Login Spring Security 403错误j_Spring_Security_登录
前几天我一切正常,但现在当我登录时,我得到一个403错误,说请求的页面被禁止。用户仍然成功登录,即我可以返回并访问安全的页面。控制台中没有错误 login.jspLogin Spring Security 403错误j_Spring_Security_登录,login,spring-security,http-status-code-403,http-error,Login,Spring Security,Http Status Code 403,Http Error,前几天我一切正常,但现在当我登录时,我得到一个403错误,说请求的页面被禁止。用户仍然成功登录,即我可以返回并访问安全的页面。控制台中没有错误 login.jsp <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Login Page</title>
<link href="${pageContext.request.contextPath}/resources/css/main.css"
rel="stylesheet" type="text/css">
</head>
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password</h3>
<c:if test="${param.error != null}">
<p class="error">Login failed. Check user name and password.</p>
</c:if>
<form name='f'
action='${pageContext.request.contextPath}/j_spring_security_check'
method='POST'>
<table class="formtable">
<tr>
<td class="title">User:</td>
<td><input class="control" type='text' name='j_username' value=''></td>
</tr>
<tr>
<td class="title">Password:</td>
<td><input class="control" type='password' name='j_password' /></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="Login" /></td>
</tr>
</table>
</form>
<p><a href="${pageContext.request.contextPath}/newAccount">Create a new account. </a></p>
</body>
</html>
试着按照我的配置来做。url截取顺序非常重要:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/resources/j_spring_security_check"
login-page="/login" authentication-failure-url="/login?login_error=t" />
<logout logout-url="/resources/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/login/**" access="permitAll" />
<intercept-url pattern="/home/**" access="permitAll" />
<intercept-url pattern="/password/reset" access="hasRole('ROLE_ANONYMOUS')" />
<intercept-url pattern="/account/create" access="hasRole('ROLE_ANONYMOUS')" />
<intercept-url pattern="/account/activate" access="hasRole('ROLE_ANONYMOUS')" />
<intercept-url pattern="/password/change" access="isAuthenticated()" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/client/**" access="hasRole('ROLE_CLIENT')" />
<intercept-url pattern="/**" access="permitAll" />
</http>
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder">
<beans:constructor-arg value="SHA-256" />
</beans:bean>
</beans:beans>
你终于改变了它的顺序。将所有其他定义放在首位。不确定这是否有效,但我会尝试,以防我不想将所有用户路由到同一页面。我通过设置默认重定向登录并将其设置为始终启用返回主页来解决此问题。不确定这是否有效,但如果我不想将所有用户路由到同一页面,我将尝试。我通过设置默认重定向登录并将其设置为始终启用返回主页,解决了这个问题。
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import com.pharmacy.management.system.dao.User;
import com.pharmacy.management.system.service.UserService;
@Controller
public class LoginController {
private UserService userService;
@Autowired
public void setUserService(UserService userService) {
this.userService = userService;
}
@RequestMapping("/login")
public String showLogin() {
return "login";
}
@RequestMapping("/logout")
public String showLogout() {
return "logout";
}
@RequestMapping("/newAccount")
public String newAccount(Model model) {
model.addAttribute("user", new User());
return "newAccount";
}
@RequestMapping("/accountCreated")
public String accountCreated(Model model) {
model.addAttribute("user", new User());
return "accountCreated";
}
@RequestMapping(value = "/createAccount", method = RequestMethod.POST)
public String createAccount(@Valid User user, BindingResult result) {
if (result.hasErrors()) {
return "newAccount";
}
user.setAuthority("doctor");
user.setEnabled(true);
if (userService.exists(user.getUsername())) {
result.rejectValue("username", "DuplicateKey.user.username");
return "newAccount";
}
try {
userService.create(user);
} catch (DataAccessException e) {
result.rejectValue("username", "DuplicateKey.user.username");
return "newAccount";
}
return "accountCreated";
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/resources/j_spring_security_check"
login-page="/login" authentication-failure-url="/login?login_error=t" />
<logout logout-url="/resources/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/login/**" access="permitAll" />
<intercept-url pattern="/home/**" access="permitAll" />
<intercept-url pattern="/password/reset" access="hasRole('ROLE_ANONYMOUS')" />
<intercept-url pattern="/account/create" access="hasRole('ROLE_ANONYMOUS')" />
<intercept-url pattern="/account/activate" access="hasRole('ROLE_ANONYMOUS')" />
<intercept-url pattern="/password/change" access="isAuthenticated()" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/client/**" access="hasRole('ROLE_CLIENT')" />
<intercept-url pattern="/**" access="permitAll" />
</http>
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder">
<beans:constructor-arg value="SHA-256" />
</beans:bean>
</beans:beans>
<security:intercept-url pattern="/**" access="denyAll" />