Spring security SpringSecurity2.0.7和Spring2.5的登录表单问题
嗨,我正在尝试在我的应用程序上设置一个登录页面。 我的login.jsp是Spring security SpringSecurity2.0.7和Spring2.5的登录表单问题,spring-security,Spring Security,嗨,我正在尝试在我的应用程序上设置一个登录页面。 我的login.jsp是 <form name='f' action="<c:url value='j_spring_security_check' />" method='POST'> <table> <tr> <td>User:</td> &l
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
</body>
</html>
<http auto-config="true">
<intercept-url pattern="/login"
access="ROLE_USER" />
<intercept-url pattern="/j_spring_security_check"
access="ROLE_USER" />
<form-login login-page="/login"
login-processing-url="/j_spring_security_check" default-target-url="/userPage.do"
authentication-failure-url="/login?error=1" />
<logout logout-success-url="/login"
logout-url="/logout" />
<!-- <intercept-url pattern="/user/userPage.do" access="ROLE_USER" />
<form-login login-page="/user/login.do" default-target-url="/user/userPage.do"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" /> -->
</http>
<authentication-provider>
<user-service id="userDetailsService">
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="username" password="password" authorities="ROLE_USER" />
<user name="test" password="test" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</beans:beans>
它显示我的登录页面,但当点击登录它总是给我错误
请求的资源(/springhibernate/user/j_spring_security_check)不可用。
页面被重定向到
请帮助我解决此问题,并向我建议如何在我的应用程序中实现此登录功能。我一直在使用它。以下是我的工作配置,供您参考。他们似乎完全一样。这些是针对Spring3.0的。没有尝试过2.x,但认为这可能会对您有所帮助
<!-- Spring-security -->
<http auto-config="false" access-denied-page="/login.jsp?error=Access%20Denied">
<intercept-url pattern="/login.jsp*" filters="none" />
<intercept-url pattern="/manager/**" access="${manager.roles}" />
<form-login login-page="/login.jsp"
default-target-url="/welcome.jsp"
always-use-default-target="true"
authentication-failure-url="/login.jsp?error=true" />
<logout logout-success-url="/login.jsp"/>
<anonymous/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="a" password="a" authorities="ROLE_MANAGER" />
</user-service>
</authentication-provider>
</authentication-manager>
<!--Jsp -->
<form name="login" action="<c:url value="j_spring_security_check"/>" method="POST">
<table width="40%" border="4" align="center" cellpadding="0" cellspacing="0" bordercolor="#E3DBB8">
<tr><td bgcolor="#FFF4C3"><br>
<table width="100%" border="0" align="center" cellpadding="10" cellspacing="0" frame="box">
<tr>
<td align="right" nowrap><font face="Tahoma" size="+1">User Name:</font></td>
<td align="left" width="300"><input id="username" tabindex="1"
type="text" name="j_username" maxlength="20" border="1" style="width: 150px"/ ></td>
</tr>
<tr>
<td align="right" nowrap><font face="Tahoma" size="+1">Password:</font></td>
<td align="left"><input id="password" tabindex="2" type="password" name="j_password" maxlength="20" style="width: 150px"/></td>
</tr>
<tr>
<td align="right"><input type="submit" tabindex="3" name="login" value=" Login " class="Button" /></td>
<td align="left">
<input type="reset" tabindex="3" name="reset" value=" Reset " class="Button" />
</td>
</tr>
</table><br>
</td></tr>
</table>
</form >
<!--Web.xml -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
用户名:
密码:
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
我的设置与单独的登录表单几乎相同,但在登录操作中调用了以下方法get:
(见编辑)
不太确定它是如何工作的,但显然它是必要的:
编辑:
我的表格:
<h:form id="loginForm" prependId="false">
<label for="j_username"><h:outputText value="Username:" /><br />
</label>
<h:inputText id="j_username" required="true">
</h:inputText>
<br />
<br />
<label for="j_password"><h:outputText value="Password:" /><br />
</label>
<h:inputSecret id="j_password" required="true">
</h:inputSecret>
<br />
<br />
<label for="_spring_security_remember_me"> <h:outputText
value="Remember me" /> </label>
<h:selectBooleanCheckbox id="_spring_security_remember_me" />
<br />
<h:commandButton type="submit" id="login"
action="#{loginBean.doLogin}" value="Login" />
</h:form>
我在博客上读到Navisphere manager是spring版本3所必需的,所以我直接加入了身份验证提供商。*不低于此,谢谢Arvind,我看到了他们,spring 3.0很好,spring 2.8也很相似,我认为我在控制器页面和spring bean定义的某些地方错了,但我不知道问题是什么获取:(@viren还有一件事,spring security接受并处理来自登录页面的调用,并将错误重定向回登录页面。但是您有一个@RequestMapping(“/user/login.do”)它将请求映射到您的控制器。因此,不是转到失败页面,而是转到控制器。这里有问题。将RequestMapping放在userPage.do而不是登录页面,并将调试器/print stmt放在控制器中,检查它是否在成功登录时到达那里。@Arvind我尝试了这些新的m您建议的方法@RequestMapping(value=“/user/userPage.do”,method=RequestMethod.GET)公共字符串printWelcome(ModelMap模型,主体主体){String name=Principal.getName();model.addAttribute(“username”,name);model.addAttribute(“message”,“Spring安全自定义表单示例”);返回“userPage”}@RequestMapping(value=“/user/login.do”,method=RequestMethod.GET)公共字符串登录(ModelMap model){return“login”;}但我还是一样issue@Arvind你能告诉我你们是如何定义你的登录控制器的,它的映射是如何在配置xml文件中完成的吗Hi-pete你的意思是我们需要在登录控制器中包含这个方法,因为我没有在你的博客中使用任何登录bean或登录过滤器是的,控制器是你的登录bean(它是一个单例bean)由于某种原因,我不得不调用该方法。Pete我的代码中没有使用JSF,因此这些上下文类不会成为其中的一部分:(也许你可以通过其他方式获取上下文?另外:你是否尝试在浏览器中调用/j_-spring\u-security\u-check
