浏览器访问login.jsp或程序根目录 CPU使用率从5%猛增到70%,几分钟后显示无法打开网页,TOMCAT控制台没任何异常抛出
配置文件如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> <!-- <authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>-->
<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<beans:property name="driverClassName" value="net.sourceforge.jtds.jdbc.Driver"/>
<beans:property name="url" value="jdbc:jtds:sqlserver://localhost:1433/TEST"/>
<beans:property name="username" value="sa"/>
<beans:property name="password" value="sa"/>
</beans:bean> <http auto-config='true'>
<!-- <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/ok.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/error.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />-->
<form-login login-page="/login.jsp"
authentication-failure-url="/error.jsp?error=true"
default-target-url="/ok.jsp" /> <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled
from tb_user
where username=? and enabled=1"
authorities-by-username-query="select u.username ,r.quanxian as authority
from tb_user u
join user_quanxian uq
on u.id=uq.userid
join tb_quanxian r
on r.id=uq.quanxianid
where u.username=?"
/>
</authentication-provider>
<beans:bean id="filterSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor" autowire="byType">
<custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
<beans:property name="objectDefinitionSource" ref="filterInvocationDefinitionSource" />
</beans:bean> <beans:bean id="filterInvocationDefinitionSource"
class="com.JdbcFilterInvocationDefinitionSourceFactoryBean">
<beans:property name="dataSource" ref="dataSource"/>
<beans:property name="resourceQuery" value="
select re.res_string,q.quanxian
from tb_quanxian q
join resc_quanxian rq
on q.id=rq.quanxian_id
join tb_resc re
on re.id=rq.resc_id
order by priority
"/>
</beans:bean>
</beans:beans>
JdbcFilterInvocationDefinitionSourceFactoryBean代码如下:
package com; import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.jdbc.core.support.JdbcDaoSupport;
import org.springframework.jdbc.object.MappingSqlQuery;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.RequestKey;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.UrlMatcher;
public class JdbcFilterInvocationDefinitionSourceFactoryBean
extends JdbcDaoSupport implements FactoryBean {
private String resourceQuery; public boolean isSingleton() {
return true;
} public Class getObjectType() {
return FilterInvocationDefinitionSource.class;
} public Object getObject() {
return new DefaultFilterInvocationDefinitionSource(this
.getUrlMatcher(), this.buildRequestMap());
} protected Map <String, String> findResources() {
ResourceMapping resourceMapping = new ResourceMapping(getDataSource(),
resourceQuery); Map <String, String> resourceMap = new LinkedHashMap <String, String>(); for (Resource resource : (List <Resource>) resourceMapping.execute()) {
String url = resource.getUrl();
String role = resource.getRole(); if (resourceMap.containsKey(url)) {
String value = resourceMap.get(url);
resourceMap.put(url, value + "," + role);
} else {
resourceMap.put(url, role);
}
} return resourceMap;
} protected LinkedHashMap <RequestKey, ConfigAttributeDefinition> buildRequestMap() {
LinkedHashMap <RequestKey, ConfigAttributeDefinition> requestMap = null;
requestMap = new LinkedHashMap <RequestKey, ConfigAttributeDefinition>(); ConfigAttributeEditor editor = new ConfigAttributeEditor(); Map <String, String> resourceMap = this.findResources(); for (Map.Entry <String, String> entry : resourceMap.entrySet()) {
RequestKey key = new RequestKey(entry.getKey(), null);
editor.setAsText(entry.getValue());
requestMap.put(key,
(ConfigAttributeDefinition) editor.getValue());
} return requestMap;
} protected UrlMatcher getUrlMatcher() {
return new AntUrlPathMatcher();
} public void setResourceQuery(String resourceQuery) {
this.resourceQuery = resourceQuery;
} private class Resource {
private String url;
private String role; public Resource(String url, String role) {
this.url = url;
this.role = role;
} public String getUrl() {
return url;
} public String getRole() {
return role;
}
} private class ResourceMapping extends MappingSqlQuery {
protected ResourceMapping(DataSource dataSource,
String resourceQuery) {
super(dataSource, resourceQuery);
compile();
} protected Object mapRow(ResultSet rs, int rownum)
throws SQLException {
String url = rs.getString(1);
String role = rs.getString(2);
Resource resource = new Resource(url, role); return resource;
}
}
}
配置文件如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> <!-- <authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>-->
<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<beans:property name="driverClassName" value="net.sourceforge.jtds.jdbc.Driver"/>
<beans:property name="url" value="jdbc:jtds:sqlserver://localhost:1433/TEST"/>
<beans:property name="username" value="sa"/>
<beans:property name="password" value="sa"/>
</beans:bean> <http auto-config='true'>
<!-- <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/ok.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/error.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />-->
<form-login login-page="/login.jsp"
authentication-failure-url="/error.jsp?error=true"
default-target-url="/ok.jsp" /> <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled
from tb_user
where username=? and enabled=1"
authorities-by-username-query="select u.username ,r.quanxian as authority
from tb_user u
join user_quanxian uq
on u.id=uq.userid
join tb_quanxian r
on r.id=uq.quanxianid
where u.username=?"
