堆栈内存溢出
  简体   繁体   English

Spring 安全认证:总是重定向到错误登录页面

[英]Spring security authentication: always redirect to error login page

 原文  2020-03-06 19:07:45       java/ xml/ spring/ spring-security

问题描述

I have problem with spring security login on my application.我的应用程序上的 spring 安全登录有问题。 My login page is on seller/login url, processing url is set to /loginProcessing, after submit login data on form:我的登录页面在卖家/登录 url 上,处理 url 设置为 /loginProcessing,在表单上提交登录数据后:

    <form name="loginform" action="/loginProcessing" method="POST">
    <table>
        <tr>
            <td>Enter username:</td>
            <td><input type='text' name='username' value=''></td>
        </tr>
        <tr>
            <td>Enter password:</td>
            <td><input type='password' name='password' /></td>
        </tr>
        <tr>
            <td colspan="2"> </td>
        </tr>
        <tr>
            <td colspan='2'><input name="submit" type="submit" value="Submit" /></td>
        </tr>
    </table>
</form>

I am always redirected to login error page with status 302 on loginProcessing, no matter if the login and password are correct.无论登录名和密码是否正确,我总是被重定向到 loginProcessing 状态为 302 的登录错误页面。 Do you know why it happens every time?你知道为什么每次都会发生吗? Sql queries in spring-security.xml for checking login data looks correct, passwords in database are stored as plain text spring-security.xml 中用于检查登录数据的 Sql 查询看起来正确,数据库中的密码以纯文本形式存储在此处输入图片说明

my configuration files:我的配置文件:

spring-security.xml:弹簧security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security.xsd">

<!-- enable use-expressions -->
<http auto-config="true">
    <intercept-url pattern="/admin/*" access="hasRole('admin')" />
    <intercept-url pattern="/seller/login" access="permitAll" />
    <intercept-url pattern="/customer/login" access="permitAll" />
    <intercept-url pattern="/changePassword" access="permitAll" />
    <intercept-url pattern="/index" access="permitAll" />

    <!-- user-defined login form redirection -->
    <form-login login-page="/seller/login" login-processing-url="/loginProcessing" default-target-url="/main"
                username-parameter="email" password-parameter="password"
                authentication-failure-url="/seller/login/error" />

    <!-- logout url -->
    <logout logout-success-url="/seller/login/logout" />

    <!-- csrf disabled -->
    <csrf disabled="true" />
</http>

<!-- Select users and user_roles from database -->
<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
                           users-by-username-query=
                                   "select email,password from users where email=?"
                           authorities-by-username-query=
                                   "select u.email, r.name from users u, role r, user_roles ur where u.id = ur.user_id and ur.roles_id = r.id and u.email =?" />
    </authentication-provider>
</authentication-manager>

applicationContext.xml:应用上下文.xml:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:tx="http://www.springframework.org/schema/tx"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd">


<context:component-scan base-package="application"/>
<context:annotation-config />
<mvc:annotation-driven />
<tx:annotation-driven transaction-manager="transactionManager1"/>
<import resource="classpath:spring-security.xml" />

<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />

<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
    <property name="persistenceUnitName" value="punit"/>
    <property name="dataSource" ref="dataSource"/>
    <property name="packagesToScan" value="application"/>
    <property name="jpaVendorAdapter">
        <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
            <property name="showSql" value="true"/>
        </bean>
    </property>
    <property name="jpaPropertyMap">
        <map>
            <entry key="hibernate.dialect" value="org.hibernate.dialect.PostgreSQL9Dialect"/>
            <entry key="hibernate.hbm2ddl" value="true"/>
            <entry key="hibernate.hbm2ddl.auto" value="update"/>
            <entry key="hibernate.format_sql" value="true"/>
            <entry key="hibernate.show_sql" value="true"/>
        </map>
    </property>
</bean>

<bean id="transactionManager1" class="org.springframework.orm.jpa.JpaTransactionManager">
    <property name="entityManagerFactory" ref="entityManagerFactory"/>
</bean>

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="org.postgresql.Driver"/>
    <property name="url" value="jdbc:postgresql://localhost:5432/khn"/>
    <property name="username" value="postgres"/>
    <property name="password" value="admin"/>
</bean>

servlet.xml servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
     http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd">

<mvc:default-servlet-handler/>

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/pages/"/>
    <property name="suffix" value=".html"/>
</bean>

web.xml:网页.xml:

<web-app  version="2.4"
     xmlns="http://java.sun.com/xml/ns/j2ee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>khn</display-name>


<welcome-file-list>
    <welcome-file>index.html</welcome-file>
</welcome-file-list>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:/applicationContext.xml</param-value>
</context-param>

<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>WEB-INF/servlet.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

1 个解决方案

解决方案1
 1  2020-03-07 17:24:39

Ok, i find answer by myself.好的,我自己找到答案。 I missed some schemas declaration in spring-security.xml and servlet.xml我错过了 spring-security.xml 和 servlet.xml 中的一些模式声明

Now in servlet.xml i have:现在在 servlet.xml 我有:

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans.xsd">

and in spring-security.xml:在 spring-security.xml 中:

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/security
             http://www.springframework.org/schema/security/spring-security.xsd">

Also i edited users-by-username-query, this query needs additional enabled column我还编辑了 users-by-username-query,这个查询需要额外的启用列

select email,password,1 as enabled from users where email=?

Now we can log in with valid credentials现在我们可以使用有效凭据登录

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Security自定义身份验证提供程序始终重定向到登录页面 - Spring Security Custom Authentication Provider always redirect to login page Spring Security,始终重定向到“登录”页面 - Spring Security, always redirect to Login page 在Spring Security预身份验证中重定向到错误页面 - Redirect to error page in spring security pre authentication Spring boot &amp; Spring security 总是重定向到 Login - Spring boot & Spring security always redirect to Login 春季安全重定向页面登录 - spring security redirect page login 错误页面重定向后,Spring Security身份验证为空 - Spring Security Authentication is null after Error page redirect Spring Security登录表单始终重定向到authfailed - Spring security login form always redirect to authfailed spring 安全登录总是重定向到失败 url - spring security login always redirect to failure url Spring 安全登录总是登陆一个没有消息的错误页面 - Spring security login always lands in an error page with no message Spring Security登录显示错误页面,身份验证失败? - Spring security login gives error page, is authentication failing?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM