我在我的maven pom中使用Spring Security 3.1.3.RELEASE ,因为我正在阅读的书是2013年,这就是他们使用的内容,并有以下代码片段:
// AdminController
@Controller
@RequestMapping("/admin")
public class AdminController {
@RequestMapping(method=RequestMethod.POST, value="/movies")
@ResponseBody
public String createMovie(@RequestBody String movie) {
System.out.println("Adding movie!! "+movie);
return "created";
}
}
// LoginController
@Controller
@RequestMapping("")
public class LoginController {
@RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, value="/custom_login")
public String showLogin() {
return "login";
}
}
// web.xml
<web-app>
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext-security.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>terrormovies</servlet-name>
<servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>terrormovies</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
// Spring security Config :: applicationContext-security.xml
<security:http auto-config="true">
<security:intercept-url pattern="/admin/**/*" access="ROLE_ADMIN" />
<security:form-login login-page="/custom_login" username-parameter="user_param" password-parameter="pass_param"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user authorities="ROLE_ADMIN" name="admin" password="admin" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
//的login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Terror movies</title>
</head>
<body>
<form action="/j_spring_security_check" method="POST">
Username<input type="text" name="user_param"/><br/>
Password<input type="password" name="pass_param"/><br/>
<input type="submit" value="Login"/>
</form>
</body>
<% if(request.getParameter("error") != null){
out.println("ERROR LOGIN");
}
%>
</html>
当我启动我的应用程序时,我得到了表单正常的登录页面。我分别输入admin / admin作为用户名/密码。当我点击登录按钮时,我得到这个错误页面说:
Problem accessing /admin/movies. Reason:
Request method 'GET' not supported
Powered by Jetty://
而不是转到方法createMovie(@RequestBody String movie)
AdminController。
此错误页面的地址为:: http://localhost:8080/admin/movies
LoginController和AdminController在同一个包中。
我在这里缺少什么?
在表单动作:: <form action="/j_spring_security_check" method="POST">中,
“/ j_spring_security_check”导致什么?我认为这就是问题所在。我是Spring Security的初学者,所以我现在无法理解。我做了搜索,但没有任何好的答案。
答案 0 :(得分:1)
您收到的错误响应消息确切地告诉您问题所在:
当我点击登录按钮时,我会看到这个错误页面::
<div class="jumbotron" style="margin-bottom: 0;background- image:url('img/tumeric.jpg');background-size:cover;height:auto;padding- top:10px;margin-top:0px;padding-bottom:10px;padding-right:0;padding-left:0"> <div class="row" style="margin-bottom:0;background-color:aqua;margin- right:3px;margin-left:3px;"> <div class="col-xs-12 col-sm-3 col-md-3"> </div> <div class="col-xs-12 col-sm-2 col-md-2"> <asp:ImageButton ID="ImageButton1" runat="server" ImageUrl="img/Untitled_burned.png" CssClass="img-res-1" /> </div> <div class="col-xs-12 col-sm-3 col-md-2" id="hlink"> <asp:HyperLink ID="HyperLink1" runat="server" ForeColor="#ffffff" Font-Bold="true" Font-Size="Large">JOIN US!</asp:HyperLink> </div> <div class="col-xs-12 col-sm-3 col-md-3" style="padding-left:10px;"> <asp:Label ID="lblEmail" runat="server" Text="Label"/> <div class="btn-group" runat="server" id="btnProfile"> <button type="button" class="btn btn-success">User</button> <button type="button" class="btn btn-success dropdown-toggle dropdown-toggle-split" data-toggle="dropdown" aria- haspopup="true" aria-expanded="false"> <span class="sr-only">Toggle Dropdown</span> </button> <div class="dropdown-menu"> <p class="dropdown-header" aria-readonly="true" style="text- decoration:none;">User Info</p> <a class="dropdown-item" href="Personal_Profile_.aspx">Profile</a> <a class="dropdown-item" href="My_Food_List_.aspx">My Menu</a> <a class="dropdown-item" href="User_Meal_Plan_.aspx">Plan</a> <div class="dropdown-divider"></div> <a class="dropdown-item" href="#">Sign Out</a> </div> </div> <div class="header-btn"> <asp:Button ID="btnJoin" runat="server" Text="تسجيل الدخول" CssClass="btn btn-lg btn-primary" style="background- color:forestgreen;border-color:forestgreen;" OnClick="btnJoin_Click" /> </div> </div> <div class="col-xs-12 col-sm-2 col-md-2"> </div> </div>
在您的控制器中,您已设置此方法:
Problem accessing /admin/movies. Reason:
Request method 'GET' not supported
Powered by Jetty://
正如消息所述,@Controller
@RequestMapping("/admin")
public class AdminController {
@RequestMapping(method=RequestMethod.POST, value="/movies")
@ResponseBody
public String createMovie(@RequestBody String movie) {
System.out.println("Adding movie!! "+movie);
return "created";
}
}
方法仅针对/admin/movies请求进行映射,因此无法处理从登录成功重定向生成的POST请求
所以问题不在于GET配置,问题只是在登录后您正在向spring-security带注释的方法发出请求,该方法不支持request-mapping请求。
要解决此问题,您只需将此方法配置到现有GET:
AdminController创建一个@RequestMapping(method=RequestMethod.GET, value="/movies")
public String createMovieForm() {
return "createMovieForm";
}
的jsp,它指向form映射的控制器方法:
POST如果你在<form action="/admin/movies" method="POST">
Movie<input type="text" name="movie"/><br/>
<input type="submit" value="Login"/>
</form>
方法中删除@RequestBody注释,我会更容易,所以最后POST应该像这样结束:
AdminController