Java j#U安全检查返回错误405(不支持请求方法&x27;POST&x27)
我有一个简单的登录页面。现在,如果您提供正确的用户名和密码,它就可以正常工作。问题是,如果不这样做,则不会重定向到authenticationFailureUrl,但会出现错误405 日志的唯一行:Java j#U安全检查返回错误405(不支持请求方法&x27;POST&x27),java,spring,authentication,spring-security,Java,Spring,Authentication,Spring Security,我有一个简单的登录页面。现在,如果您提供正确的用户名和密码,它就可以正常工作。问题是,如果不这样做,则不会重定向到authenticationFailureUrl,但会出现错误405 日志的唯一行: ^2014-04-29 15:24:01,434 WARN org.springframework.web.servlet.PageNotFound [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
^2014-04-29 15:24:01,434 WARN org.springframework.web.servlet.PageNotFound
[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)']
Request method 'POST' not supported
http://127.0.0.1:7013/app/j_security_check
有什么想法吗
该应用程序正在Weblogic 11g上运行
网址:
^2014-04-29 15:24:01,434 WARN org.springframework.web.servlet.PageNotFound
[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)']
Request method 'POST' not supported
http://127.0.0.1:7013/app/j_security_check
spring security.xml
<sec:http create-session="stateless" auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<sec:intercept-url pattern="/login*" access="permitAll()"/>
<sec:intercept-url pattern="/logout" access="permitAll()"/>
<sec:intercept-url pattern="/account" access="isAuthenticated()"/>
<sec:intercept-url pattern="/**" access="hasRole('admin')" />
[...]
<sec:form-login login-page="/login" default-target-url="/" authentication-failure-url="/loginfailed" />
</sec:http>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>App</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>locatorFactorySelector</param-name>
<param-value>classpath*:beanRefContext.xml</param-value>
</context-param>
<context-param>
<param-name>parentContextKey</param-name>
<param-value>beanRefFactory</param-value>
</context-param>
<context-param>
<param-name>contextInitializerClasses</param-name>
<param-value>net.xxxxx.xxx.xxx.webapp.XxxxxxApplicationContextInitializer</param-value>
</context-param>
<servlet>
<servlet-name>admin</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>admin</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>js</extension>
<mime-type>application/javascript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>css</extension>
<mime-type>text/css</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<error-page>
<error-code>403</error-code>
<location>/error</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error</location>
</error-page>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/loginfailed</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Power Users</description>
<role-name>admin</role-name>
</security-role>
<resource-ref id="ResourceRef_1">
<res-ref-name>STPDataSource</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
[...]
web.xml
<sec:http create-session="stateless" auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<sec:intercept-url pattern="/login*" access="permitAll()"/>
<sec:intercept-url pattern="/logout" access="permitAll()"/>
<sec:intercept-url pattern="/account" access="isAuthenticated()"/>
<sec:intercept-url pattern="/**" access="hasRole('admin')" />
[...]
<sec:form-login login-page="/login" default-target-url="/" authentication-failure-url="/loginfailed" />
</sec:http>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>App</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>locatorFactorySelector</param-name>
<param-value>classpath*:beanRefContext.xml</param-value>
</context-param>
<context-param>
<param-name>parentContextKey</param-name>
<param-value>beanRefFactory</param-value>
</context-param>
<context-param>
<param-name>contextInitializerClasses</param-name>
<param-value>net.xxxxx.xxx.xxx.webapp.XxxxxxApplicationContextInitializer</param-value>
</context-param>
<servlet>
<servlet-name>admin</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>admin</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>js</extension>
<mime-type>application/javascript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>css</extension>
<mime-type>text/css</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<error-page>
<error-code>403</error-code>
<location>/error</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error</location>
</error-page>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/loginfailed</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Power Users</description>
<role-name>admin</role-name>
</security-role>
<resource-ref id="ResourceRef_1">
<res-ref-name>STPDataSource</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
应用程序
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
org.springframework.web.context.ContextLoaderListener
定位器工厂选择器
classpath*:beanRefContext.xml
parentContextKey
蚕豆消光术
上下文初始化类
net.xxxxx.xxx.xxx.webapp.xxxxxx应用程序上下文初始值设定项
管理
org.springframework.web.servlet.DispatcherServlet
1.
管理
/*
js
应用程序/javascript
css
文本/css
index.html
15
403
/错误
404
/错误
java.lang.Throwable
/错误
类型
/登录
/登录失败
电力用户
管理
STPDataSource
javax.sql.DataSource
容器
我可能有点偏执,但你能尝试直接从浏览器调用登录失败的URL吗?可能是Spring试图重定向到该URL,但它却转到了一个意外的控制器,而该控制器正在获取该URL?您可以启用远程调试并逐步通过Spring类跟踪谁发送了405吗?我可以成功访问loginFailed(/loginFailed)。