Spring安全自定义登录错误(未提交登录处理URL)

时间:2015-08-16 20:29:11

标签: java spring spring-mvc spring-security spring-security-acl

我是春天新手。我需要使用spring安全性创建一个登录模块,而在提交表单时使用自定义登录页面没有任何反应,当我调试它时,我发现即使我发送了正确的错误代码400参数。我使用的是Spring 4.0.6.RELEASE和Spring security 4.0.1.RELEASE。

以下是Spring security xml文件,login.jsp和web.xml,提前感谢。

安全context.xml中

<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:security="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">

<security:http pattern="/static/**" security="none" />
<security:http pattern="/assets/**" security="none" />
<security:http pattern="/resources/**" security="none" />
<security:http pattern="/login.jsp*" security="none" />
<security:http pattern="/login" security="none" />
<security:http pattern="/logout" security="none" />
<security:http pattern="/error" security="none" />

<security:http entry-point-ref="authenticaionEntryPoint"
access-decision-manager-ref="accessDecisionManager" use-expressions="true">
    <security:intercept-url pattern="/**"
        access="hasRole('ROLE_USER')" />

    <security:custom-filter position="FORM_LOGIN_FILTER"
        ref="formLoginFilter" />

</security:http>

<beans:bean id="formLoginFilter"
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="filterProcessesUrl" value="/spring_security_check" />
    <beans:property name="usernameParameter" value="username " />
    <beans:property name="passwordParameter" value="password" />
    <beans:property name="authenticationSuccessHandler"
        ref="customSuccessHandler" />
    <beans:property name="authenticationFailureHandler"
        ref="customFailureHandler" />
</beans:bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        user-service-ref='userDetailsService'>
        <password-encoder ref="bCryptPasswordEncoder" />
    </security:authentication-provider>
</security:authentication-manager>

<beans:bean id="authenticaionEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:constructor-arg value="/login" />
</beans:bean>

<beans:bean id="accessDecisionManager"
    class="org.springframework.security.access.vote.AffirmativeBased">
    <beans:constructor-arg>
        <beans:list>
            <beans:bean
                class="org.springframework.security.web.access.expression.WebExpressionVoter" />
            <beans:ref bean="roleVoter" />
            <beans:ref bean="authenticatedVoter" />
        </beans:list>
    </beans:constructor-arg>
</beans:bean>

<beans:bean id="roleVoter"
    class="org.springframework.security.access.vote.RoleVoter">
    <beans:property name="rolePrefix" value="ROLE_" />
</beans:bean>

<beans:bean id="authenticatedVoter"
    class="org.springframework.security.access.vote.AuthenticatedVoter">
</beans:bean>

<beans:bean id="userDetailsService"
    class="com.itus.service.security.CustomSubscriberDetailsService">
</beans:bean>

<beans:bean id='bCryptPasswordEncoder'
    class='org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder'></beans:bean>

<beans:bean id="customSuccessHandler" class="com.itus.web.security.CustomSuccessHandler">
</beans:bean>

<beans:bean id="customFailureHandler" class="com.itus.web.security.CustomFailureHandler">
    <beans:constructor-arg name="defaultFailureUrl"
        value="/login?authenticated=false" />
</beans:bean>

登录页面(login.jsp)

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<style>
.error {
padding: 15px;
margin-bottom: 20px;
border: 1px solid transparent;
border-radius: 4px;
color: #a94442;
background-color: #f2dede;
border-color: #ebccd1;
}
.msg {
padding: 15px;
margin-bottom: 20px;
border: 1px solid transparent;
border-radius: 4px;
color: #31708f;
background-color: #d9edf7;
border-color: #bce8f1;
}
#login-box {
width: 300px;
padding: 20px;
margin: 100px auto;
background: #fff;
-webkit-border-radius: 2px;
-moz-border-radius: 2px;
border: 1px solid #000;
}
</style>
</head>
<body onload='document.loginForm.username.focus();'>
<h1>Spring Security Custom Login Form (Annotation)</h1>
<div id="login-box">
    <h2>Login with Username and Password</h2>
    <c:if test="${not empty error}">
        <div class="error">${error}</div>
    </c:if>
    <c:if test="${not empty msg}">
        <div class="msg">${msg}</div>
    </c:if>

    <form name='loginForm'
        action="<c:url value='/spring_security_check' />" method='POST'>
        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='username' value=''></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type='password' name='password' /></td>
            </tr>
            <tr>
                <td colspan='2'><input name="submit" type="submit"
                    value="submit" /></td>
            </tr>
        </table>

        <input type="hidden" name="${_csrf.parameterName}"
            value="${_csrf.token}" />
    </form>
</div>

的web.xml 

 <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee" 
    xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
    version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee">

    <display-name>Itus</display-name>

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring/applicationContext.xml
            /WEB-INF/spring/security-context.xml
            /WEB-INF/spring/mongo-config.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/spring-servlet.xml</param-value>
        </init-param>
        <init-param>
            <param-name>mappedfile</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    </web-app>

1 个答案:

答案 0 :(得分:0)

在您的Security Context.xml中

<beans:bean id="authenticaionEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg value="/login" /> **<----**

入口点是/ login

在你的jsp文件中 您正尝试使用此&#34; / spring_security_check&#34;

进入

好的,总而言之,你必须尝试使用​​这两个网址。

相关问题
最新问题