我是 spring security 的新手,我正在尝试为我的 spring mvc 应用程序实现安全性。问题是我正在路由到我的自定义登录页面并输入有效的凭据,但它再次路由到同一登录页面。以下是配置。
网络.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>SpringTiles</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
弹簧安全.xml
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd ">
<b:bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy" />
<http pattern="/login" security="none" />
<http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/login" />
<logout logout-url="/logout" logout-success-url="/welcome" />
<csrf disabled="true"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="Admin,User" />
</user-service>
</authentication-provider>
</authentication-manager>
</b:beans>
如果我只指定<form-login/>
并删除<http pattern="/login" security="none" />
则应用程序工作正常。但我想显示我的自定义登录页面。
登录.jsp
<form action="j_spring_security_check" method="POST" >
<div class="form-group">
<label for="exampleInputEmail1">User Name</label>
<input type="text" class="form-control" name="j_username" placeholder="Enter User Name" required="required">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" name="j_password" placeholder="Password" required="required">
</div>
<button type="submit" style="width: 100%;background: #347AB6; font-size:1.1em;" class="btn btn-large btn btn-lg btn-block bg-primary" ><b>Login</b></button>
</form>
<font color="red">
<span>${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</span>
</font>
Spring 框架版本 - 4.3.7.发布和Spring 安全版本 - 4.2.3.发布
请在我做错的地方提供帮助。
谢谢。
我必须在上述链接的帮助下解决我的问题 http://www.baeldung.com/spring-security-login
这是我更新的代码
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd ">
<b:bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy" />
<http use-expressions="true">
<intercept-url pattern="/login*" access="isAnonymous()" />
<intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login login-page="/login" default-target-url="/homepage" authentication-failure-url="/login"
always-use-default-target="true" />
<logout logout-url="/logout" logout-success-url="/login" />
<csrf disabled="true"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="Admin,User" />
</user-service>
</authentication-provider>
</authentication-manager>
</b:beans>
由于j_spring_security_check
被弃用,我在 jsp 操作中使用了"登录"。