
	}





加载中
0
skhuhu
skhuhu
AccessDeniedHandler 有没有重写这个···里面权限是不是判断错了?
佐岸
佐岸
回复 @skhuhu : 试过了,没用。。。。。。我现在是复制url在另外有一个标签页打开系统,然后回到原标签页按F5,都是提示无权限。。。
佐岸
佐岸
回复 @skhuhu : 好吧,我试试这个
skhuhu
skhuhu
invalid-session-url="" 没设置吧···试试看呢··
佐岸
佐岸
回复 @skhuhu : 是销毁了,可是应该跳转到cas登陆界面的。现在是没有跳转
skhuhu
skhuhu
你是关闭服务再刷新嘛 肯定没权限啊···你session都销毁了
下一页
返回顶部
顶部