小贝子编程

Spring 安全表单登录不起作用



我是 spring security 的新手,我正在尝试为我的 spring mvc 应用程序实现安全性。问题是我正在路由到我的自定义登录页面并输入有效的凭据,但它再次路由到同一登录页面。以下是配置。

网络.xml

 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
 <display-name>SpringTiles</display-name>
 <welcome-file-list>
 <welcome-file>index.jsp</welcome-file>
 </welcome-file-list>
 <servlet>
 <servlet-name>spring</servlet-name>
 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 <load-on-startup>1</load-on-startup>
 </servlet>
 <servlet-mapping>
 <servlet-name>spring</servlet-name>
 <url-pattern>/</url-pattern>
 </servlet-mapping>
 <listener>
 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>
 <context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>/WEB-INF/spring-security.xml
 </param-value>
 </context-param> 
 <filter>
 <filter-name>springSecurityFilterChain</filter-name>
 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 <filter-mapping>
 <filter-name>springSecurityFilterChain</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>
 </web-app>

弹簧安全.xml

 <b:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd ">
 <b:bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy" />
 <http pattern="/login" security="none" />
 <http use-expressions="true">
 <intercept-url pattern="/**" access="isAuthenticated()" />
 <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/login" /> 
 <logout logout-url="/logout" logout-success-url="/welcome" />
 <csrf disabled="true"/>
 </http>
 <authentication-manager>
 <authentication-provider>
 <user-service>
 <user name="admin" password="admin" authorities="Admin,User" />
 </user-service>
 </authentication-provider>
 </authentication-manager>
 </b:beans>

如果我只指定<form-login/>并删除<http pattern="/login" security="none" />则应用程序工作正常。但我想显示我的自定义登录页面。

登录.jsp

 <form action="j_spring_security_check" method="POST" >
 <div class="form-group">
 <label for="exampleInputEmail1">User Name</label> 
 <input type="text" class="form-control" name="j_username" placeholder="Enter User Name" required="required">
 </div>
 <div class="form-group">
 <label for="exampleInputPassword1">Password</label> 
 <input type="password" class="form-control" name="j_password" placeholder="Password" required="required">
 </div>
 <button type="submit" style="width: 100%;background: #347AB6; font-size:1.1em;" class="btn btn-large btn btn-lg btn-block bg-primary" ><b>Login</b></button>
 </form>
 <font color="red">
 <span>${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</span>
 </font>

Spring 框架版本 - 4.3.7.发布和Spring 安全版本 - 4.2.3.发布

请在我做错的地方提供帮助。

谢谢。

我必须在上述链接的帮助下解决我的问题 http://www.baeldung.com/spring-security-login

这是我更新的代码

 <b:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd ">
 <b:bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy" />
 <http use-expressions="true">
 <intercept-url pattern="/login*" access="isAnonymous()" />
 <intercept-url pattern="/**" access="isAuthenticated()"/>
 <form-login login-page="/login" default-target-url="/homepage" authentication-failure-url="/login" 
 always-use-default-target="true" /> 
 <logout logout-url="/logout" logout-success-url="/login" />
 <csrf disabled="true"/>
 </http>
 <authentication-manager>
 <authentication-provider>
 <user-service>
 <user name="admin" password="admin" authorities="Admin,User" />
 </user-service>
 </authentication-provider>
 </authentication-manager>
 </b:beans>

由于j_spring_security_check被弃用,我在 jsp 操作中使用了"登录"。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium