这是在eclipse中使用spring security的Spring web mvc登录系统的代码。
的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
WEB-INF/springsecurity-servlet.xml,
WEB-INF/spring-sec.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>springsecurity</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springsecurity</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
</web-app>
springsecurity-servlet.xml中:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd"
xmlns:mvc="http://www.springframework.org/schema/mvc">
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
<context:annotation-config />
<context:component-scan base-package="SpringSecurity" />
<mvc:annotation-driven />
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="index.htm">indexController</prop>
</props>
</property>
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/view/"
p:suffix=".jsp" />
<!--
The index controller.
-->
<bean name="indexController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController"
p:viewName="index" />
</beans>
弹簧sec.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login*" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
login-processing-url="/j_spring_security_check"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="j_username"
password-parameter="j_password" />
<logout logout-success-url="/login?logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abcd" password="abcd" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
的login.jsp:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<c:url value="j_spring_security_check" var="loginurl" />
<form action="${loginurl}" method="POST">
<table>
<tr>
<td colspan="2" align="center">Already have an account - Login</td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" id="j_username" name="j_username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" id="j_password" name="j_password" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Login" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<a href="${pageontext.request.contextPath }/forgotpassword">Forgot Password</a>
</td>
</tr>
</table>
</form>
<span class="error">${loginMessage}</span>
LoginController.java:
@Controller
public class LoginController {
@RequestMapping("/login")
public ModelAndView indexController(ModelMap model)
{
return new ModelAndView("login", "welcomeMessage","Hello Guest! welcome to our site");
}
}
使用的图书馆:
antlr-2.7.7
aopalliance-1.0
classmate-1.0.0
commons-beanutils-1.8.0
commons-digester-2.0
commons-fileupload-1.3.1
commons-io-2.4
commons-logging-1.2
dom4j-1.6.1
hibernate-commons-annotations-4.0.5.Final
hibernate-core-4.3.10.Final
hibernate-jpa-2.1-api-1.0.0.Final
hibernate-validator-5.1.3.Final
jackson-annotations-2.5.0
jackson-core-2.5.0
jackson-databind-2.5.0
jandex-1.1.0.Final
javassist-3.18.1-GA
javax.servlet-api-3.1.0
javax.servlet.jsp-api-2.3.1
jboss-logging-3.1.3.GA
jboss-logging-annotations-1.2.0.Beta1
jboss-transaction-api_1.2_spec-1.0.0.Final
jcl-over-slf4j-1.7.6
jstl-1.2
mysql-connector-java-5.1.38
slf4j-api-1.7.6
spring-aop-4.1.1.RELEASE-javadoc
spring-aop-4.1.1.RELEASE-sources
spring-aop-4.1.1.RELEASE
spring-aop-4.1.7.RELEASE
spring-aspects-4.1.1.RELEASE-javadoc
spring-aspects-4.1.1.RELEASE-sources
spring-aspects-4.1.1.RELEASE
spring-beans-4.1.1.RELEASE-javadoc
spring-beans-4.1.1.RELEASE-sources
