我试图在JSF上以身份验证形式集成Spring Security,私有页面现在需要身份验证,但当我输入登录名和密码时,这个错误被显示为
Error 404 : Project/j_spring_security_check is not available
所以我创建了一个JSF表单:
<h:form id="loginForm" prependId="false" >
<label for="exampleInputEmail1">Email address</label>
<h:inputText class="form-control" id="j_username" required="true"/>
<label for="exampleInputPassword1">Password</label>
<h:inputSecret class="form-control" id="j_password" required="true"/>
<h:commandButton type="submit" class="btn btn-primary btn-block" action="#{authentication.doLogin()}" value="Login" />
</h:form>
身份验证bean中的函数doLogin()定义如下:
public String doLogin() throws ServletException, IOException
{
ExternalContext context=FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher=((ServletRequest)context.getRequest()).getRequestDispatcher("j_spring_security_check");
dispatcher.forward((ServletRequest)context.getRequest(),(ServletResponse)context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return null;
}
Spring-security.xml:
<http auto-config="true">
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/Backoff/*" access="ROLE_USER"/>
<form-login login-page="/login.xhtml" default-target-url="/Backoff/activities.xhtml"
always-use-default-target="true"
authentication-failure-url="/Front/error.xhtml" />
</http>
我应该添加什么才能使其工作?
要解决此问题,您可以按照以下步骤操作:
1-像这样更改您的Spring-security.xml:
<http use-expressions="true">
<intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/Backoff/*" access="ROLE_USER"/>
<form-login
login-page="/login.xhtml"
default-target-url="/Backoff/activities.xhtml"
always-use-default-target="true"
authentication-failure-url="/Front/error.xhtml"
<!--
if you want to use primefaces components you can use this:
password-parameter="j_idt10" : Name of password input
username-parameter="j_idt8" : Name of username input
==>To get the name of your inputs you can use "element inspection" offred by you browser (chrome,firefox)
-->
/>
</http>
2-像一样更改JSF表单
<h:form id="loginForm" prependId="false" onsubmit="document.getElementById('loginForm').action='j_spring_security_check';" >
<label for="exampleInputEmail1">Email address</label>
<h:inputText id="exampleInputEmail1" class="form-control" name="j_username" required="true"/>
<label for="exampleInputPassword1">Password</label>
<h:inputSecret id="exampleInputPassword1" class="form-control" name="j_password" required="true"/>
<h:commandButton type="submit" class="btn btn-primary btn-block" value="Login" />
</h:form>
您可以注意到,我删除了commandButton的操作,并将您输入的id更改为name,我还在表单中添加了onsubmit函数
希望这能帮助你摆脱
尝试添加<dispatcher>FORWARD</dispatcher>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
使用JSF和Spring Security 3 的自定义登录页面