Spring安全认证错误

时间:2013-04-27 08:35:05

标签: spring hibernate security spring-security

我有一个已配置的应用程序,因此我可以使用数据库对用户进行身份验证。

尝试使用设置的用户名和密码以用户或管理员身份登录时会出现此错误:

  HTTP Status 404 - /project/login_error.jsp

所以我尝试通过将链接放在导航栏中来查看我的网址是否正常工作,当我使用此链接时,管理页面出现了:

   https://localhost:8443/project/admin

手动输入时会出现其他一些页面,其他页面也不会显示,但会显示错误页面。

另一方面,当我使用它时,主页根本不显示:

 https://localhost:8443/project/home

它不会出现任何错误,只是重定向回登录页面。

除了休眠HQL之外,堆栈跟踪中没有出现错误。

安全配置:

  <global-method-security pre-post-annotations="enabled" />
  <http pattern="/resources/css/**" security="none"/>
  <http pattern="/login.jsp*" security="none"/>

 <http auto-config="true" use-expressions="true" access-denied-page="/denied"   

  authentication-manager-ref="authManager">

    <intercept-url pattern="/**" requires-channel="https" />
    <intercept-url pattern="/index" access="permitAll" requires-

     channel='https'/>
    <intercept-url pattern="/login" access="permitAll" requires-

   channel='https'/>
    <intercept-url pattern='/home' access="hasRole('ROLE_USER')" requires-

   channel='https'/> 
    <intercept-url pattern='/admin' access="hasRole('ROLE_ADMIN')" requires-

   channel='https'/>

    <form-login login-page='/login' login-processing-url='/j_spring_security_check' 
  always-use-default-target="true" default-target-url="/home" authentication-failure-
  url="/login_error.jsp?error=true"/>   

    <logout invalidate-session="true" logout-success-url='/login' /> 
   </http>


<authentication-manager id="authManager">
    <authentication-provider user-service-ref="***UserDetailsService">
    <password-encoder hash="md5"/>
    </authentication-provider>
  </authentication-manager>

<beans:bean id="**UserDetailsService" class="com.**.**.**.**UserDetailsService">
</beans:bean>

控制器

  @Controller
  public class ApplicationController {

    @RequestMapping(value="/home", method = RequestMethod.GET)
        public String home(ModelMap model) {
    logger.info("Download and Upload Page {}.");

    Date date = new Date();
    DateFormat dateFormat = DateFormat.getDateInstance(DateFormat.FULL);
    String formattedDate = dateFormat.format(date);
    model.addAttribute("serverTime", formattedDate );

    return "home";

}


      @RequestMapping(value="/login", method = RequestMethod.GET)
  public String login(ModelMap model) {
    logger.info("This is the login page {}.");

    return "login";

 }

Jsp页面

   <c:url value="/j_spring_security_check" var="loginUrl"/>  
   <form action="${loginUrl}" method="post" >
<label for="j_username">Username</label>
<input id="j_username" name="j_username" type="text" />

<label for="j_password">Password</label>
<input id="j_password" name="j_password" type="password" />

   <input  type="submit"   
   value="Login"/>                              

    </form>

输出中显示的HQL

   Hibernate: select login0_.person_id as person1_1_, login0_1_.manager_id as      

   manager4_1_, login0_1_.email as email1_, login0_1_.name as name1_, login0_.enabled 

   as enabled3_, login0_.password as password3_, login0_.user_id as user5_3_, 

   login0_.username as username3_ from users login0_ inner join person login0_1_ on 

   login0_.person_id=login0_1_.person_id where login0_.username=?

我真的不知道我在这个实现中缺少什么。我会很感激有关问题的任何指示。

修改 - 添加安全过滤器

     <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-
      class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

0 个答案:

没有答案