spring-beans-4.1.1.RELEASE
spring-beans-4.1.7.RELEASE
spring-context-4.1.1.RELEASE-javadoc
spring-context-4.1.1.RELEASE-sources
spring-context-4.1.1.RELEASE
spring-context-4.1.7.RELEASE
spring-context-support-4.1.1.RELEASE-javadoc
spring-context-support-4.1.1.RELEASE-sources
spring-context-support-4.1.1.RELEASE
spring-core-4.1.1.RELEASE-javadoc
spring-core-4.1.1.RELEASE-sources
spring-core-4.1.1.RELEASE
spring-core-4.1.7.RELEASE
spring-expression-4.1.1.RELEASE-javadoc
spring-expression-4.1.1.RELEASE-sources
spring-expression-4.1.1.RELEASE
spring-expression-4.1.7.RELEASE
spring-instrument-4.1.1.RELEASE-javadoc
spring-instrument-4.1.1.RELEASE-sources
spring-instrument-4.1.1.RELEASE
spring-instrument-tomcat-4.1.1.RELEASE-javadoc
spring-instrument-tomcat-4.1.1.RELEASE-sources
spring-instrument-tomcat-4.1.1.RELEASE
spring-jdbc-4.1.1.RELEASE-javadoc
spring-jdbc-4.1.1.RELEASE-sources
spring-jdbc-4.1.1.RELEASE
spring-jdbc-4.1.7.RELEASE
spring-jms-4.1.1.RELEASE-javadoc
spring-jms-4.1.1.RELEASE-sources
spring-jms-4.1.1.RELEASE
spring-messaging-4.1.1.RELEASE-javadoc
spring-messaging-4.1.1.RELEASE-sources
spring-messaging-4.1.1.RELEASE
spring-orm-4.1.1.RELEASE-javadoc
spring-orm-4.1.1.RELEASE-sources
spring-orm-4.1.1.RELEASE
spring-orm-4.1.7.RELEASE
spring-oxm-4.1.1.RELEASE-javadoc
spring-oxm-4.1.1.RELEASE-sources
spring-oxm-4.1.1.RELEASE
spring-security-config-4.0.2.RELEASE
spring-security-core-4.0.2.RELEASE
spring-security-web-4.0.2.RELEASE
spring-test-4.1.1.RELEASE-javadoc
spring-test-4.1.1.RELEASE-sources
spring-test-4.1.1.RELEASE
spring-tx-4.1.1.RELEASE-javadoc
spring-tx-4.1.1.RELEASE-sources
spring-tx-4.1.1.RELEASE
spring-tx-4.1.7.RELEASE
spring-web-4.1.1.RELEASE-javadoc
spring-web-4.1.1.RELEASE-sources
spring-web-4.1.1.RELEASE
spring-web-4.1.7.RELEASE
spring-webmvc-4.1.1.RELEASE-javadoc
spring-webmvc-4.1.1.RELEASE-sources
spring-webmvc-4.1.1.RELEASE
spring-webmvc-4.1.7.RELEASE
spring-webmvc-portlet-4.1.1.RELEASE-javadoc
spring-webmvc-portlet-4.1.1.RELEASE-sources
spring-webmvc-portlet-4.1.1.RELEASE
spring-websocket-4.1.1.RELEASE-javadoc
spring-websocket-4.1.1.RELEASE-sources
spring-websocket-4.1.1.RELEASE
tiles-api-3.0.5
tiles-autotag-core-runtime-1.1.0
tiles-compat-3.0.5
tiles-core-3.0.5
tiles-el-3.0.5
tiles-extras-3.0.5
tiles-freemarker-3.0.5
tiles-jsp-3.0.5
tiles-mvel-3.0.5
tiles-ognl-3.0.5
tiles-request-api-1.0.6
tiles-request-freemarker-1.0.6
tiles-request-jsp-1.0.6
tiles-request-mustache-1.0.6
tiles-request-servlet-1.0.6
tiles-request-servlet-wildcard-1.0.6
tiles-request-velocity-1.0.6
tiles-servlet-3.0.5
tiles-template-3.0.5
tiles-velocity-3.0.5
validation-api-1.1.0.Final
xml-apis-1.0.b2
错误:
HTTP Status 404 -
type Status report
message
description The requested resource is not available.
Apache Tomcat/7.0.41
Eclipse项目
https://jumpshare.com/v/LQ8M1Bn7lBYGEBE100cb
我没有找到问题的根本原因。我努力了,但每次我都得到同样的错误。是库不兼容还是其他一些错误?
如果你能找到错误,我会给你完整的项目进行测试。
由于
答案 0 :(得分:1)
您的页面上已包含以下Spring表单taglib:
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>)
如果您在JSP中使用Springs <form:form>标记而不是标准HTML <form>,则会自动将(强烈推荐的)CSRF令牌添加到您的。
这样会更安全,也是一种很好的做法,而不是禁用该功能。
或者,如果您想使用标准HTML <form>,可以添加以下隐藏字段,Spring Security将处理其余内容:
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
答案 1 :(得分:0)
最后,我得到了解决方案。我必须把
<csrf disabled="true" />
password-parameter="j_password" />之后使其正常工作。