我已经使用Spring MVC,Restful webservices为移动客户端实现了服务器后端。我想用Spring安全保护应用程序。我已经放置了一个自定义的login.jsp来处理登录,如下所示。
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Custom Page)</h3>
<c:if test="${not empty error}">
<div class="errorblock">
Your login attempt was not successful, try again.<br /> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
我的web.xml如下。
<display-name>Spring MVC Application</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security-context.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security-context.xml如下所示。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/getHierarchy" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/getHierarchy"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
但我在日食时收到警告
在Java Build Path中找不到“c:if”(org.apache.taglibs.standard.tag.rt.core.IfTag)的标记处理程序类
当我提交表单时,在j_spring_security_check上找到一个未找到的错误。我在类路径中包含了jstl1.2。即使我已经包含了taglib,为什么我还没有找到标记处理程序警告?
答案 0 :(得分:1)
为什么即使我已添加taglib,也会收到标记处理程序未找到警告?
应该部署到服务器的Eclipse Dynamic Web Project中的jar必须位于\myProject\WebContent\WEB-INF\libs
(不在\ myProject \ webapp \ WEB-INF \ lib中)
在Eclipse Dynamic Web Project中,此文件夹中的jar将自动附加到您的构建路径,您不能手动添加它们。
在提交表单时,在j_spring_security_check上发现未找到错误:
检查您是否已将登录页面映射到网址/login
,只需在浏览器中输入网址即可对其进行测试
其他提示
另一件可能不太理想的事情就是这句话
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
尝试以这种方式编写:
<c:url value='j_spring_security_check' var='loginUrl'/>
<form name='f' action="${loginUrl}" method='POST'>
这避免了这两个标签的讨厌编织。也许问题只是日食编辑器有点困惑。