FilterChainProxy:/ j_spring_security_check没有匹配的过滤器

时间:2013-12-18 15:19:01

标签: spring spring-mvc spring-security

我正在尝试使用Spring安全默认登录机制,这是我在security.xml文件中配置的

<http pattern="/customer/**" auto-config="true" use-expressions="true" authentication-manager-ref="customerAuthenticationManager">
<intercept-url pattern="/customer" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/*.html" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/*/*.html" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/shop/customer/logon.html*" access="permitAll" />
<intercept-url pattern="/shop/customer/denied.html" access="permitAll"/>
<intercept-url pattern="/shop/customer/j_spring_security_check" access="permitAll"/>

<form-login login-processing-url="/shop/customer/j_spring_security_check" login-page="/shop/home.html"
   authentication-success-handler-ref="webshopAuthenticationSuccessHandler" 
/>
<logout invalidate-session="true" 
            logout-success-url="/customer/home.html" 
            logout-url="/customer/j_spring_security_logout" />
        <access-denied-handler error-page="/customer/denied.html"/>
</http>

这就是我在web.xml

中配置spring security的方法 
<filter>
 <filter-name>springSecurityFilterChain</filter-name>
 <filter-class>
   org.springframework.web.filter.DelegatingFilterProxy
 </filter-class>
</filter>
<filter-mapping>
 <filter-name>springSecurityFilterChain</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

这就是我使用ajax

提交表单的方式 
 var data = $(this).serializeObject();
            $.ajax({
                'type': "POST",
                'url': "<c:url value="/shop/customer/j_spring_security_check"/>",
                'data': data,
               'success': function(result) {
             }
            });
   return false;
 });

但是没有触发身份验证,我收到404错误,但在控制台中看到了以下信息

DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/shop/customer/j_spring_security_check'; against '/admin/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/shop/customer/j_spring_security_check'; against '/customer/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/shop/customer/j_spring_security_check'; against '/shop/services/private/**'
DEBUG org.springframework.security.web.FilterChainProxy: /shop/customer/j_spring_security_check has no matching filters
DEBUG org.springframework.web.servlet.DispatcherServlet: DispatcherServlet with name 'appServlet' processing POST request for [/sm-shop/shop/customer/j_spring_security_check]
DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Looking up handler method for path /shop/customer/j_spring_security_check
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/resources/img/loading.gif'; against '/admin/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/resources/img/loading.gif'; against '/customer/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/resources/img/loading.gif'; against '/shop/services/private/**'

....

DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Did not find handler method for [/shop/customer/j_spring_security_check]
WARN org.springframework.web.servlet.PageNotFound: No mapping found for HTTP request with URI [/sm-shop/shop/customer/j_spring_security_check] in DispatcherServlet with name 'appServlet'

任何想法?

1 个答案:

答案 0 :(得分:3)

  • 您是否有多个http配置?如果没有,则无需指定<http pattern="/customer/**"...>
  • 如果您有多个http配置部分并使用Spring Security 3.1+,请reference

      

    为http元素定义模式控制哪些请求   将通过它定义的过滤器列表进行过滤。

    •   
  这意味着您应该使用相同的模式定义多个安全筛选器,以便Spring将它们分别匹配。而且,如果没有为http定义模式,则默认为您/*中定义的web.xml。因此,如果您没有特定的限制,可能更容易首先测试这是否适用于您在一个元素中具有所有http配置然后扩展到多个元素。

  • 尝试将从最具体的模式配置为更一般的模式
  • 尝试在配置结束时使用通配符选项。
  • 我相信pattern="/customer/*/*.html"的那个应该是pattern="/customer/**/*.html"。缺少一个*

基于我所说的:

<http auto-config="true" use-expressions="true" authentication-manager-ref="customerAuthenticationManager">
<intercept-url pattern="/shop/customer/logon.html*" access="permitAll" />
<intercept-url pattern="/shop/customer/denied.html" access="permitAll"/>
<intercept-url pattern="/shop/customer/j_spring_security_check" access="permitAll"/>
<intercept-url pattern="/customer" access="hasRole('AUTH_CUSTOMER')" />
// XXX: bring in also your /admin configuration before the wildcards
<intercept-url pattern="/customer/*.html" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/**/*.html" access="hasRole('AUTH_CUSTOMER')" />
...

希望这有帮助。

相关问题
最新问题