Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/374.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java SpringSecurity4升级不再进行身份验证_Java_Spring_Spring Mvc_Authentication_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java SpringSecurity4升级不再进行身份验证

Java SpringSecurity4升级不再进行身份验证

java spring spring-mvc authentication spring-security

Java SpringSecurity4升级不再进行身份验证,java,spring,spring-mvc,authentication,spring-security,Java,Spring,Spring Mvc,Authentication,Spring Security,我已经采用了一个需要从Spring3升级到Spring4的现有项目,但升级后我无法再进行身份验证。它返回403禁止,我注意到spring的UserDetailsService接口的NetworkUserDetailsService.loadUserByUsername()实现不再被调用来进行身份验证。当它失败时,浏览器将重定向到/j_spring_security_check。这是Java8升级工作的一部分,我们仍然在Tomcat7(基础设施需求)中运行。我希望我已经包含了足够的信息,以便有人能

我已经采用了一个需要从Spring3升级到Spring4的现有项目,但升级后我无法再进行身份验证。它返回403禁止,我注意到spring的UserDetailsService接口的NetworkUserDetailsService.loadUserByUsername()实现不再被调用来进行身份验证。当它失败时,浏览器将重定向到/j_spring_security_check。这是Java8升级工作的一部分,我们仍然在Tomcat7(基础设施需求)中运行。我希望我已经包含了足够的信息,以便有人能够发现问题。谢谢你的帮助

以下是我的spring-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:sec="http://www.springframework.org/schema/security"
   xmlns="http://www.springframework.org/schema/beans"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">

<sec:global-method-security proxy-target-class="true" pre-post-annotations="enabled"/>
<sec:authentication-manager>
    <sec:authentication-provider ref="daoAuthenticationProvider"/>
</sec:authentication-manager>

<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<bean id="networkUserDetailsService" class="com.xxxxxx.xxxx.tools.base.service.NetworkUserDetailsService"/>

<bean id="daoAuthenticationProvider"
      class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="networkUserDetailsService"/>
    <property name="passwordEncoder" ref="passwordEncoder"/>
</bean>

<sec:http pattern="/api/version" security="none"/>
<sec:http pattern="/admin/**" security="none"/>
<sec:http pattern="/css/**" security="none"/>
<sec:http pattern="/js/**" security="none"/>
<sec:http pattern="/images/**" security="none"/>
<sec:http pattern="/login*" security="none"/>

<sec:http auto-config="true" use-expressions="true">
    <!-- Login pages -->
    <sec:form-login login-page="/login.html" default-target-url="/welcome.html" always-use-default-target="true"
                    authentication-failure-url="/login-error.html"/>

    <sec:logout/>
    <!-- Security zones -->
    <sec:intercept-url pattern="/**" access="isAuthenticated()"/>
</sec:http>
在代码中注册springSecurityFilterChain的位置springSecurityFilterChain在实现WebApplicationInitializer的初始值设定项中注册。我可以看到它在启动服务器时被调用。 
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
     version="3.0"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_2.xsd"
     metadata-complete="false">

<display-name>Web Application</display-name>

<resource-ref>
    <description>Data Source</description>
    <res-ref-name>jdbc/admin</res-ref-name>
    <res-type>javax.sql.DataSource</res-type>
    <res-auth>Container</res-auth>
</resource-ref>

<error-page>
    <location>/error</location>
</error-page>

<env-entry>
    <env-entry-name>appName</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>
    <env-entry-value>admin</env-entry-value>
</env-entry>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>restricted methods</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method-omission>GET</http-method-omission>
        <http-method-omission>POST</http-method-omission>
        <http-method-omission>HEAD</http-method-omission>
    </web-resource-collection>
    <auth-constraint/>
</security-constraint>

 <form class="form-signin" th:action="@{/j_spring_security_check}" method="post">
    <h2 class="form-signin-heading" th:text="#{admin.login}">Please sign in</h2>

    <p th:if="${loginError}" th:text="#{admin.denied.header}" class="error alert alert-danger">Wrong user or
        password</p>
    <input type="text" class="form-control" placeholder="User name" id="j_username" name="j_username"
           required="required" autofocus="autofocus"/>
    <input type="password" class="form-control" placeholder="Password" required="required" id="j_password"
           name="j_password"/> <br/>
    <button class="btn btn-lg btn-primary btn-block" type="submit" th:text="#{admin.login}">Sign in</button>
</form>

private void addSpringSecurityFilter() {
    final DelegatingFilterProxy filter = new DelegatingFilterProxy("springSecurityFilterChain", applicationContext);
    final FilterRegistration.Dynamic filterChainReg = servletContext.addFilter("springSecurityFilterChain", filter);
    filterChainReg.addMappingForUrlPatterns(null, true, "/*");
}