Question

我的用户名为sajjad，密码为200200：

<security:http auto-config="true" use-expressions="true">
    <security:intercept-url pattern="/hello/" access="hasRole('ROLE_USER')"/>
    <security:form-login login-page="/myLogin.jsp"
                         default-target-url="/pages/index.jsp"
                         login-processing-url="/j_spring_security_check"
                         authentication-failure-url="/myLogin.jsp?error=1"
                         username-parameter="username" password-parameter="password"/>
    <security:csrf disabled="true"/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="sajjad" authorities="ROLE_USER" password="200200"/>
    </security:authentication-provider>
</security:authentication-manager>

这是myLogin.jsp：

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
</head>
<body>

<form action="<c:url value='/j_spring_security_check' />" method="POST">
    <label for="username">User Name:</label>
    <input id="username" name="j_username" type="text"/>
    <label for="password">Password:</label>
    <input id="password" name="j_password" type="password"/>
    <input type="submit" value="Log In"/>
</form>
</body>
</html>

但是当我输入正确的username/password并提交表单时，它会显示failure-url并且不会对用户进行身份验证。

web.xml

<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/security-config.xml
        /WEB-INF/dispatcher-servlet.xml
    </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Answer 1

您已在安全配置中更改了username参数和密码参数。但在表单中，您使用的是默认值。将表单中输入的名称更改为＆＃34; username＆＃34;和＃34;密码＆＃34;并再次检查。

Spring安全性不会对用户进行身份验证

1 个答案: