SpringSecurityJSF-登录表单在成功登录后重定向到同一登录页面

SpringSecurityJSF-登录表单在成功登录后重定向到同一登录页面,jsf,primefaces,spring-security,annotations,Jsf,Primefaces,Spring Security,Annotations,这是我的登录名。xhtml: <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:p="http://primefaces.org/ui"> <body> <h:form id="form"> <p:pan

这是我的登录名。xhtml

<html xmlns="http://www.w3.org/1999/xhtml"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:f="http://java.sun.com/jsf/core"
    xmlns:p="http://primefaces.org/ui">

<body>
    <h:form id="form">
        <p:panel id="panel" header="Connexion">
            <p:messages id="msgs" />

            <h:panelGrid columns="3">
                <h:outputLabel for="login" value="Login: *" />
                <p:inputText id="login"
                    value="#{utilisateurAuthentificationService.login}"
                    required="true"
                    label="Login">
                    <f:validateLength minimum="2" />
                </p:inputText>
                <p:message for="login" display="icon" />

                <h:outputLabel for="password" value="Password: *" />
                <p:password id="password"
                    value="#{utilisateurAuthentificationService.password}"
                    label="Password" required="true">
                    <f:validateLength minimum="2" />
                    <p:ajax update="msgPassword" event="keyup" />
                </p:password>
                <p:message for="password" id="msgPassword" display="icon" />

            </h:panelGrid>

            <p:commandButton id="btn" value="Connexion" update="panel"
                actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" />
        </p:panel>

    </h:form>
</body>
</html>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config='true'>


        <intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <intercept-url pattern="/welcome.xhtml*" access="ROLE_USER" />

        <form-login login-page='/login.xhtml'
            always-use-default-target="true" authentication-failure-url="/login.xhtml" />
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="utilisateurService">
        </authentication-provider>
    </authentication-manager>
</beans:beans>
<!-- Spring Security filters -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

这是我的安全配置.xml

<html xmlns="http://www.w3.org/1999/xhtml"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:f="http://java.sun.com/jsf/core"
    xmlns:p="http://primefaces.org/ui">

<body>
    <h:form id="form">
        <p:panel id="panel" header="Connexion">
            <p:messages id="msgs" />

            <h:panelGrid columns="3">
                <h:outputLabel for="login" value="Login: *" />
                <p:inputText id="login"
                    value="#{utilisateurAuthentificationService.login}"
                    required="true"
                    label="Login">
                    <f:validateLength minimum="2" />
                </p:inputText>
                <p:message for="login" display="icon" />

                <h:outputLabel for="password" value="Password: *" />
                <p:password id="password"
                    value="#{utilisateurAuthentificationService.password}"
                    label="Password" required="true">
                    <f:validateLength minimum="2" />
                    <p:ajax update="msgPassword" event="keyup" />
                </p:password>
                <p:message for="password" id="msgPassword" display="icon" />

            </h:panelGrid>

            <p:commandButton id="btn" value="Connexion" update="panel"
                actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" />
        </p:panel>

    </h:form>
</body>
</html>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config='true'>


        <intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <intercept-url pattern="/welcome.xhtml*" access="ROLE_USER" />

        <form-login login-page='/login.xhtml'
            always-use-default-target="true" authentication-failure-url="/login.xhtml" />
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="utilisateurService">
        </authentication-provider>
    </authentication-manager>
</beans:beans>
<!-- Spring Security filters -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

web.xml中的spring安全过滤器:

<html xmlns="http://www.w3.org/1999/xhtml"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:f="http://java.sun.com/jsf/core"
    xmlns:p="http://primefaces.org/ui">

<body>
    <h:form id="form">
        <p:panel id="panel" header="Connexion">
            <p:messages id="msgs" />

            <h:panelGrid columns="3">
                <h:outputLabel for="login" value="Login: *" />
                <p:inputText id="login"
                    value="#{utilisateurAuthentificationService.login}"
                    required="true"
                    label="Login">
                    <f:validateLength minimum="2" />
                </p:inputText>
                <p:message for="login" display="icon" />

                <h:outputLabel for="password" value="Password: *" />
                <p:password id="password"
                    value="#{utilisateurAuthentificationService.password}"
                    label="Password" required="true">
                    <f:validateLength minimum="2" />
                    <p:ajax update="msgPassword" event="keyup" />
                </p:password>
                <p:message for="password" id="msgPassword" display="icon" />

            </h:panelGrid>

            <p:commandButton id="btn" value="Connexion" update="panel"
                actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" />
        </p:panel>

    </h:form>
</body>
</html>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config='true'>


        <intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <intercept-url pattern="/welcome.xhtml*" access="ROLE_USER" />

        <form-login login-page='/login.xhtml'
            always-use-default-target="true" authentication-failure-url="/login.xhtml" />
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="utilisateurService">
        </authentication-provider>
    </authentication-manager>
</beans:beans>
<!-- Spring Security filters -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
成功登录后,它将我重定向到欢迎.xhtml页面(这是web.xml中指定的欢迎文件),而不是将我重定向到登录.xhtml页面

问题在哪里?security-config.xml是否配置错误?还是别的什么

如果我必须给你看一些其他代码的详细信息,请告诉我


谢谢

尝试添加默认目标url=“/Welcome.xhtml”属性以形成登录元素,如


尝试在此处禁用csrf保护

或者尝试添加CSRF令牌:

添加

ajax="false"
单击“命令”按钮,使其如下所示:

<p:commandButton id="btn" value="Connexion" update="panel"
            actionListener="#{utilisateurAuthentificationService.authentifierUtilisateur(utilisateurAuthentificationService.login,utilisateurAuthentificationService.password)}" ajax="false"/>


我不完全清楚为什么会这样,但我认为这是因为按钮现在执行的是一个完整的页面提交,而不是允许Spring Securitys重定向的ajax请求,因为它不再是部分页面重新提交程序。

“我们的建议是对正常用户可以通过浏览器处理的任何请求使用CSRF保护。如果您仅创建非浏览器客户端使用的服务,则可能需要禁用CSRF保护。“那么,当普通用户通过浏览器处理我的身份验证请求时,为什么要禁用它?”@Siho好的,我更新了答案,您能试着添加CSRF令牌吗?+1作为您的注释:D