Java 弹簧3安全j_弹簧安全检查
我正在努力学习spring安全性是如何工作的,所以我下载了一些示例项目,然后我尝试在我的项目中实现该解决方案。但是当我尝试登录时,我得到了Java 弹簧3安全j_弹簧安全检查,java,spring,spring-mvc,spring-security,spring-3,Java,Spring,Spring Mvc,Spring Security,Spring 3,我正在努力学习spring安全性是如何工作的,所以我下载了一些示例项目,然后我尝试在我的项目中实现该解决方案。但是当我尝试登录时,我得到了404错误,并且在地址栏中出现了http://localhost:8080/fit/j_spring_security_check。我试图在这里研究类似的问题,但我没有意识到,如何将其应用到我的项目中。如果有更有经验的人能帮助我,我会非常感激的 我的应用程序结构如下所示: applicationContext.xml: <?xml version="1
404
错误,并且在地址栏中出现了http://localhost:8080/fit/j_spring_security_check
。我试图在这里研究类似的问题,但我没有意识到,如何将其应用到我的项目中。如果有更有经验的人能帮助我,我会非常感激的
我的应用程序结构如下所示:
applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<context:annotation-config/>
<context:component-scan base-package="cz.cvut.fit"/>
<import resource="classpath:applicationContext-security.xml"/>
</beans>
applicationContext-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<context:annotation-config/>
<context:component-scan base-package="cz.cvut.fit" />
<mvc:annotation-driven />
<security:global-method-security jsr250-annotations="enabled"
proxy-target-class="true"/>
</beans>
applicationContext-security.xml:
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/views/login.jsp*" security="none"/>
<security:http pattern="/views/denied.jsp" security="none"/>
<security:http auto-config="true" access-denied-page="/denied.jsp" servlet-api-provision="false">
<security:intercept-url pattern="/views/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/views/edit/**" access="ROLE_EDIT"/>
<security:intercept-url pattern="/views/admin/**" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:form-login login-page="/views/login.jsp" authentication-failure-url="/denied.jsp"
default-target-url="/home.jsp"/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
<security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
您正在尝试根据网页的当前上下文路径验证uri。JSTL标记库可用于确保根据应用程序的上下文轻松生成正确的URL。如果希望快速实现,可以通过使用标记库来实现这一点。为此,您可以将jstl标记库添加到jsp的顶部:
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
然后,您可以使用以下命令发布到登录servlet
<form action="<c:url value="/j_spring_security_check"></c:url>" method="post" role="form">
这样可以确保您始终将邮件发送到/j_spring_security_check
jstl的参考资料:
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
添加您的web.xml文件。它是springSecurityFilterChain的创建Bean。然后您得到响应。路径
/j\u spring\u security\u check
在spring 4中已更改为/login
,并在用户名密码验证筛选器中进行处理
您可以在这里找到它的来源:j\u spring\u security\u check
是一个Servlet,在这里进行实际身份验证,您必须将登录表单的操作映射到此Servlet。您是否在登录页面上执行此操作-…
?请显示您的web.xml/j_spring_security_check URL必须由springSecurityFilterChain筛选器处理。是的,我是。。。但我不知道下一步该怎么做才能让它正常工作-/我假设web.xml的这部分就足够了:springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain/*
这是我的登录表单:用户名:密码:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>