我在春天使用oauth2。但是,表单登录不再可用。网址“/ j_spring_login”和“/ j_spring_login_check”不可用。
springMVC.xml:
<!-- 自动扫描的包名 -->
<context:component-scan
base-package="com.sdp.hibernate.model.,com.sdp.hibernate.dao.,com.sdp.controller.,com.sdp.jsoncontroller."></context:component-scan>
<!-- 默认的注解映射的支持 -->
<mvc:annotation-driven />
<!-- 视图解释类 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/> <property name="suffix" value=".jsp"/>
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"
/> </bean> -->
<!-- 拦截器 <mvc:interceptors> <bean class="com.sdp.inteceptor.MyInteceptor"
/> </mvc:interceptors> -->
<!-- 对静态资源文件的访问 方案一 (二选一) <mvc:default-servlet-handler/> -->
<!-- 对静态资源文件的访问 方案二 (二选一) -->
<mvc:resources mapping="/img/**" location="/img/"
cache-period="31556926" />
<mvc:resources mapping="/js/**" location="/js/"
cache-period="31556926" />
<mvc:resources mapping="/css/**" location="/css/"
cache-period="31556926" />
<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url"
value="jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf-8" />
<property name="username" value="root" />
<property name="password" value="dangerous" />
<property name="maxIdle" value="30" />
<property name="defaultAutoCommit" value="true" />
<property name="removeAbandonedTimeout" value="60" />
</bean>
<!-- Hibernate配置 -->
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="configLocation" value="classpath:hibernate.cfg.xml" />
<property name="packagesToScan">
<list>
<value>com.sdp.hibernate.model</value>
</list>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.velocity.VelocityViewResolver">
<property name="cache" value="true"></property>
<property name="suffix" value=".html" />
<property name="contentType" value="text/html; charset=UTF-8" />
</bean>
<bean id="velocityConfig"
class="org.springframework.web.servlet.view.velocity.VelocityConfigurer">
<property name="resourceLoaderPath" value="/templates/" />
<!-- <property name="configLocation" value="classpath:velocity.properties"/> -->
<property name="velocityProperties">
<props>
<prop key="output.encoding">UTF-8</prop>
<prop key="input.encoding">UTF-8</prop>
</props>
</property>
</bean>
<!-- oauth -->
<import resource="spring-servlet.xml" />
这是spring-servlet.xml:
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<!-- <property name="realmName" value="springsec/client" /> -->
</bean>
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</bean>
<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.htm"></property>
</bean>
<bean id="oauthUserApprovalHandler" class="org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler">
</bean>
<http pattern="/oauth/**" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security" auto-config="true">
<anonymous enabled="false"/>
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<!--
<http pattern="/v1/*" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
-->
<http pattern="/v1/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern='/v1/**' access="ROLE_USER"/>
<intercept-url pattern='/v1/protected/**' access="IS_AUTHENTICATED_FULLY"/>
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<http pattern="/resources/**" auto-config="true"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern='/resources/**' access="ROLE_USER"/>
</http>
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager"/>
</bean>
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="client-details-user-service"/>
</authentication-manager>
<bean id="client-details-user-service" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="client-details-service" />
</bean>
<oauth:client-details-service id="client-details-service">
<!-- Allow access to test clients -->
<oauth:client
client-id="353b302c44574f565045687e534e7d6a"
secret="286924697e615a672a646a493545646c"
authorized-grant-types="password,refresh_token"
authorities="ROLE_USER"
access-token-validity="30000"
autoapprove = "true"
refresh-token-validity="30000"
scope="read, write"
/>
<!-- Web Application clients -->
<oauth:client
client-id="7b5a38705d7b3562655925406a652e32"
secret="655f523128212d6e70634446224c2a48"
authorized-grant-types="password,refresh_token"
authorities="ROLE_WEB"
access-token-validity="30000"
refresh-token-validity="30000"
/>
<!-- iOS clients -->
<oauth:client
client-id="5e572e694e4d61763b567059273a4d3d"
secret="316457735c4055642744596b302e2151"
authorized-grant-types="password,refresh_token"
authorities="ROLE_IOS"
access-token-validity="30000"
refresh-token-validity="30000"
/>
<!-- Android clients -->
<oauth:client
client-id="302a7d556175264c7e5b326827497349"
secret="4770414c283a20347c7b553650425773"
authorized-grant-types="password,refresh_token"
authorities="ROLE_ANDROID"
access-token-validity="30000"
refresh-token-validity="30000"
/>
</oauth:client-details-service>
<bean id="passwordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder"/>
<authentication-manager alias="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<!-- <authentication-provider user-service-ref="clientDetailsUserService" /> -->
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"/>
<!--
<user-service id="userDetailsService">
<user name="marissa" password="koala" authorities="ROLE_TEST" />
<user name="paul" password="emu" authorities="ROLE_GUEST" />
</user-service>
-->
</authentication-provider>
</authentication-manager>
<!-- Used for the persistenceof tokens (currently an in memory implementation) -->
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
<constructor-arg ref="dataSource"></constructor-arg>
</bean>
<!-- Used to create token and and every thing about them except for their persistence that is reposibility of TokenStore (Given here is a default implementation) -->
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="accessTokenValiditySeconds" value="300000"></property>
<property name="clientDetailsService" ref="client-details-service" />
</bean>
<oauth:resource-server id="resourceServerFilter" token-services-ref="tokenServices"/>
<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
<sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
感谢您的帮助