最近我使用Spring Security作为我的Spring MVC Web Admin。我在使用Spring Security时遇到了麻烦。登录过程时,始终重定向到authentication-failure-url。我有自己的UserDetailsServiceImpl实现UserDetailsService(来自Spring Security Feature)。
这是我的春天安全
<!-- enable use-expressions -->
<http auto-config="true">
<intercept-url pattern="/*" access="permitAll" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/error" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login login-page="/" default-target-url="/index"
always-use-default-target="false" authentication-failure-url="/error"
login-processing-url="/j_spring_security_check" username-parameter="j_username"
password-parameter="j_password" />
<logout logout-success-url="/"
delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE"
logout-url="/j_spring_security_logout" invalidate-session="true" />
<!-- enable csrf protection -->
<!-- csrf /-->
</http>
<global-method-security pre-post-annotations="enabled" />
<beans:bean id="customAuthenticationSuccessHandler"
class="com.mezzo.security.AuthenticationSuccessListener">
</beans:bean>
<beans:bean id="myAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/index" />
<!-- After login, return to the last visited page -->
<beans:property name="useReferer" value="true" />
</beans:bean>
<beans:bean id="userDetailsService"
class="com.mezzo.security.UserDetailsServiceImpl" />
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
请问,我的安全配置xml有什么问题。 提前致谢。 :)