spring security自定义登录方法发布不支持

时间:2016-08-14 03:46:04

标签: spring security post spring-security

我在我的小项目中采用了Spring security。 我有一个问题,当我尝试使用POST方法提交表单登录时,会引发Spring安全HTTP 405错误(不支持POST)。

以下是我的代码。

Spring Security AppContext:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:mybatis-spring="http://mybatis.org/schema/mybatis-spring"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://mybatis.org/schema/mybatis-spring http://mybatis.org/schema/mybatis-spring-1.2.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.1.xsd">


    <http security="none" pattern="/resources/**" />
    <http security="none" pattern="/home/testpage" />
    <http security="none" pattern="/user/join-form" />
    <http security="none" pattern="/user/join" />
    <http security="none" pattern="/user/activate-user" />
    <http security="none" pattern="/user/login-form" />
    <http security="none" pattern="/user/check-duplication-email" />
    <http security="none" pattern="/user/check-duplication-nickname" />


    <http use-expressions="true" auto-config="true">

        <intercept-url pattern="/home/main" access="permitAll"/>

        <form-login 
            login-page="/user/login-form" 
            default-target-url="/home/main"
            authentication-failure-handler-ref="authenticationFailureHandler"
            username-parameter="email"
            password-parameter="passwd"
            login-processing-url="/user/login"
        />

        <csrf/>

        <logout
            logout-url="/user/logout"
            invalidate-session="true"
            logout-success-url="/user/login-form"
        />

        <session-management>
            <concurrency-control max-sessions="1" expired-url="/" />
        </session-management>
    </http>

    <authentication-manager>
        <authentication-provider ref="authenticationProvider" />
    </authentication-manager>

    <beans:beans profile="common">
        <beans:bean id="authenticationProvider" class="com.winsplay.whiteboard.web.auth.CustomAuthenticationProvider" >
            <beans:property name="userSecurityService" ref="userSecurityService" />
        </beans:bean>

        <beans:bean id="authenticationFailureHandler" class="com.winsplay.whiteboard.web.auth.CustomAuthenticationFailureHandler" />

        <beans:bean id="userSecurityService" class="com.winsplay.whiteboard.web.auth.UserSecurityServiceImpl" />
        <mybatis-spring:scan base-package="com.winsplay.whiteboard.web.auth" annotation="org.springframework.stereotype.Repository"/>
    </beans:beans>

</beans:beans>

JSP登录表单:

<c:if test="${anonymous}">
    <div id="login-popup">
        <p class="info">login</p>

        <hr />



            <form:form action="${pageContext.request.contextPath}/user/login" method="post">
                <sec:csrfInput/>
                <p><form:errors /></p>
                <table>
                    <tbody>
                        <tr>
                            <td style="text-align:right;"><p class="input-header">email</p></td>
                            <td>
                                <input type="email" class="myinput" name="email" placeholder="abc@abc.com" />
                            </td>
                            <td rowspan="2" style="vertical-align:top;">
                                <input type="image" style="position:relative; top:-10px;" src="${pageContext.request.contextPath}/resources/img/btn_login.JPG" alt="btn_login" title="login" />
                            </td>
                        </tr>
                        <tr >
                            <td style="text-align:right;"><p class="input-header">password</p></td>
                            <td>
                                <input type="password" class="myinput" name="passwd" />
                            </td>
                        </tr>

                    </tbody>
                </table>

                <div style="text-align:right; margin-right:100px; margin-top:30px;">
                    <a class="my-btn" href="${pageContext.request.contextPath}/user/find-password">find password</a>
                    <a class="my-btn close-lightbox" href="#">close</a>             
                </div>

            </form:form>





        <hr />
    </div>
</c:if>

如何发送POST方法登录?

提前致谢。

&lt; http security =“none”...&gt; thingy用于调试

2 个答案:

答案 0 :(得分:0)

根据您的安全设置,您应该更改此内容:

login-processing-url="/user/login"

到此:

login-processing-url="/login"login-processing-url="/j_spring_security_check"

并将您的登录表单操作更改为:

/login/j_spring_security_check取决于您的设置。

这是因为spring无法找到令牌处理过滤器,如果你更改了,那么spring将直接转到你的CustomAuthenticationProvider

p / s:如果您的表单找不到操作网址,则可以使用cspring代码库。

答案 1 :(得分:0)

问题解决了。

POST不支持问题来自AuthenticationFailureHandler,它调用&#34; setUseForward(true)&#34;在我的代码中。

首先,我向服务层提供了错误的密码参数,并返回false,导致抛出BadCredentialException。例外是转发到AuthenticationFailureHandler。自从我定制了课程后,我打电话给#34; setUseForward(true)&#34;它使用POST方法转发请求,并且持有URL的控制器不接受POST方法。

以下代码是一个实际原因。

@RequestMapping("...", method = RequestMethod.GET)
相关问题
最新问题