Spring Security перенаправляет на страницу входа при нажатии любой ссылки после успешного входа
Я пытаюсь реализовать Spring Security-3.0.7 в приложении, которое использует бегемота в качестве системы управления контентом. Я могу успешно войти в веб-приложение после входа в систему, если снова щелкнуть по любой ссылке, перенаправляющей его на страницу входа. Вот web.xml
а также spring-security.xml
, Подскажите, пожалуйста, в чем может быть причина для перенаправления на страницу входа.
web.xml
<context-param>
</context-param>
<context-param>
<param-name>hst-beans-annotated-classes</param-name>
<param-value>
classpath*:org/onehippo/forge/security/support/springsecurity/beans/**/*.class
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ClickjackFilter</filter-name>
<filter-class>com.accenture.leadership.filters.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<!--<param-value>DENY</param-value>-->
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>XSSUrlFilter</filter-name>
<filter-class>org.hippoecm.hst.container.XSSUrlFilter</filter-class>
</filter>
<filter>
<filter-name>HstFilter</filter-name>
<filter-class>org.hippoecm.hst.container.HstFilter</filter-class>
<init-param>
<param-name>clientComponentManagerClass</param-name>
<param-value>org.hippoecm.hst.component.support.ClientComponentManager</param-value>
</init-param>
<init-param>
<param-name>clientComponentManagerConfigurations</param-name>
<param-value>/META-INF/client-assembly/*.xml</param-value>
</init-param>
</filter>
<filter>
<filter-name>etag</filter-name>
<filter-class>com.cj.etag.ETagFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ClickjackFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>etag</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSUrlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HstFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>HstSiteConfigServlet</servlet-name>
<servlet-class>org.hippoecm.hst.site.container.HstSiteConfigServlet</servlet-class>
<init-param>
<param-name>hst-config-refresh-delay</param-name>
<param-value>3000</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>CustomBinaryServlet</servlet-name>
<servlet-class>com.accenture.leadership.components.CustomBinaryServlet</servlet-class>
<init-param>
<param-name>cache-max-object-size-bytes</param-name>
<param-value>8388608</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>freemarker</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.HstFreemarkerServlet</servlet-class>
<init-param>
<param-name>TemplatePath</param-name>
<param-value>/</param-value>
</init-param>
<init-param>
<param-name>ContentType</param-name>
<param-value>text/html; charset=UTF-8</param-value>
</init-param>
<load-on-startup>200</load-on-startup>
</servlet>
<servlet>
<servlet-name>TemplateComposerResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/hst/pagecomposer</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>org.hippoecm.hst.security.servlet.LoginServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>SecurityResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/hst/security</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>HstResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/web-resources</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>PingServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.HstPingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CustomBinaryServlet</servlet-name>
<url-pattern>/binaries/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>freemarker</servlet-name>
<url-pattern>*.ftl</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TemplateComposerResourceServlet</servlet-name>
<url-pattern>/hst/pagecomposer/sources/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SecurityResourceServlet</servlet-name>
<url-pattern>/login/hst/security/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HstResourceServlet</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PingServlet</servlet-name>
<url-pattern>/ping/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login/resource</url-pattern>
</web-resource-collection>security-constraint
<auth-constraint>
<role-name>everybody</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>HSTSITE</realm-name>
<form-login-config>
<form-login-page>/login/login</form-login-page>
<form-error-page>/login/error</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Default role of Hippo Repository</description>
<role-name>everybody</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>COPY</http-method>
<http-method>DELETE</http-method>
<http-method>MKCOL</http-method>
<http-method>PROPFIND</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
</web-app>
Весна-security.xml
Вот spring-security.xml
- Что-то не хватает в этом spring-security.xml
файл. Что произойдет, я не хочу использовать default-target-url
,
<http auto-config="true">
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/images/**" filters="none"/>
<intercept-url pattern="/binaries/**" filters="none"/>
<intercept-url pattern="/*" filters="none"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />
<form-login login-page="/"
default-target-url="/events"
always-use-default-target="true" />
<logout logout-url="/logout.jsp" />
</http>
<authentication-manager>
<authentication-provider ref="hippoAuthenticationProvider" />
</authentication-manager>
<beans:bean id="hippoAuthenticationProvider" class="org.onehippo.forge.security.support.springsecurity.authentication.HippoAuthenticationProvider"/>
Можете ли вы предложить, что здесь не так?