SpringSecurityJSF-登录表单在成功登录后重定向到同一登录页面
这是我的登录名。xhtml:SpringSecurityJSF-登录表单在成功登录后重定向到同一登录页面,jsf,primefaces,spring-security,annotations,Jsf,Primefaces,Spring Security,Annotations,这是我的登录名。xhtml: <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:p="http://primefaces.org/ui"> <body> <h:form id="form"> <p:pan
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui">
<body>
<h:form id="form">
<p:panel id="panel" header="Connexion">
<p:messages id="msgs" />
<h:panelGrid columns="3">
<h:outputLabel for="login" value="Login: *" />
<p:inputText id="login"
value="#{utilisateurAuthentificationService.login}"
required="true"
label="Login">
<f:validateLength minimum="2" />
</p:inputText>
<p:message for="login" display="icon" />
<h:outputLabel for="password" value="Password: *" />
<p:password id="password"
value="#{utilisateurAuthentificationService.password}"
label="Password" required="true">
<f:validateLength minimum="2" />
<p:ajax update="msgPassword" event="keyup" />
</p:password>
<p:message for="password" id="msgPassword" display="icon" />
</h:panelGrid>
<p:commandButton id="btn" value="Connexion" update="panel"
actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" />
</p:panel>
</h:form>
</body>
</html>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config='true'>
<intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome.xhtml*" access="ROLE_USER" />
<form-login login-page='/login.xhtml'
always-use-default-target="true" authentication-failure-url="/login.xhtml" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="utilisateurService">
</authentication-provider>
</authentication-manager>
</beans:beans>
<!-- Spring Security filters -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是我的安全配置.xml:
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui">
<body>
<h:form id="form">
<p:panel id="panel" header="Connexion">
<p:messages id="msgs" />
<h:panelGrid columns="3">
<h:outputLabel for="login" value="Login: *" />
<p:inputText id="login"
value="#{utilisateurAuthentificationService.login}"
required="true"
label="Login">
<f:validateLength minimum="2" />
</p:inputText>
<p:message for="login" display="icon" />
<h:outputLabel for="password" value="Password: *" />
<p:password id="password"
value="#{utilisateurAuthentificationService.password}"
label="Password" required="true">
<f:validateLength minimum="2" />
<p:ajax update="msgPassword" event="keyup" />
</p:password>
<p:message for="password" id="msgPassword" display="icon" />
</h:panelGrid>
<p:commandButton id="btn" value="Connexion" update="panel"
actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" />
</p:panel>
</h:form>
</body>
</html>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config='true'>
<intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome.xhtml*" access="ROLE_USER" />
<form-login login-page='/login.xhtml'
always-use-default-target="true" authentication-failure-url="/login.xhtml" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="utilisateurService">
</authentication-provider>
</authentication-manager>
</beans:beans>
<!-- Spring Security filters -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
web.xml中的spring安全过滤器:
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui">
<body>
<h:form id="form">
<p:panel id="panel" header="Connexion">
<p:messages id="msgs" />
<h:panelGrid columns="3">
<h:outputLabel for="login" value="Login: *" />
<p:inputText id="login"
value="#{utilisateurAuthentificationService.login}"
required="true"
label="Login">
<f:validateLength minimum="2" />
</p:inputText>
<p:message for="login" display="icon" />
<h:outputLabel for="password" value="Password: *" />
<p:password id="password"
value="#{utilisateurAuthentificationService.password}"
label="Password" required="true">
<f:validateLength minimum="2" />
<p:ajax update="msgPassword" event="keyup" />
</p:password>
<p:message for="password" id="msgPassword" display="icon" />
</h:panelGrid>
<p:commandButton id="btn" value="Connexion" update="panel"
actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" />
</p:panel>
</h:form>
</body>
</html>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config='true'>
<intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome.xhtml*" access="ROLE_USER" />
<form-login login-page='/login.xhtml'
always-use-default-target="true" authentication-failure-url="/login.xhtml" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="utilisateurService">
</authentication-provider>
</authentication-manager>
</beans:beans>
<!-- Spring Security filters -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
成功登录后,它将我重定向到欢迎.xhtml页面(这是web.xml中指定的欢迎文件),而不是将我重定向到登录.xhtml页面
问题在哪里?security-config.xml是否配置错误?还是别的什么
如果我必须给你看一些其他代码的详细信息,请告诉我
谢谢尝试添加默认目标url=“/Welcome.xhtml”属性以形成登录元素,如
尝试在此处禁用csrf保护 或者尝试添加CSRF令牌:添加
ajax="false"
单击“命令”按钮,使其如下所示:
<p:commandButton id="btn" value="Connexion" update="panel"
actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" ajax="false"/>
我不完全清楚为什么会这样,但我认为这是因为按钮现在执行的是一个完整的页面提交,而不是允许Spring Securitys重定向的ajax请求,因为它不再是部分页面重新提交程序。“我们的建议是对正常用户可以通过浏览器处理的任何请求使用CSRF保护。如果您仅创建非浏览器客户端使用的服务,则可能需要禁用CSRF保护。“那么,当普通用户通过浏览器处理我的身份验证请求时,为什么要禁用它?”@Siho好的,我更新了答案,您能试着添加CSRF令牌吗?+1作为您的注释:D