我正试图让Spring Security正常工作,而且完全失败了。无论我尝试什么,我都无法使j_spring_security_check
有效。
错误:
HTTP状态404 - / j_spring_security_check
类型状态报告
message / j_spring_security_check
description请求的资源不可用。
Login.html
档案:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>My App</title>
<link rel="shortcut icon" type="image/x-icon" href="img/favicon.ico">
</head>
<body>
<form method = "post" action="/j_spring_security_check">
<label for = "username">Username:</label>
<input type = "text" name = "username" />
<br />
<label for = "password">Password:</label>
<input type = "password" name = "password" />
<br />
<input type = "submit" value = "Login" />
</form>
</body>
</html>
web.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/META-INF/application*.xml
</param-value>
</context-param>
<!-- Creates the Spring Container -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>MyServlet</servlet-name>
<servlet-class>com.me.portal.server.MyPortalServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServlet</servlet-name>
<url-pattern>/MyPortal/MyPortal</url-pattern>
</servlet-mapping>
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>Login.html</welcome-file>
</welcome-file-list>
</web-app>
application.security.xml
:
<?xml version = "1.0" encoding = "UTF-8"?>
<beans:beans xmlns = "http://www.springframework.org/schema/security"
xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans = "http://www.springframework.org/schema/beans"
xmlns:util = "http://www.springframework.org/schema/util"
xsi:schemaLocation = "http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- HTTP security configurations -->
<http auto-config = 'true' use-expressions = "false" entry-point-ref = "customAuthenticationEntryPoint">
<intercept-url pattern = "/j_spring_security_check" access = "IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern = "/login" access = "IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern = "/Login.html" access = "IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern = "/img/favicon.ico" access = "IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern = "/**" access = "IS_AUTHENTICATED_FULLY" />
<logout logout-success-url = "/Login.html" />
<form-login login-page = "/Login.html" default-target-url = "/index.gwt.html" always-use-default-target = "true"
login-processing-url = "/j_spring_security_check" username-parameter = "username" password-parameter = "password"
authentication-success-handler-ref = "customAuthenticationSuccessHandler"
authentication-failure-handler-ref="customAuthenticationFailureHandler"/>
<!-- <logout invalidate-session = "true" logout-success-url = "/login" logout-url = "/logout" /> -->
<!-- </form-login>" -->
<session-management invalid-session-url = "/Login.html"
session-authentication-error-url = "/Login.html"
session-fixation-protection = "newSession">
<concurrency-control max-sessions = "1" error-if-maximum-exceeded = "false" />
</session-management>
</http>
<ldap-server {Our settings} />
<authentication-manager alias = "authenticationManager">
<ldap-authentication-provider
{Our LDAP Info}
</ldap-authentication-provider>
</authentication-manager>
<!-- Custom entry point to indicate that the user needs to authenticate first -->
<beans:bean id = "customAuthenticationEntryPoint" class = "com.me.portal.server.security.CustomAuthenticationEntryPoint"/>
<!-- Custom handler to indicate that the authentication is successful -->
<beans:bean id = "customAuthenticationSuccessHandler" class = "com.me.portal.server.security.CustomAuthenticationSuccessHandler"/>
<!-- Custom handler to indicate that the authentication has failed -->
<beans:bean id = "customAuthenticationFailureHandler" class = "com.me.portal.server.security.CustomAuthenticationFailureHandler"/>
</beans:beans>
使用了Spring JAR:
spring-aop-4.3.2.RELEASE.jar
spring-beans-4.3.2.RELEASE.jar
spring-context-4.3.2.RELEASE.jar
spring-core-4.3.2.RELEASE.jar
spring-expression-4.3.2.RELEASE.jar
spring-ldap-core-2.3.1.RELEASE.jar
spring-security-config-3.2.7.RELEASE.jar
spring-security-core-3.2.7.RELEASE.jar
spring-security-ldap-3.2.7.RELEASE.jar
spring-security-web-3.2.7.RELEASE.jar
spring-tx-4.3.2.RELEASE.jar
spring-web-4.3.2.RELEASE.jar
响应:
<!DOCTYPE html>
<html><head><title>Apache Tomcat/8.0.22 - Error report</title>
<style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
A {color : black;}
A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head>
<body><h1>HTTP Status 404 - /j_spring_security_check</h1><div class="line"></div>
<p><b>type</b> Status report</p>
<p><b>message</b> <u>/j_spring_security_check</u></p>
<p><b>description</b> <u>The requested resource is not available.</u></p>
<hr class="line"><h3>Apache Tomcat/8.0.22</h3>
</body></html>
答案 0 :(得分:1)
您应该将操作路径更改为相对路径。
<form method = "post" action="j_spring_security_check">
或者它会将请求提交给基地目录。
答案 1 :(得分:0)
我不知道这是GWT问题还是Tomcat问题,但解决方案就在这里:
<form method = "post" action="/MyPortal/j_spring_security_check">
我必须添加“/ MyPortal”的路径才能找到j_spring_security_check。