Spring security 使用模式配置Spring安全过滤器链将返回404进行/j_Spring_安全检查
我正在使用SpringMVC和SpringSecurityRelease3.1.3以及Tomcat7.0.37 我需要配置2个安全过滤器链,一个用于基本身份验证,一个用于FormBasedAuthentication 这是我的spring-security.xml文件:Spring security 使用模式配置Spring安全过滤器链将返回404进行/j_Spring_安全检查,spring-security,Spring Security,我正在使用SpringMVC和SpringSecurityRelease3.1.3以及Tomcat7.0.37 我需要配置2个安全过滤器链,一个用于基本身份验证,一个用于FormBasedAuthentication 这是我的spring-security.xml文件: <beans:beans ...> ... <!-- ....................... --> <!-- The Gui is secured here --> <!--
<beans:beans ...>
...
<!-- ....................... -->
<!-- The Gui is secured here -->
<!-- ....................... -->
<http auto-config="true" use-expressions="true" pattern="/gui/**">
<intercept-url pattern="/gui/login**" access="isAnonymous()"/>
<form-login login-page="/gui/login" default-target-url="/gui/welcome"
authentication-failure-url="/gui/loginfailed" />
<logout logout-success-url="/gui/logout" />
<intercept-url pattern="/welcome*" access="hasRole('een_admin')" />
<intercept-url pattern="/mandantAdmin/**" access="isAuthenticated()"/>
<intercept-url pattern="/standortAdmin/**" access="isAuthenticated()"/>
<intercept-url pattern="/ereignisse/**" access="isAuthenticated()" />
<intercept-url pattern="/tickets/**" access="isAuthenticated()"/> <!-- requires-channel="https" -->
<intercept-url pattern="/**" access="hasRole('een_admin')"/>
</http>
<!-- ................................. -->
<!-- The Service Methods are secured here -->
<!-- ................................. -->
<http use-expressions="true" >
<http-basic />
<logout logout-url="/resources/j_spring_security_logout"/>
<intercept-url pattern="/service/ticketManagement/**" access="isAuthenticated()"/>
<intercept-url pattern="/service/standortKonfig/**" access="isAuthenticated()"/>
<intercept-url pattern="/service/ereignisStorage/**" access="isAuthenticated()"/>
</http>
<debug/>
<authentication-manager>
<authentication-provider>
<password-encoder hash="sha-256"/>
<user-service>
<user name="123" password="asdf" authorities="een_admin" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
注意重定向时缺少的用户名PasswordAuthenticationFilter
如果我删除第一个元素中的模式属性pattern=“/gui/**”,并注释掉第二个元素(需要,否则拦截器url模式会出现问题),那么它会再次正常工作
简化一点:当向http元素添加模式属性时,无法再找到j_spring_security_check
我做错了什么,有人能帮我吗?你需要意识到你在
http
块中定义的url与pattern
属性无关,因此首先,你拥有的所有拦截url
模式,比如/welcome*
都没有效果,因为它们只会被以/gui
开头的URL激活,因此永远不会匹配。它应该是/gui/welcome
您的登录表单提交到的URL还必须在某处具有匹配的表单登录
元素。在您的情况下,它位于/gui/**
过滤器链中,因此对/j\u spring\u security\u check
的请求将永远不会匹配
因此,您需要更改登录表单中的URL,以/gui
开头。您还可以通过设置来修改过滤器响应的URL。例如:
<form-login login-processing-url="/gui/login.do" login-page="/gui/login" default-target-url="/gui/welcome" authentication-failure-url="/gui/loginfailed" />
(选择一个根本没有提到春天的东西是个好主意)
您还应该删除
auto-config
属性,因为它在这里没有做任何有用的事情,只是让人困惑。非常感谢,您在这方面确实帮了我的忙!我使用“/gui/j_spring_security_check”作为登录处理url,与我的login.jsp将数据发送到的值相同,它现在可以工作了。我不太明白如何使用这个“login.do”,那么“j_spring_security_check”在哪里起作用呢?它不再相关了login processing url
设置过滤器响应的url,只要它与您的登录表单中的url匹配,则不管是什么/j_spring\u security\u check
只是默认值。
Request received for '/gui/login':
org.apache.catalina.connector.RequestFacade@174e4b3
servletPath:/gui/login
pathInfo:null
Security filter chain: [
SecurityContextPersistenceFilter
LogoutFilter
UsernamePasswordAuthenticationFilter
BasicAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
Request received for '/j_spring_security_check':
org.apache.catalina.connector.RequestFacade@174e4b3
servletPath:/j_spring_security_check
pathInfo:null
Security filter chain: [
SecurityContextPersistenceFilter
LogoutFilter
BasicAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
01:06:06,345 WARN http-apr-8080-exec-3 servlet.PageNotFound:1080 - No mapping found for HTTP request with URI [/webapp/j_spring_security_check] in DispatcherServlet with name 'mvc-dispatcher'
In access_logs:
"POST /webapp/j_spring_security_check HTTP/1.1" 404 949
<form-login login-processing-url="/gui/login.do" login-page="/gui/login" default-target-url="/gui/welcome" authentication-failure-url="/gui/loginfailed" />