0
自分のローカル環境でうまく動作するアプリを構築しました。しかし私がSiteminderを認証用に使用する開発環境に展開すると、すべての画像とCSSファイルに対して「アクセス拒否」が発生します。認証後にjsessionidがurlに追加されていることに気が付いたので、手作業でテストして、そのjsessionidを画像URLに貼り付けて貼り付けます。画像が表示されます!なぜjsessionidなしでリソースへのアクセスが拒否されますか?
誰か何が間違っている可能性がありますか?どのようにjsessionidは画像やCSSにアクセスするために重要ですか?
私はそれが助け場合は任意のコードの例を投稿して喜んでいると思います...
**編集
私はいくつかの追加のロギングをオンにしましたし、問題がどこにあるか私が見るではなく、実際にそれを解決する方法。
19:40:27,236 INFO [STDOUT] 2010-12-17 19:40:27,236 [http-0.0.0.0-30080-1] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
at org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter.getPreAuthenticatedPrincipal(RequestHeaderAuthenticationFilter.java:43)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:98)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:86)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
私の春のセキュリティ設定:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="securityMetadataSource">
<security:filter-security-metadata-source>
<security:intercept-url pattern="/"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/cfs"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/app"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/welcome/**"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/styles/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/scripts/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/images/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/ruleManagement/**"
access="ROLE_VIEW_RULE_MANAGEMENT" />
<security:intercept-url pattern="/vendorManagement/**"
access="ROLE_VENDOR_MANAGEMENT" />
<security:intercept-url pattern="/userManagement/**"
access="ROLE_USER_MANAGEMENT" />
<security:intercept-url pattern="/titleManagement/**"
access="ROLE_TITLE_MANAGEMENT" />
<security:intercept-url pattern="/typeManagement/**"
access="ROLE_TYPE_MANAGEMENT" />
<security:intercept-url pattern="/seriesManagement/**"
access="ROLE_SERIES_MANAGEMENT" />
<security:intercept-url pattern="/sequenceManagement/**"
access="ROLE_SEQUENCE_MANAGEMENT" />
<security:intercept-url pattern="/roleManagement/**"
access="ROLE_GROUP_MANAGEMENT" />
<security:intercept-url pattern="/reports/**"
access="ROLE_REPORTS" />
<security:intercept-url pattern="/reportsNew/**"
access="ROLE_REPORTS" />
<security:intercept-url pattern="/fingerprint/**"
access="ROLE_FINGERPRINT" />
<security:intercept-url pattern="/**"
access="ROLE_VIEW_OTHER" />
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="preauthenticationProcessingFilterEntryPoint" />
<property name="accessDeniedHandler" ref="accessDeniedHandler" />
</bean>
<security:authentication-manager alias="authenticationManagerParent" />
<bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager"
parent="authenticationManagerParent">
<property name="providers">
<list>
<ref local="preauthAuthProvider" />
</list>
</property>
</bean>
<bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl" />
<bean id="defaultConcurrentSessionController"
class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**"
filters="securityContextPersistenceFilter, exceptionTranslationFilter, siteminderFilter, filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name='securityContextRepository'>
<bean
class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<property name='allowSessionCreation' value='true' />
</bean>
</property>
</bean>
<bean id="siteminderFilter"
class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<property name="principalRequestHeader" value="SM_USER" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="continueFilterChainOnUnsuccessfulAuthentication"
value="false" />
</bean>
<bean id="mockSiteMinderFilter" class="com.disney.cfs.util.SiteMinderMockFilter"/>
<bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="userDetailsService"/>
</bean>
<bean id="userDetailsService" class="com.disney.cfs.util.UserDetailsServiceUtil"/>
<bean id="preauthenticationProcessingFilterEntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</beans>
応答ありがとうございました... ブラウザでCookieが有効になっています。 チーム内のURLにあるjsessionidを確認しているSiteminderについて正しいかどうか確認する必要があります。 – Corey