始终为Spring返回404 j_spring_security_check

时间:2015-09-27 17:37:19

标签: java spring security authentication login

我尝试使用spring创建一个Web应用程序,并且有一个页面用于验证用户身份并识别用户的角色。但是在我登录后,我总是得到404并且我回顾了我的日志,AuthenticationFilter甚至无法识别用户角色。请帮助我..我花了几天时间,但仍然没有预期的结果。谢谢。

这是我的配置和代码。

的web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/security-context.xml</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


<servlet>
    <servlet-name>user-dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>user-dispatcher</servlet-name>
    <url-pattern>/user/*</url-pattern>
</servlet-mapping>

安全-context.xml中

<http auto-config='true'>
    <intercept-url pattern="/user/operation/Healthcheck"
        access="ROLE_USER" />
    <form-login login-page="/" default-target-url="/"
        authentication-failure-url="/?login=error" />
    <logout logout-success-url="/" />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="tester" password="test" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

我的控制器类

@Controller
@RequestMapping("/operation")
public class UserOperationController {

        @RequestMapping("")
        public ModelAndView home() {
            return new ModelAndView("index");
        }


        @RequestMapping("/Healthcheck")
        public ModelAndView healthCheck() {

            ....Some Operation....

            return new ModelAndView("healthcheck", "result", "positive");
        }
}

的index.jsp

<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>

<c:set var="base" value="${pageContext.request.contextPath }/user/operation/" scope="session"/>
<sec:authentication property="principal" var="auth" scope="session" />

<html>
<body>
<h2>Hello World!</h2>
<h2>${auth }</h2>
<form action="${base }j_spring_security_check" method="post">
    Username:<input type="text" name="j_username" /><br/>
    Password:<input type="password" name="j_password" /><br/>
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> <br/>
    <input type="submit" value="Login" />
</form>
<a href="${base }j_spring_security_logout">Logout</a>
</body>
</html>

我在Tomcat日志中收到的消息

2015-09-28 01:15:57 DEBUG AntPathRequestMatcher:151 - Checking match of request
: '/user/operation/j_spring_security_check'; against '/login'
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi
ty_check at position 7 of 13 in additional filter chain; firing Filter: 'BasicAu
thenticationFilter'
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi
ty_check at position 8 of 13 in additional filter chain; firing Filter: 'Request
CacheAwareFilter'
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi
ty_check at position 9 of 13 in additional filter chain; firing Filter: 'Securit
yContextHolderAwareRequestFilter'
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi
ty_check at position 10 of 13 in additional filter chain; firing Filter: 'Anonym
ousAuthenticationFilter'
2015-09-28 01:15:57 DEBUG AnonymousAuthenticationFilter:100 - Populated Security
ContextHolder with anonymous token: 'org.springframework.security.authentication
.AnonymousAuthenticationToken@6faa1b5a: Principal: anonymousUser; Credentials: [
PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authe
ntication.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; Session
Id: 8DBBBE56C5021B1DC6DC04236AFD7569; Granted Authorities: ROLE_ANONYMOUS'
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi
ty_check at position 11 of 13 in additional filter chain; firing Filter: 'Sessio
nManagementFilter'
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi
ty_check at position 12 of 13 in additional filter chain; firing Filter: 'Except
ionTranslationFilter'
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi
ty_check at position 13 of 13 in additional filter chain; firing Filter: 'Filter
SecurityInterceptor'
2015-09-28 01:15:57 DEBUG AntPathRequestMatcher:151 - Checking match of request
: '/user/operation/j_spring_security_check'; against '/user/operation/healthchec
k'
2015-09-28 01:15:57 DEBUG FilterSecurityInterceptor:209 - Public object - authen
tication not attempted
2015-09-28 01:15:57 DEBUG FilterChainProxy:309 - /user/operation/j_spring_securi
ty_check reached end of additional filter chain; proceeding with original chain
2015-09-28 01:15:57 DEBUG DispatcherServlet:861 - DispatcherServlet with name 'u
ser-dispatcher' processing POST request for [/UsquareAppSource/user/operation/j_
spring_security_check]
2015-09-28 01:15:57 DEBUG RequestMappingHandlerMapping:319 - Looking up handler
method for path /operation/j_spring_security_check
2015-09-28 01:15:57 DEBUG RequestMappingHandlerMapping:329 - Did not find handle
r method for [/operation/j_spring_security_check]
2015-09-28 01:15:57 WARN  PageNotFound:1136 - No mapping found for HTTP request
with URI [/UsquareAppSource/user/operation/j_spring_security_check] in Dispatche
rServlet with name 'user-dispatcher'
2015-09-28 01:15:57 DEBUG HttpSessionSecurityContextRepository:337 - SecurityCon
text is empty or contents are anonymous - context will not be stored in HttpSess
ion.

我怀疑它可能是身份验证管理器问题,因为它在点击登录按钮后甚至无法识别用户角色.... 或者登录页面路径不应与dispatcher-servlet url模式混合使用? 非常感谢

1 个答案:

答案 0 :(得分:1)

感谢M. Deinum

我发现/ j_spring_security_check,j_username和j_password已在4.0.2.RELEASE版本中弃用。

现在我将我的jsp更改为以下内容,现在可以正常工作。

<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>

<sec:authentication property="principal" var="auth" scope="session" />

<html>
<body>
<h2>Hello World!</h2>
<h2>${auth }</h2>
<form action="<c:url value='/login' />" method="POST">
    Username:<input type="text" name="username" /><br/>
    Password:<input type="password" name="password" /><br/>
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> <br/>
    <input type="submit" value="Login" />
</form>
</body>
</html>