我正在尝试一个简单的Spring Security自定义登录页面示例,但总是在浏览器中找不到404错误的页面。如果有人能指出我做错了什么,会很高兴。
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>mvc-config</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
的security.xml
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns ="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http pattern="/resources/**" security="none"/>
<http auto-config="true">
<intercept-url pattern="/events/" access="ROLE_ADMIN"/>
<intercept-url pattern="/login/form" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/logout" access="ROLE_ANONYMOUS,ROLE_USER"/>
<intercept-url pattern="/" access="ROLE_ANONYMOUS,ROLE_USER"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
<form-login login-page="/login/form"
login-processing-url="/login"
username-parameter="username"
password-parameter="password"
authentication-failure-url="/login/form?error"
default-target-url="/default"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user1@example.com" password="user1" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</bean:beans>
MVC-config.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd"
>
<context:component-scan base-package="com.springsec.config"/>
<context:annotation-config />
<mvc:annotation-driven/>
</beans>
使用视图控制器注册表注册视图
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
public class WebMvcConfig extends WebMvcConfigurationSupport {
@Override
public void addViewControllers(ViewControllerRegistry v) {
v.addViewController("/login/form").setViewName("login");
}
}
登录页面
<?xml version="1.0" encoding="UTF-8"?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<c:set var="pageTitle" value="Please Login" scope="request"/>
<c:url value="/login" var="loginUrl"/>
<form action="${loginUrl}" method="post">
<c:if test="${param.error != null}">
<div class="alert alert-error">
Failed to login.
<c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.
message}" />
</c:if>
</div>
</c:if>
<c:if test="${param.logout != null}">
<div class="alert alert-success">
You have been logged out.
</div>
</c:if>
<c:if test="${param.logout != null}">
<div class="alert alert-success">
You have been logged out.
</div>
</c:if>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
<div class="form-actions">
<input id="submit" class="btn" name="submit" type="submit"
value="Login"/>
</div>
</form>
当我删除security.xml中的<form-login>
标记时,默认登录页面即将出现,我可以使用凭据和登录,但自定义登录页面最终会以404结尾。将会满意任何建议/更正。
答案 0 :(得分:0)
您可能没有配置视图解析程序,或者配置不正确。因此,Spring会在src / main / webapp目录的根目录中查找login.jsp。
要设置视图解析器,请将以下内容添加到mvc-config.xml:
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/views/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
使用此示例config Spring将在/WEB-INF/views/login.jsp中查找您的视图
根据您的目录结构更改此内容。
答案 1 :(得分:0)
虽然这个问题已经差不多两年了,但我花了太多时间用Spring MVC 4.3.14和Spring Security 4.2.4来解决这个问题。我不认为Spring Security文档中的自定义登录页面XML配置正如宣传的那样工作。当然,我远离春天的专家。
无论如何,我的配置与你的配置相似(以及我在过去24小时内读过的许多其他配置)。一些可能值得注意的差异是我的&#39; contextConfigLocation&#39;在&#39; web.xml&#39;中设置:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/dispatcher-servlet.xml
/WEB-INF/spring/security.xml
</param-value>
</context-param>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
和我的http标记位于&#39; security.xml&#39;:
<http>
<intercept-url pattern="/login*" access="isAnonymous()" />
<intercept-url pattern="/**" access="hasRole('USER')" />
<form-login login-page="/login" authentication-failure-url="/login?error"/>
<logout logout-success-url="/login?logout" />
</http>
设置之后,最终为我解决的是在&#39; dispatcher-servlet.xml&#39;中为自定义登录页面注册一个隐式(?)控制器:
<mvc:view-controller path="/login" view-name="auth/login"/>
我的&#39; login.jsp&#39;对于我的项目在/ WEB-INF / views / auth /,我有一个非常标准的视图解析器设置:
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
我发现的Spring Security文档自定义登录页面示例没有提到隐式控制器,但可能它位于文档中的其他位置。
我在本教程中找到了它: http://www.baeldung.com/spring-mvc-tutorial
希望这可以帮助找到它的人。