无法使用spring security进行身份验证。输入凭据后

时间:2017-06-12 05:23:59

标签: java spring-mvc spring-security

我使用Spring security 4进行身份验证, 虽然我可以重定向到登录页面,但在此之后我无法进一步移动,导致错误无法找到此本地主页

这是我的web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
 http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" 
 id="WebApp_ID" version="3.1">
      <display-name>self-thin-client</display-name>
      <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
      </welcome-file-list>

        <listener>
            <listener-class>
                org.springframework.web.context.ContextLoaderListener
            </listener-class>
        </listener>
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/security.xml</param-value>
        </context-param>
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/rs/self/*</url-pattern>
        </filter-mapping>

        <servlet>
            <servlet-name>dspature</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>dspature</servlet-name>
            <url-pattern>/rs/*</url-pattern>
        </servlet-mapping>

        <servlet>
            <servlet-name>Initializer</servlet-name>
            <servlet-class>com.store.Initializer</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
    </web-app>

这是我的security.xml 

    <beans:beans xmlns="http://www.springframework.org/schema/security"
                 xmlns:beans="http://www.springframework.org/schema/beans"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">


        <!-- Spring MVC based authentication, login page etc.  -->
        <http>
            <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
            <form-login login-page="/rs/login" login-processing-url="/j_spring_security_check"
                        authentication-failure-url="/login" />
            <logout logout-success-url="/login"/>
        </http>

        <!-- Declared authentication manager -->
        <authentication-manager alias="authenticationManager">
            <authentication-provider ref="AuthenticationManager" />
        </authentication-manager>

        <!-- Bean implementing AuthenticationProvider of Spring Security -->
        <beans:bean id="AuthenticationManager" class="com.radix.server.login.AuthenticationManager">
        </beans:bean>

    </beans:beans>

这是我的html表单,

 <form method="post" action="/j_spring_security_check" >
    <p>
      <span>Username:</span>
      <input type="text"  name= "j_username" >
    </p>
    <p>
      <span>Password:</span>
      <input type="password"  name= "j_password" >
    </p>
    <p>
      <input type="submit" value="submit">
    </p>
  </form>

我认为问题可能与网址映射有关,但我无法弄清楚我做错了什么,请帮帮我

1 个答案:

答案 0 :(得分:1)

web.xml方式更改此映射:

<filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

否则,您的login-processing-url和其他人不会与FilterChainProxy网址格式匹配,因此他们无法正常投放。

编辑:要避免CSRF,请在<security:http>元素中尝试此操作:

<security:csrf disabled="true"/>

但是,正如我之前所说,为这样一条特定路径springSecurityFilterChain设置/rs/self/*的基本路径,我认为这不是一个好主意。更具体地说,它毫无意义。根据您的<security:http>元素,您似乎希望保护应用中的所有网址(<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>),但您的springSecurityFilterChain仅针对网址匹配`/ RS /自/ *&#39;

请尝试这样:

Web.xml中:

<filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

security.xml文件:

<http pattern="/rs/login" security="none"/>
<http>
    <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
    <form-login login-page="/rs/login" login-processing-url="/j_spring_security_check"
                authentication-failure-url="/login" />
    <logout logout-success-url="/login"/>
    <csrf disabled="true"/>
</http>

注销成功网址与登录表单网址不匹配,但似乎您希望是相同的。如果您想这样,请将其更改为<logout logout-success-url="/rs/login" />

EDIT2: 截至您的上一篇评论,我认为最后一个问题是在jsp表单操作中。尝试以这种方式改变行动:

<form method="post" action="/your_app_context/j_spring_security_check" >
相关问题
最新问题