Java Spring安全检查错误
在我的新web应用程序中,我使用bootstrap在标题中创建登录表单 当我尝试登录时,结果总是重定向到错误页面,我不明白为什么。chrome的日志和控制台没有给我任何错误 我想这是老生常谈,但我看不出解决办法。 有什么想法吗 我的代码: header.jspxJava Spring安全检查错误,java,spring,spring-security,Java,Spring,Spring Security,在我的新web应用程序中,我使用bootstrap在标题中创建登录表单 当我尝试登录时,结果总是重定向到错误页面,我不明白为什么。chrome的日志和控制台没有给我任何错误 我想这是老生常谈,但我看不出解决办法。 有什么想法吗 我的代码: header.jspx <div id="header" xmlns:sec="http://www.springframework.org/security/tags" xmlns:jsp="http://java.sun.com/JSP/
<div id="header"
xmlns:sec="http://www.springframework.org/security/tags"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:fn="http://java.sun.com/jsp/jstl/functions"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:form="http://www.springframework.org/tags/form"
xmlns:spring="http://www.springframework.org/tags" version="2.0">
<jsp:directive.page contentType="text/html;charset=UTF-8" />
<jsp:output omit-xml-declaration="yes"/>
<spring:url value="/resources/j_spring_security_logout" var="logoutUrl"/>
<spring:url value="/resources/j_spring_security_check" var="form_url" />
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed"
data-toggle="collapse" data-target="#navbar" aria-expanded="false"
aria-controls="navbar">
<span class="sr-only"></span>
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/home" style="font-weight: bold;">MY PROJECT NAME</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<c:choose>
<c:when test="${pageContext['request'].userPrincipal != null}">
<sec:authentication property="principal.username" var="username" />
<span style="float: right; border-left: 1px solid #c6d0da;"><a
href="${logoutUrl}"> <span class="glyphicon glyphicon-log-out"> </span>
</a></span>
<li><a href="${showLoggedUserUrl}${username}"> <span class="glyphicon glyphicon-user"> </span>${username}
</a></li>
</c:when>
<c:when test="${not empty param.login_error}">
<div class="navbar-collapse collapse">
<div class="navbar-right">
<div class="btn-group ">
<button type="button" class="btn btn-success dropdown-toggle glyphicon glyphicon-log-in" data-toggle="dropdown"> Login <span class="caret"></span>
</button>
<div class="dropdown-menu">
<form:form name="f" action="${fn:escapeXml(form_url)}" method="POST" class="">
<div class="col-sm-12">
<div >Accedi:</div>
<br />
<div class="form-group has-feedback has-feedback has-error" >
<input id="j_username" type='text' class="form-control input-sm" name='j_username' placeholder="Errore Username" />
<span class="glyphicon glyphicon-user form-control-feedback"></span>
</div>
<div class="form-group has-feedback has-feedback has-error" >
<input id="j_password" type='password' name='j_password' placeholder="Errore Password" class="form-control input-sm" />
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
<button type="submit" class="btn btn-success">Accedi</button>
</div>
</form:form>
</div>
</div>
</div>
</div>
</c:when>
<c:otherwise>
<div class="navbar-collapse collapse">
<div class="navbar-right">
<div class="btn-group">
<button type="button" class="btn btn-success dropdown-toggle glyphicon glyphicon-log-in" data-toggle="dropdown"> Login <span class="caret"></span>
</button>
<div class="dropdown-menu">
<form:form name="f" action="${fn:escapeXml(form_url)}" method="POST" class="">
<div class="col-sm-12">
<div >Accedi:</div>
<br />
<div class="form-group has-feedback" >
<input id="j_username" type='text' class="form-control input-sm" name='j_username' placeholder="Username" />
<span class="glyphicon glyphicon-user form-control-feedback"></span>
</div>
<div class="form-group has-feedback" >
<input id="j_password" type='password' name='j_password' placeholder="Password" class="form-control input-sm" />
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
<div >
<button type="submit" class="btn btn-success" id="proceed">Accedi</button>
</div>
</div>
</form:form>
</div>
</div>
</div>
</div>
</c:otherwise>
</c:choose>
</div>
</div>
</nav>
</div>
切换导航
登录
Accedi:
阿克迪
登录
Accedi:
阿克迪
安全上下文.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/resources/j_spring_security_check" login-page="/"
authentication-failure-url="/?login_error=t" />
<!-- authentication-success-handler-ref="myAuthenticationSuccessHandler"/> -->
<logout logout-url="/resources/j_spring_security_logout"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:constructor-arg>
<beans:list>
<beans:ref bean="daoAuthenticationProvider" />
</beans:list>
</beans:constructor-arg>
</beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="sha-256"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailsService" class="it.myproject.security.core.UserDetailsServiceImpl" />
<!-- Enable controller method level security -->
<sec:global-method-security pre-post-annotations="enabled" />
<beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:org/springframework/security/messages"/>
</beans:bean>
</beans:beans>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<!-- Spring Security Configuration -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
....
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/resources/j_spring_security_check" login-page="/"
authentication-failure-url="/?login_error=t" />
<!-- authentication-success-handler-ref="myAuthenticationSuccessHandler"/> -->
<logout logout-url="/resources/j_spring_security_logout"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:constructor-arg>
<beans:list>
<beans:ref bean="daoAuthenticationProvider" />
</beans:list>
</beans:constructor-arg>
</beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="sha-256"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailsService" class="it.myproject.security.core.UserDetailsServiceImpl" />
<!-- Enable controller method level security -->
<sec:global-method-security pre-post-annotations="enabled" />
<beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:org/springframework/security/messages"/>
</beans:bean>
</beans:beans>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<!-- Spring Security Configuration -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
....
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/
....
上下文配置位置
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
appServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/WEB-INF/spring/appServlet/servlet-context.xml
1.
appServlet
/
您能否将JSP缩小到有问题的代码,并发布一些stacktrace。为Spring安全性启用调试日志记录,然后发布stacktrace。否则,很难隔离和识别问题。Spring security使用用户名
和密码
(默认情况下)作为字段名称,您的字段前缀为j
(代表较旧Spring security版本的默认值).虽然您已经找到了解决方案-在这种情况下,我发现将spring安全日志设置为调试模式非常方便。springsecurity很好地记录了所有重要信息以及为什么它会输出成功/失败视图的原因。