我在我的一个示例应用程序中尝试了Spring MVC登录功能。但是,它总是重定向到登录页面。
以下是我的代码: 的应用的security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin/login" access="permitAll" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_USER')" />
<form-login login-page="/admin/login" default-target-url="/admin/student" authentication-failure-url="/admin/login/failed" />
<logout logout-success-url="/" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="roul@gmail.com" password="passw0rd" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
AuthenticationController.java
package com.spring.schoolmangement;
import java.util.Locale;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
/**
* Handles requests for for user authentication.
*/
@Controller
public class AuthenticationController {
/**
* Simply selects the home view to render by returning its name.
*/
@RequestMapping(value = {"/admin/login", "/admin/login/"}, method = RequestMethod.GET)
public String displayLogin(Locale locale, Model model) {
return "login-form";
}
@RequestMapping(value = {"/admin/login/failed", "/admin/login/failed/"}, method = RequestMethod.GET)
public String validateLogin(Locale locale, Model model) {
model.addAttribute("error", true);
return "login-form";
}
}
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/application-security.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
最后这是我的login.jsp页面:
<jsp:directive.page import="java.util.Calendar" />
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<div class="row">
<div class="col-sm-6 col-md-4 col-md-offset-4">
<div class="account-wall">
<img class="profile-img" src="https://lh5.googleusercontent.com/-b0-k99FZlyE/AAAAAAAAAAI/AAAAAAAAAAA/eu7opA4byxI/photo.jpg?sz=120" alt="User" />
<form class="form-signin" name="f" action="<c:url value='j_spring_security_check'/>" method="POST">
<%-- <c:if test="${not empty param.login_error}"> --%>
<font color="red"> ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</font>
<%-- </c:if> --%>
<input type="text" class="form-control" placeholder="Email" name="j_username" required autofocus />
<input type="password" class="form-control" placeholder="Password" name='j_password' required />
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<label class="checkbox pull-left">
<input type="checkbox" value="remember-me">Remember me
</label>
<a href="#" class="pull-right need-help">Need help? </a><span class="clearfix"></span>
</form>
</div>
</div>
</div>
答案 0 :(得分:0)
最后我想出了我正在做的错误。以下是我在登录视图中所做的更改。
<强>此前:
<form class="form-signin" name="f" action="<c:url value='j_spring_security_check'/>" method="POST">
立即
<form class="form-signin" name="f" action="<c:url value='/j_spring_security_check'/>" method="POST">
这意味着我在帖子操作网址中缺少“/”。非常愚蠢的错误。
我还修改了我的application-security.xml以获得完整的登录功能,如下所示:
<http pattern="/resources/**" security="none" />
<http pattern="/admin/login" security="none" />
<http pattern="/admin/login/failed" security="none" />
<http pattern="/admin/login/invalidsession" security="none" />
<http auto-config="true" use-expressions="false">
<intercept-url pattern="/admin/**" access="ROLE_USER" />
<form-login login-page="/admin/login" default-target-url="/admin/student" authentication-failure-url="/admin/login/failed" />
<session-management invalid-session-url="/admin/login/invalidsession" />
<logout logout-success-url="/admin/login" delete-cookies="JSESSIONID" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="roul" password="roul" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>