弹性安全 - 始终运行到身份验证失败 - 网址

时间:2015-03-11 06:35:59

标签: java spring spring-mvc spring-security

我是Spring安全的新手,我正在通过编写一些示例代码来学习它。但问题是securityContext总是将我重定向到authentication-failure-url。无法理解代码有什么问题。

这里是片段

SecurityContext.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<http auto-config="true">
    <intercept-url pattern="/userhome**" access="ROLE_USER" />
    <form-login login-page="/"
        login-processing-url="/login"
        username-parameter="username"
        password-parameter="password" 
        default-target-url="/userhome" 
        authentication-failure-url="/login.do?error" 
        always-use-default-target="true"
         />

    <logout logout-success-url="/login.do?logout" />





    <!-- enable csrf protection -->
    <csrf />
</http>

<authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="u" password="u" authorities="ROLE_USER" />
      </user-service>
    </authentication-provider>
</authentication-manager>

控制器类:UsersLoginController 

import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class UsersLoginController {


@RequestMapping(value = "/login.do", method = RequestMethod.GET)
public ModelAndView login(@RequestParam(value = "error", required = false) String error,@RequestParam(value = "logout", required = false) String logout , HttpServletRequest request) {

    System.out.println(request.getParameter("username"));
    System.out.println(error);

    ModelAndView model = new ModelAndView();
    if (error != null) {
        model.addObject("error", "Invalid username and password!");
    }

    if (logout != null) {
        model.addObject("msg", "You've been logged out successfully.");
    }
    model.setViewName("/index");



    return model;

}


@RequestMapping(value = "/userhome", method = RequestMethod.GET)
public ModelAndView userhome() {

    ModelAndView model = new ModelAndView();

    model.setViewName("/WEB-INF/jsp/LoginCheck/UserHome");



    return model;

}




}

index.jsp 

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="core" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body>

<form:form action="./login" method="GET" >

<table align="Center">

<tr><td id="tdlogin">Email Address</td><td><input type=text name="username" id="username"/> </td></tr>
<tr><td id="tdlogin">Password</td><td><input type=text name="password" id="password"/> </td></tr>

<tr><td></td><td><input type="checkbox" name="staySignIn" value="staySignIn"> Stay Sign In </td></tr>
<tr><td></td><td><input type="Submit" id="Submit" Value="SUMBIT"> </td></tr>

</table>

</form:form>

    <core:if test="${not empty error}">
        <div class="error">${error}</div>
    </core:if>
    <core:if test="${not empty msg}">
        <div class="msg">${msg}</div>
    </core:if>

</body>
</html>

任何有关如何使事情发挥作用的建议将不胜感激。

提前感谢。

2 个答案:

答案 0 :(得分:2)

您的登录处理网址为/login,您在登录页面上的GET而不是POST转到/login.do。纠正这个

<form-login login-page="/"
        login-processing-url="/login"
        username-parameter="username"
        password-parameter="password" 
        default-target-url="/userhome" 
        authentication-failure-url="/login.do?error" 
        always-use-default-target="true"
         />

登录表格也必须更改

<form:form action="/login" method="POST" >

<table align="Center">

<tr><td id="tdlogin">Email Address</td><td><input type=text name="username" id="username"/> </td></tr>
<tr><td id="tdlogin">Password</td><td><input type=text name="password" id="password"/> </td></tr>

<tr><td></td><td><input type="checkbox" name="staySignIn" value="staySignIn"> Stay Sign In </td></tr>
<tr><td></td><td><input type="Submit" id="Submit" Value="SUMBIT"> </td></tr>

</table>

</form:form>

    <core:if test="${not empty error}">
        <div class="error">${error}</div>
    </core:if>
    <core:if test="${not empty msg}">
        <div class="msg">${msg}</div>
    </core:if>

</body>
</html>

答案 1 :(得分:1)

mvc config中的用户名和密码参数名是否正确?

    username-parameter="username" password-parameter="password"

这是一个非常好的教程

http://www.journaldev.com/2736/spring-mvc-security-example-using-in-memory-userdetailsservice-and-jdbc-authentication

相关问题
最新问题