使用GWT获取/ j_spring_security_check的HTTP状态404

时间:2017-03-30 05:39:44

标签: java spring gwt spring-security

我正试图让Spring Security正常工作,而且完全失败了。无论我尝试什么,我都无法使j_spring_security_check有效。

错误:

  

HTTP状态404 - / j_spring_security_check
  类型状态报告
  message / j_spring_security_check
  description请求的资源不可用。

Login.html档案:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>My App</title>
    <link rel="shortcut icon" type="image/x-icon" href="img/favicon.ico">
  </head>
  <body>
    <form method = "post" action="/j_spring_security_check">
      <label for = "username">Username:</label> 
      <input type = "text" name = "username" />
      <br />
      <label for = "password">Password:</label> 
      <input type = "password" name = "password" /> 
      <br />
      <input type = "submit" value = "Login" />
    </form>
  </body>
</html>

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /META-INF/application*.xml
        </param-value>
    </context-param>

    <!-- Creates the Spring Container -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

  <!-- Servlets -->
  <servlet>
    <servlet-name>MyServlet</servlet-name>
    <servlet-class>com.me.portal.server.MyPortalServiceImpl</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>MyServlet</servlet-name>
    <url-pattern>/MyPortal/MyPortal</url-pattern>
  </servlet-mapping>

  <!-- Default page to serve -->
  <welcome-file-list>
    <welcome-file>Login.html</welcome-file>
  </welcome-file-list>

</web-app>

application.security.xml

<?xml version = "1.0" encoding = "UTF-8"?>
<beans:beans xmlns = "http://www.springframework.org/schema/security"
             xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
             xmlns:beans = "http://www.springframework.org/schema/beans" 
             xmlns:util = "http://www.springframework.org/schema/util"
             xsi:schemaLocation = "http://www.springframework.org/schema/beans 
                                 http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
                                 http://www.springframework.org/schema/util
                                 http://www.springframework.org/schema/util/spring-util-4.3.xsd
                                 http://www.springframework.org/schema/security 
                                 http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- HTTP security configurations -->
    <http auto-config = 'true' use-expressions = "false" entry-point-ref = "customAuthenticationEntryPoint">
        <intercept-url pattern = "/j_spring_security_check" access = "IS_AUTHENTICATED_ANONYMOUSLY"/> 
        <intercept-url pattern = "/login" access = "IS_AUTHENTICATED_ANONYMOUSLY"/> 
        <intercept-url pattern = "/Login.html" access = "IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern = "/img/favicon.ico" access = "IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern = "/**" access = "IS_AUTHENTICATED_FULLY" />
        <logout logout-success-url = "/Login.html" />
        <form-login login-page = "/Login.html" default-target-url = "/index.gwt.html" always-use-default-target = "true" 
                    login-processing-url = "/j_spring_security_check" username-parameter = "username" password-parameter = "password" 
                    authentication-success-handler-ref = "customAuthenticationSuccessHandler" 
                    authentication-failure-handler-ref="customAuthenticationFailureHandler"/>
<!--            <logout invalidate-session = "true" logout-success-url = "/login" logout-url = "/logout" /> -->
<!--        </form-login>"  -->
        <session-management invalid-session-url = "/Login.html"
                            session-authentication-error-url = "/Login.html"
                            session-fixation-protection = "newSession">
            <concurrency-control max-sessions = "1" error-if-maximum-exceeded = "false" />
        </session-management>
    </http>

    <ldap-server {Our settings} />

    <authentication-manager alias = "authenticationManager">
        <ldap-authentication-provider
                {Our LDAP Info}
        </ldap-authentication-provider>
    </authentication-manager>


    <!-- Custom entry point to indicate that the user needs to authenticate first --> 
    <beans:bean id = "customAuthenticationEntryPoint" class = "com.me.portal.server.security.CustomAuthenticationEntryPoint"/>

    <!-- Custom handler to indicate that the authentication is successful --> 
    <beans:bean id = "customAuthenticationSuccessHandler" class = "com.me.portal.server.security.CustomAuthenticationSuccessHandler"/>

    <!-- Custom handler to indicate that the authentication has failed -->
    <beans:bean id = "customAuthenticationFailureHandler" class = "com.me.portal.server.security.CustomAuthenticationFailureHandler"/>

</beans:beans>

使用了Spring JAR:

spring-aop-4.3.2.RELEASE.jar
spring-beans-4.3.2.RELEASE.jar
spring-context-4.3.2.RELEASE.jar
spring-core-4.3.2.RELEASE.jar
spring-expression-4.3.2.RELEASE.jar
spring-ldap-core-2.3.1.RELEASE.jar
spring-security-config-3.2.7.RELEASE.jar
spring-security-core-3.2.7.RELEASE.jar
spring-security-ldap-3.2.7.RELEASE.jar
spring-security-web-3.2.7.RELEASE.jar
spring-tx-4.3.2.RELEASE.jar
spring-web-4.3.2.RELEASE.jar

根据要求,标题: Headers for the failure

响应:

<!DOCTYPE html>
<html><head><title>Apache Tomcat/8.0.22 - Error report</title>
<style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} 
H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} 
H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} 
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} 
B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} 
P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
A {color : black;}
A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head>
<body><h1>HTTP Status 404 - /j_spring_security_check</h1><div class="line"></div>
<p><b>type</b> Status report</p>
<p><b>message</b> <u>/j_spring_security_check</u></p>
<p><b>description</b> <u>The requested resource is not available.</u></p>
<hr class="line"><h3>Apache Tomcat/8.0.22</h3>
</body></html>

2 个答案:

答案 0 :(得分:1)

您应该将操作路径更改为相对路径。

<form method = "post" action="j_spring_security_check">

或者它会将请求提交给基地目录。

答案 1 :(得分:0)

我不知道这是GWT问题还是Tomcat问题,但解决方案就在这里:

<form method = "post" action="/MyPortal/j_spring_security_check">

我必须添加“/ MyPortal”的路径才能找到j_spring_security_check。