小贝子编程

到4.x版本的春季迁移问题



我有这个dispatcher servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd">  
    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix">
            <value>/WEB-INF/pages/</value>
        </property>
        <property name="suffix">
            <value>.jsp</value>
        </property>
    </bean>
</beans>


<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:task="http://www.springframework.org/schema/task"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd        
        http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd">
    <context:component-scan base-package="com.mkyong.*,com.mobapp.security.Login.handlers" />
    <mvc:annotation-driven />
    <mvc:resources mapping="/resources/**" location="/resources/" cache-period="31556926"/>    
    <import resource="ConfigFiles/Security.xml"/>

security.xml 

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">
    <http>
        <form-login
            username-parameter="username"
            password-parameter="password" />        
    </http>
    <beans:bean id="pwdEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
        <beans:constructor-arg name="strength" value="11" />
    </beans:bean>
    <beans:bean id="appUserDetailService" class="com.mobapp.security.AppUserDetailService"></beans:bean>
    <authentication-manager>
        <authentication-provider user-service-ref="appUserDetailService">
            <password-encoder ref="pwdEncoder"/>
        </authentication-provider>
    </authentication-manager>        
</beans:beans>

这是/login 

@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
        @RequestParam(value = "logout", required = false) String logout) {
    ModelAndView model = new ModelAndView();
    if (error != null) {
        model.addObject("error", "Invalid username and password!");
    }
    if (logout != null) {
        model.addObject("msg", "You've been logged out successfully.");
    }
    model.setViewName("login");
    return model;
}

如果我使用

<spring.version>3.2.8.RELEASE</spring.version>
<spring.security.version>3.2.3.RELEASE</spring.security.version>

一切顺利

但是我用

 <spring.version>4.1.7.RELEASE</spring.version>  
 <spring.security.version>4.0.1.RELEASE</spring.security.version>

并尝试访问/login它显示spring默认登录表单而不是我自己的自定义loginfform

Spring Security并不像您想象的那样工作!该框架基本上提供了一个名为DelegatingFilterProxy的过滤器链,并按照配置的(默认100)过滤器顺序将其嵌入到ApplicationFilterChain中(这是一个非常基本的用例,否则它就很大了)。

但它是非常可配置的!(感谢开发团队)

你的控制器方法没有被执行,因为过滤器链在版本4+中使用默认登录URL为/login(在版本3中)。X以前是别的东西,不记得了;))。每当您尝试点击/login URL时,它就会被过滤器链拦截,并且当您要求默认登录页面时,它会生成并提供给您(这是预期的行为)。您的配置过去使用3。只是因为这个原因(您试图访问一个只允许匿名访问的URL)。换句话说,您过去做的一些事情(在3.x中)Spring security可以开箱即用;你自己。

如果您希望使用与默认URL不同的URL,则需要在元素中显式设置它。例如,

   <form-login login-page="/custom_login_url"
        default-target-url="/"
        login-processing-url="/auth"
        authentication-failure-url="/custom_login_url?login=failed"
        username-parameter="username_param"
        password-parameter="password_param"
        always-use-default-target="false"/>

使用这种配置,您可以强制Spring安全性在调度程序上下文中查找登录URL。您的配置URL/login可能仍然没有命中您的自定义登录操作。但是您可以使用login.jsp(基于您的视图解析器和控制器模型视图,您的登录页面是login.jsp)作为您的登录页面,如示例所示,Spring安全性将负责其余的工作。

您可能需要参考3中的这个迁移文档。X到4。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium