我的网络应用程序中发生的最奇怪的事情。以下是web.xml的<security-constraint>部分:
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-secure resources</web-resource-name>
<url-pattern>/js/*</url-pattern>
<url-pattern>/theme/*</url-pattern>
<url-pattern>/login.jsp</url-pattern>
<url-pattern>/logout.faces</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure resources</web-resource-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>/fragments/*</url-pattern>
<url-pattern>/pages/*</url-pattern>
<url-pattern>*.faces</url-pattern>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>AllAuthenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>map</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>AllAuthenticated</role-name>
</security-role>
当用户通过http://<host-name>/<context-path>/访问应用程序时,用户将转到登录页面,成功登录后一切正常。但是,如果用户通过http://<host-name>/<context-path>/login.jsp访问应用程序,则在成功登录后,用户会收到404错误消息,并且浏览器中的URL为http://<host-name>/<context-path>/j_security_check。
任何人都知道为什么会这样,我怎么能阻止它?
答案 0 :(得分:0)
您必须将这些行添加到您的web.xml:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
答案 1 :(得分:0)
您应该在web.xml中添加此元素。
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/j_security_check</url-pattern>
</servlet-mapping>