Spring安全阻止访问GWT服务

问题描述 投票:1回答:1

当我与GWT配对时,我是一个Spring安全新手。也就是说,我对GWT中服务的调用被标记为403被禁止。

POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)

这是我的spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:b="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">


    <!-- This is where we configure Spring-Security  -->
    <security:http auto-config="true" use-expressions="true">

    <security:intercept-url pattern="/login" access="permitAll" />
    <security:intercept-url pattern="/**" access="isAuthenticated()" />
        <security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>

    </security:http>

    <b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="graplAuthentication" />
    </security:authentication-manager>

</b:beans>

网嗯

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
              http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5"
         xmlns="http://java.sun.com/xml/ns/javaee">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
    </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>



    <!-- Servlets -->

    <servlet>
        <servlet-name>AdminServiceServlet</servlet-name>
        <servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>

    </servlet>

    <servlet>
        <servlet-name>LoaderServiceServlet</servlet-name>
        <servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
    </servlet>

     <servlet>
        <servlet-name>authServlet</servlet-name>
        <servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>authServlet</servlet-name>
        <url-pattern>/grapl/auth</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>AdminServiceServlet</servlet-name>
        <url-pattern>/grapl/adminService</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>LoaderServiceServlet</servlet-name>
        <url-pattern>/grapl/loaderService</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>



    <welcome-file-list>
        <welcome-file>grapl.html</welcome-file>
    </welcome-file-list>

</web-app>

登录和身份验证很好。我被重定向到我的gwt前端。我的Spring身份验证后端是一个自定义提供程序。所有配置都在spring-security.xml中完成。

GWT servlet是否需要Spring注释?我看到的任何一个例子似乎都应该通过配置工作。

spring gwt spring-security
1个回答
0
投票

我需要禁用csrf检查。

<security:http ...

<security:csrf disabled="true" />
</security:http>
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.