/>
</authentication-provider>
<beans:bean id="filterSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor" autowire="byType">
<custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
<beans:property name="objectDefinitionSource" ref="filterInvocationDefinitionSource" />
</beans:bean> <beans:bean id="filterInvocationDefinitionSource"
class="com.JdbcFilterInvocationDefinitionSourceFactoryBean">
<beans:property name="dataSource" ref="dataSource"/>
<beans:property name="resourceQuery" value="
select re.res_string,q.quanxian
from tb_quanxian q
join resc_quanxian rq
on q.id=rq.quanxian_id
join tb_resc re
on re.id=rq.resc_id
order by priority
"/>
</beans:bean>
</beans:beans>
JdbcFilterInvocationDefinitionSourceFactoryBean代码如下:
package com; import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.jdbc.core.support.JdbcDaoSupport;
import org.springframework.jdbc.object.MappingSqlQuery;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.RequestKey;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.UrlMatcher;
public class JdbcFilterInvocationDefinitionSourceFactoryBean
extends JdbcDaoSupport implements FactoryBean {
private String resourceQuery; public boolean isSingleton() {
return true;
} public Class getObjectType() {
return FilterInvocationDefinitionSource.class;
} public Object getObject() {
return new DefaultFilterInvocationDefinitionSource(this
.getUrlMatcher(), this.buildRequestMap());
} protected Map <String, String> findResources() {
ResourceMapping resourceMapping = new ResourceMapping(getDataSource(),
resourceQuery); Map <String, String> resourceMap = new LinkedHashMap <String, String>(); for (Resource resource : (List <Resource>) resourceMapping.execute()) {
String url = resource.getUrl();
String role = resource.getRole(); if (resourceMap.containsKey(url)) {
String value = resourceMap.get(url);
resourceMap.put(url, value + "," + role);
} else {
resourceMap.put(url, role);
}
} return resourceMap;
} protected LinkedHashMap <RequestKey, ConfigAttributeDefinition> buildRequestMap() {
LinkedHashMap <RequestKey, ConfigAttributeDefinition> requestMap = null;
requestMap = new LinkedHashMap <RequestKey, ConfigAttributeDefinition>(); ConfigAttributeEditor editor = new ConfigAttributeEditor(); Map <String, String> resourceMap = this.findResources(); for (Map.Entry <String, String> entry : resourceMap.entrySet()) {
RequestKey key = new RequestKey(entry.getKey(), null);
editor.setAsText(entry.getValue());
requestMap.put(key,
(ConfigAttributeDefinition) editor.getValue());
} return requestMap;
} protected UrlMatcher getUrlMatcher() {
return new AntUrlPathMatcher();
} public void setResourceQuery(String resourceQuery) {
this.resourceQuery = resourceQuery;
} private class Resource {
private String url;
private String role; public Resource(String url, String role) {
this.url = url;
this.role = role;
} public String getUrl() {
return url;
} public String getRole() {
return role;
}
} private class ResourceMapping extends MappingSqlQuery {
protected ResourceMapping(DataSource dataSource,
String resourceQuery) {
super(dataSource, resourceQuery);
compile();
} protected Object mapRow(ResultSet rs, int rownum)
throws SQLException {
String url = rs.getString(1);
String role = rs.getString(2);
Resource resource = new Resource(url, role); return resource;
}
}
}
http://family168.com/oa/springsecurity/html/ch008-db-login.html
我的数据库里已经设置了login.jsp的访问权限了啊,通过配置文件查出来的:
/admin.jsp ROLE_ADMIN
/** ROLE_USER
/login.jsp IS_AUTHENTICATED_ANONYMOUSLY
/ok.jsp IS_AUTHENTICATED_ANONYMOUSLY
/error.jsp IS_AUTHENTICATED_ANONYMOUSLY