Fatal编程技术网
  • java/
  • Java Spring安全登录问题

Java Spring安全登录问题

java spring-mvc spring-security

Java Spring安全登录问题,java,spring-mvc,spring-security,Java,Spring Mvc,Spring Security,我是Spring Security的新手,在Spring MVC应用程序中配置了Spring Security 在提交登录页面后,我得到以下错误 请求的资源(/j\u spring\u security\u check)不可用。 我无法理解这种行为 请帮忙 spring security.xml <security:http auto-config="true" use-expressions="true" access-denied-page="/appln/denied">

我是Spring Security的新手,在Spring MVC应用程序中配置了Spring Security

在提交登录页面后,我得到以下错误

请求的资源(/j\u spring\u security\u check)不可用。

我无法理解这种行为

请帮忙

spring security.xml

<security:http auto-config="true" use-expressions="true" access-denied-page="/appln/denied">
    <security:intercept-url pattern="/appln/login" access="permitAll" />
    <security:intercept-url pattern="/appln/index" access="hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/appln/run" access="hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/appln/common" access="hasRole('ROLE_USER')" />

    <security:form-login login-page="/appln/login"
                         authentication-failure-url="/appln/login?error=true"
                         default-target-url="/appln/run"
                         authentication-success-handler-ref="AuthHandlr" />

    <security:logout invalidate-session="true"
                     logout-success-url="/appln/login" 
                     delete-cookies="JSESSIONID" />
</security:http>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Web.xml

<security:http auto-config="true" use-expressions="true" access-denied-page="/appln/denied">
    <security:intercept-url pattern="/appln/login" access="permitAll" />
    <security:intercept-url pattern="/appln/index" access="hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/appln/run" access="hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/appln/common" access="hasRole('ROLE_USER')" />

    <security:form-login login-page="/appln/login"
                         authentication-failure-url="/appln/login?error=true"
                         default-target-url="/appln/run"
                         authentication-success-handler-ref="AuthHandlr" />

    <security:logout invalidate-session="true"
                     logout-success-url="/appln/login" 
                     delete-cookies="JSESSIONID" />
</security:http>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>


springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
servlet
org.springframework.web.servlet.DispatcherServlet
1.
org.springframework.web.context.ContextLoaderListener
解决了这个问题

在我的loginpage.jsp中,action属性定义为

action=../../j\u spring\u security\u check

我正在玩上面的游戏,并将其更改为

action=/j\u spring\u security\u check

而且它没有任何问题

尽管问题已经解决,但任何人都可以详细说明为什么路径更改会起作用。

表单操作可以是“j_-spring\u-security\u-check”或“j_-spring\u-security\u-check”

这是Spring中的默认安全设置,无法更改

类似地,表单字段必须是'j_username'和'j_password'

一个spring安全配置片段(以及相关的web.xml片段)将非常有用。您检查了日志文件了吗?该消息通常表示服务器没有正常启动。某个地方应该有日志错误/堆栈跟踪。