配置了ACEGI 用的是1。X 我看了下2。X的 原理是一样的。所以我要先搞懂1.X的。
这是我的WEB.XML中ACEGI的配置:
<filter>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是我的ACEGI中的部分配置,如果有需要告诉我要看哪块的我再贴出来
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/login/index.jsp" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="filterProcessesUrl" value="/j_acegi_security_check" />
<property name="authenticationFailureUrl" value="/login/login.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login/index.jsp" />
<property name="forceHttps" value="true" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/login/accessDenied.html" />
</bean>
</property>
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
<bean class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
<property name="allowIfAllAbstainDecisions" value="true"></property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login/**=IS_AUTHENTICATED_ANONYMOUSLY
/console/**=Role_ALL,Role_Most
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
</property>
</bean>
WEB部分:
登录页面:/login/index.jsp
这是它的action:<form action="j_acegi_security_check" method="POST"> 报错[DEBUG]2010-04-29 14:59:54,171 [org.acegisecurity.ui.ExceptionTranslationFilter]-[handleException line:147]
Authentication exception occurred; redirecting to authentication entry point
org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
这是我的WEB.XML中ACEGI的配置:
<filter>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是我的ACEGI中的部分配置,如果有需要告诉我要看哪块的我再贴出来
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/login/index.jsp" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="filterProcessesUrl" value="/j_acegi_security_check" />
<property name="authenticationFailureUrl" value="/login/login.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login/index.jsp" />
<property name="forceHttps" value="true" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/login/accessDenied.html" />
</bean>
</property>
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
<bean class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
<property name="allowIfAllAbstainDecisions" value="true"></property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login/**=IS_AUTHENTICATED_ANONYMOUSLY
/console/**=Role_ALL,Role_Most
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
</property>
</bean>
WEB部分:
登录页面:/login/index.jsp
这是它的action:<form action="j_acegi_security_check" method="POST"> 报错[DEBUG]2010-04-29 14:59:54,171 [org.acegisecurity.ui.ExceptionTranslationFilter]-[handleException line:147]
Authentication exception occurred; redirecting to authentication entry point
org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
是在说你的进入系统的验证地址问题吧,把
/login/**=IS_AUTHENTICATED_ANONYMOUSLY去掉试试