或/springhibernate/j_-spring\u-security\u-check
?我在实现表单转换正确URL时遇到了其他问题。可能是你必须更改映射。@Arvind我已经删除了该部分,并使用了此n。)但这仍然给了我同样的问题
<servlet>
<servlet-name>context</servlet-name>
<servlet-class>
org.springframework.web.context.ContextLoaderServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Spring context loading ends-->
<servlet>
<servlet-name>user</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>user</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<taglib>
<taglib-uri>/spring</taglib-uri>
<taglib-location>/WEB-INF/spring.tld</taglib-location>
</taglib>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
<!-- Spring-security -->
<http auto-config="false" access-denied-page="/login.jsp?error=Access%20Denied">
<intercept-url pattern="/login.jsp*" filters="none" />
<intercept-url pattern="/manager/**" access="${manager.roles}" />
<form-login login-page="/login.jsp"
default-target-url="/welcome.jsp"
always-use-default-target="true"
authentication-failure-url="/login.jsp?error=true" />
<logout logout-success-url="/login.jsp"/>
<anonymous/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="a" password="a" authorities="ROLE_MANAGER" />
</user-service>
</authentication-provider>
</authentication-manager>
<!--Jsp -->
<form name="login" action="<c:url value="j_spring_security_check"/>" method="POST">
<table width="40%" border="4" align="center" cellpadding="0" cellspacing="0" bordercolor="#E3DBB8">
<tr><td bgcolor="#FFF4C3"><br>
<table width="100%" border="0" align="center" cellpadding="10" cellspacing="0" frame="box">
<tr>
<td align="right" nowrap><font face="Tahoma" size="+1">User Name:</font></td>
<td align="left" width="300"><input id="username" tabindex="1"
type="text" name="j_username" maxlength="20" border="1" style="width: 150px"/ ></td>
</tr>
<tr>
<td align="right" nowrap><font face="Tahoma" size="+1">Password:</font></td>
<td align="left"><input id="password" tabindex="2" type="password" name="j_password" maxlength="20" style="width: 150px"/></td>
</tr>
<tr>
<td align="right"><input type="submit" tabindex="3" name="login" value=" Login " class="Button" /></td>
<td align="left">
<input type="reset" tabindex="3" name="reset" value=" Reset " class="Button" />
</td>
</tr>
</table><br>
</td></tr>
</table>
</form >
<!--Web.xml -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<h:form id="loginForm" prependId="false">
<label for="j_username"><h:outputText value="Username:" /><br />
</label>
<h:inputText id="j_username" required="true">
</h:inputText>
<br />
<br />
<label for="j_password"><h:outputText value="Password:" /><br />
</label>
<h:inputSecret id="j_password" required="true">
</h:inputSecret>
<br />
<br />
<label for="_spring_security_remember_me"> <h:outputText
value="Remember me" /> </label>
<h:selectBooleanCheckbox id="_spring_security_remember_me" />
<br />
<h:commandButton type="submit" id="login"
action="#{loginBean.doLogin}" value="Login" />
</h:form>
@SessionScope
public class LoginBean implements Serializable
{
private String j_username;
private String j_password;
private String _spring_security_remember_me;
public String getJ_username() {
return j_username;
}
public void setJ_username(String j_username) {
this.j_username = j_username;
}
public String getJ_password() {
return j_password;
}
public void setJ_password(String j_password) {
this.j_password = j_password;
}
public String get_spring_security_remember_me() {
return _spring_security_remember_me;
}
public void set_spring_security_remember_me(String _spring_security_remember_me) {
this._spring_security_remember_me = _spring_security_remember_me;
}
// This is the action method called when the user clicks the "login" button
public String doLogin() throws IOException, ServletException
{
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(),
(ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
// It's OK to return null here because Faces is just going to exit.
return null;
}
}