j_spring_security_check在Tomcat上返回404但在Jetty

时间:2016-12-13 02:03:37

标签: spring spring-mvc spring-security

我有基于表单登录的基本Spring安全设置。将我的登录操作提交给j_spring_security_check时,它可以在Jetty上运行,但在Tomcat(7& 8)上使用404代码失败。我使用的是Spring 3.2。

因此,提交至 服务器:port / app / j_spring_security_check 会返回404响应。

我的安全性http设置如下所示:

<security:http >
        <security:form-login login-page="/login.jsp"
                             username-parameter="j_username"
                             password-parameter="j_password" />
        <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
        <security:custom-filter position="PRE_AUTH_FILTER" ref="springAccessManagerAuthenticationFilter"/>
        <security:intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>        
        <security:session-management></security:session-management>
        <security:headers>
            <security:cache-control/>
            <security:xss-protection/>
            <security:hsts/>
            <security:frame-options/>
            <security:content-type-options/>
        </security:headers>
    </security:http>

登录页面如下所示:

<%@ include file="/WEB-INF/jsp/tags.jsp"%>
<%@page session="false" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <title>Login</title>
    </head>

    <body id="login">       
        <form method="POST" action="<c:url value='j_spring_security_check' />"
              id="loginForm" autocomplete="off">
            Username : <input id="username" type="text" size="15" maxlength="60" name="j_username"><br><br>
            Password : <input id="password" type="password" size="15" maxlength="60" name="j_password"><br><br>
            <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
            <input value="Login" type="submit" id="submit" name="_eventId_nextpage">
        </form>
    </body>
</html>

我的web.xml包含 SpringSecurityFilterChain 

<!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

1 个答案:

答案 0 :(得分:0)

我最终认为这是默认过滤器中web.xml中的拼写错误。

我有:

 <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/logout</url-pattern>
        <url-pattern>/j_security_check</url-pattern>
    </servlet-mapping>

j_security_check应该是j_spring_security_check

相关问题
最新问题