Java spring security在使用AJAX登录时显示403错误
我知道有很多问题已经存在,与这个错误有关,但我已经尝试了几乎所有的方法,没有解决我的问题Java spring security在使用AJAX登录时显示403错误,java,ajax,spring,spring-security,http-status-code-403,Java,Ajax,Spring,Spring Security,Http Status Code 403,我知道有很多问题已经存在,与这个错误有关,但我已经尝试了几乎所有的方法,没有解决我的问题 <security:form-login login-page="/home" default-target-url="/home" authentication-failure-handler-ref="myAuthenticationFailureHandler"
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
当我在浏览器控制台中提交表单时,我看到
Failed to load resource: the server responded with a status of 403 (Forbidden)
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
我的项目在Spring4.0.3、SpringSecurity4.0.1、Java8中,运行在wildfly 8.x服务器上
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
我的ajax调用是
$.ajax({
url: "j_spring_security_check",
data: $('#loginForm').serialize(),
type: "POST",
beforeSend: function (xhr) {
xhr.setRequestHeader("X-Ajax-call", "true");
},
success: function(result) {
if (result == "not-ok") {
$('.error').show();
$('.login-error').html(CREDENTIAL_CHECK) ;
return false;
} else {
$('.error').hide();
document.location = result;
}
},
error: function(XMLHttpRequest, textStatus, errorThrown){
$('.error').show();
$('.login-error').html(NETWORK_CHECK) ;
return false;
}
});
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
我的安全配置:
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
我试着设置
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
<security:headers disabled="true" />
<security:csrf disabled="true" />
在服务器控制台中,我也没有看到任何错误
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
我还可以做什么来修复此错误?我已经在这个问题上浪费了2天的时间这个问题创建CSFR保护,因为在Spring Security 4.x中默认启用,并且所有GET和POST请求都有令牌,当您不创建这个令牌服务器时,会显示403错误。您可以轻松禁用此安全性
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>
这里有xml配置文件
java confUrl是
login
notj_-spring\u-security\u-check
。这是怎么说的?检查控制器中的ajax Url是否存在。并确保您的控制器中有RequestMethod.POST。spring security 4中的登录url已更改,以与java config中使用的url相匹配。因此,它也显示403错误。我想。问题在于其他方面。我使用的是wildfly8
<security:form-login login-page="/home"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout"
invalidate-session="true"
delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE"
/>