Fatal编程技术网
  • spring-security/
  • Spring security 春天。登录失败后填充j_用户名

Spring security 春天。登录失败后填充j_用户名

spring-security

Spring security 春天。登录失败后填充j_用户名,spring-security,Spring Security,我正在应用程序中实现身份验证功能。当凭据无效时,我希望在同一登录页上移动,但使用填充的j_用户名文本字段。但我认为没有办法做到这一点 my login.jsp: <html> <head> <!-- connecting javascripts and styles --> </head> <body> <c:set var="base" value="/myProject" /> <form:form c

我正在应用程序中实现身份验证功能。当凭据无效时,我希望在同一登录页上移动,但使用填充的j_用户名文本字段。但我认为没有办法做到这一点

my login.jsp:

<html>
<head> <!-- connecting javascripts and styles --> </head>
<body>
<c:set var="base" value="/myProject" /> 

    <form:form commandName="loginUser" method="POST" action="${base}/j_spring_security_check">
        <h3 align="center"><spring:message code="login.header" /></h3>
        <table>
            <tr>
                <td align="right"><spring:message code="login.label.login" /></td>
                <td><input type="text" name="j_username" /></td>
                <td><div id="j_username" class="errors"><span id="j_username_stub"/><form:errors path="login" /></div></td>
            </tr>
            <tr>
                <td align="right"><spring:message code="login.label.password" /></td>
                <td><input type="password" name="j_password" /></td>
                <td><div id="j_password" class="errors"><span id="j_password_stub"/></div></td>
            </tr>
            <tr>
                <td align="right"><spring:message code="login.label.rememberme" /></td>
                <td><input type="checkbox" name="_spring_security_remember_me" /></td>
            </tr>
            <tr>
                <td align="right"><input type="submit" value="<spring:message code="login.button.login" />" /></td>

            </tr>
        </table>
    </form:form>
</html>
在我的控制器中,我没有填写表单的数据

此外,我陷入了无法加载javascript的无效凭据页面刷新的困境。有什么不对劲

感谢您的建议

查看我对这个问题的回答:。如何从//public void onAuthenticationFailure获取userPrincipal(HttpServletRequest请求、HttpServletResponse响应、AuthenticationException异常)抛出IOException、ServletException?正如我现在所知道的,我不应该为此使用AuthenticationException,因为所有获取用户数据的方法都不受欢迎。因此,这里有一个更好的解决方案: 
 <security:http pattern="/static/**" security="none" />

    <security:http use-expressions="true" authentication-manager-ref="authenticationManager">
        <security:http-basic />
        <security:intercept-url pattern="/jsp/login*" access="permitAll" />
        <security:intercept-url pattern="/jsp/admin/**" access="isAuthenticated()" />
        <security:form-login
                login-page="/"
                default-target-url="/jsp/admin/admin.jsp"
                authentication-failure-url="/loginFailed"/>
        <security:logout logout-url="/logout" invalidate-session="true" delete-cookies="true" logout-success-url="/" />
        <security:anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
        <security:remember-me key="sparkBitAuthToken" token-validity-seconds="864000" />
    </security:http>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider user-service-ref="userDetailsService">
            <security:password-encoder ref="encoder"/>
        </security:authentication-provider>
    </security:authentication-manager>

    <bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> <!-- bCrypt encoder -->

    <bean id="userDetailsService" class="com.myproject.web.authentication.SparkBitUserDetailsService" />

@Controller
@RequestMapping("/")
public class LoginController {

    @RequestMapping
    public String getLoginPage() {
        return "login";
    }

    @RequestMapping(value= "/loginFailed")
    public String getLoginPageOnError(Model model, @ModelAttribute("loginUser") LoginUserBean entity, BindingResult result, HttpServletRequest request) {
        result.rejectValue("login", "error.login.credentials", "Invalid credentials ...");
        return "login";
    }
    }