Spring安全性:不支持身份验证方法:GET
我不知道我在哪里遗漏了一些东西,我真的非常感谢你在这方面的帮助! 尝试登录后,我收到“不支持身份验证方法:get”消息 以下是我的security-Context.xml:Spring安全性:不支持身份验证方法:GET,spring,spring-security,security-context,Spring,Spring Security,Security Context,我不知道我在哪里遗漏了一些东西,我真的非常感谢你在这方面的帮助! 尝试登录后,我收到“不支持身份验证方法:get”消息 以下是我的security-Context.xml: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instanc
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- <security:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> -->
<security:http auto-config="true">
<security:intercept-url pattern="/login/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/login/doLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/lib/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
<security:form-login login-page="/login/login.do" authentication-failure-url="/login/login.do?login_error=true" default-target-url="/test/showTest.do"/>
<security:logout logout-success-url="/login/login.do" invalidate-session="true" />
<security:remember-me key="rememberMe"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select EMAIL as email, PASSWORD as password, from ams.user where EMAIL=?"
authorities-by-username-query="
select distinct user.EMAIL as email, permission.NAME as authority
from ams.user, ams.user_role, ams.role, ams.role_permission, ams.permission
where user.ID=user_role.USER_ID AND user_role.ROLE_ID=role_permission.ROLE_ID AND role_permission.PERMISSION_ID=permission.ID AND user.EMAIL=?"/>
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="256" />
</bean>
</beans>
如果您需要更多信息,请告诉我,我想您可能会尝试向登录URL发送HTTP GET请求,并将用户名和密码作为查询参数。因为这本身就是不安全的(例如可以被书签),所以这是不允许的。你应该改为发送HTTP帖子。哦,你把这里的事情搞混了。您的
doLogin()
方法正在处理POST请求并将重定向作为响应发送。然后客户端(浏览器)向重定向消息中指定的URL(这是一个手工编制的登录URL)发送GET请求。嗯,好吧,那么,我应该如何或者更确切地说,在哪里告诉安全上下文它应该是post而不是Don’t为登录编写控制器方法。创建一个jsp或一个简单的html作为您的登录页面,该页面包含一个带有必填字段(email/pwd)的表单
,并将其发布到登录URL。Smth like:
这里您可以看到一个随机教程:不关心LDAP相关的东西,只需下载代码(文章末尾的链接)。它应该能帮助你开始。
@Controller
public class LoginController {
@RequestMapping(method = RequestMethod.GET)
public ModelAndView showLogin() {
ModelAndView mav = new ModelAndView("login/login");
return mav;
}
@RequestMapping(method = RequestMethod.POST)
public ModelAndView doLogin(@RequestParam("email") String email,
@RequestParam("password") String password,
@RequestParam("remember_me") boolean rememberMe,
HttpServletRequest request, HttpServletResponse response) {
ModelAndView mav = new ModelAndView();
mav.setViewName("redirect:/j_spring_security_check?j_email=" + email + "&j_password=" + password + "&_spring_security_remember_me=" + rememberMe);
return mav;
}
}