我试图通过自定义登录和自定义登录来关注Spring Security的示例。不确定我在哪里犯了错误,但我无法弄清楚为什么自定义表单登录不起作用。无需身份验证即可将页面重定向到受保护资源。
该项目使用spring-data-jpa来获取要在视图中显示的数据。
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>spring-security2</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- The front controller of this Spring Web application, responsible for handling all application requests -->
<servlet>
<servlet-name>springDispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map all requests to the DispatcherServlet for handling -->
<servlet-mapping>
<servlet-name>springDispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- needed for ContextLoaderListener -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/security-context.xml</param-value>
</context-param>
<!-- Bootstraps the root web application context before servlet initialization -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
调度-servlet.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<context:component-scan base-package="domain.app"/>
<mvc:annotation-driven/>
<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/view/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<mvc:resources location="/resources/" mapping="/resources/**"/>
</beans>
安全-context.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:http auto-config="true" use-expressions="false" >
<security:form-login
login-page="/login"
login-processing-url="/login"
username-parameter="custom_username"
password-parameter="custom_password"
authentication-failure-url="/login?error=true"/>
<security:intercept-url pattern="/films/*" access="ROLE_USER"/>
<security:intercept-url pattern="/login/*" access="ROLE_ANONYMOUS, ROLE_USER"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="password" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
控制器
@Controller
public class FilmController {
@Autowired
private FilmRepository repository;
@RequestMapping("/")
public String film(Model model) {
model.addAttribute("films", repository.findAll());
return "film";
}
@RequestMapping("/films")
public String popularFilms(Model model) {
model.addAttribute("films", repository.findByCategory("Popular"));
return "films";
}
@RequestMapping(value="/login", method=RequestMethod.GET)
public String login() {
return "login";
}
}
的login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
</head>
<body>
<c:url value="/login" var="loginVar" />
<form action="${loginVar}" method="post">
<div class="form-group">
<label for="username">Email address</label>
<input type="text" class="form-control" name="custom_username"
placeholder="username">
</div>
<div class="form-group">
<label for="password">Password</label> <input
type="password" class="form-control" name="custom_password"
placeholder="Password">
</div>
<c:if test="${param.error != null}">
<span class="label label-danger">Invalid username or password</span>
</c:if>
<button type="submit" class="btn btn-default">Submit</button>
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</body>
</html>
答案 0 :(得分:0)
您没有RequestMapping来处理POST至/login,但您已指定它具有login-processing-url。
然后尝试更改
<security:intercept-url pattern="/login/*" access="ROLE_ANONYMOUS, ROLE_USER"/>
到
<security:intercept-url pattern="/login**" access="ROLE_ANONYMOUS"/>
答案 1 :(得分:0)
我以前见过这个,而且我总是怀疑使用登录页面和登录处理网址相同的映射这一事实。我的配置中没有看到任何其他问题,所以我会开始尝试更改其中一个映射,例如这样:
<security:form-login
login-page="/login"
login-processing-url="/performLogin"
...
如果您尝试这种方式,请记住将登录表单操作更改为指向新的login-processing-url端点。
答案 2 :(得分:-1)
您已定义
@RequestMapping(value="/login", method=RequestMethod.GET)
public String login() {
return "login";
}
但登录表单提交是POST调用。因此,根据逻辑,您没有定义任何处理POST / login
的调用