stackoom
  简体   繁体   中英

spring security can't login

 原文  2014-03-08 16:03:29       java/ spring/ spring-mvc/ spring-security

Question

This is snippet from my spring security configuration: 

<security:http use-expressions="true">
    <security:intercept-url pattern="/*" access="permitAll"/>
    <security:intercept-url pattern="/admin*" access="hasRole('ROLE_ADMIN')" />
    <security:form-login login-page="/zaloguj" default-target-url="/"
                         authentication-success-handler-ref="loginSuccessHandler"
                         authentication-failure-url="/zaloguj?error"
                         login-processing-url="/login"

            />
    <security:logout logout-url="/wyloguj"
                     invalidate-session="true"
                     logout-success-url="/"
            />
</security:http>


<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="admin" authorities="ROLE_ADMIN" password="admin"/>
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

When I type in login form admin admin I am redirected to authentication-failure-url. What am I doing wrong? I am using Spring Security version 3.2.0.RELEASE. Thanks in advance for any help. Best Regards

1 answers

solution1
 2 ACCPTED  2014-03-08 22:11:02

Try activating the debug logging for Spring security.

The following configuration works for me 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/welcome*" access="hasRole('ROLE_ADMIN')" />
        <security:form-login login-page="/login" default-target-url="/welcome"
            authentication-failure-url="/loginfailed" />
        <security:logout logout-success-url="/logout" />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="test" password="123456" authorities="ROLE_ADMIN" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

</beans>

My logging configuration (log4j.properties) 

# Root logger option
log4j.rootLogger=INFO, stdout

# Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

log4j.logger.org.springframework.security=DEBUG,stdout

And following are the debug statement printed on successful login 

2014-03-09 03:56:08 DEBUG UsernamePasswordAuthenticationFilter:205 - Request is to process authentication
.........
2014-03-09 03:56:08 DEBUG SessionFixationProtectionStrategy:97 - Started new session: bq2ozweuwq07l16o2nspj4q3
2014-03-09 03:56:08 DEBUG UsernamePasswordAuthenticationFilter:319 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bf69f27c: Principal: org.springframework.security.core.userdetails.User@364492: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 1ajcb4rxv6p4ryg58262el5e8; Granted Authorities: ROLE_ADMIN
..................
2014-03-09 03:56:08 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /welcome
2014-03-09 03:56:08 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/welcome'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can't login to my custom login page in spring boot security Spring security “forward:” directive can't forward to login form Can't login with Java Configuration and Spring Security 3.2 Spring Security - can't login after entering invalid password HandlerInterceptorAdapter doesn't run on login with Spring Security Spring security - can not get to the login page can't login after I have switched from in memory data store to using a database in spring security UsernameNotFoundException: Login form in Spring Boot + Spring Security doesn't work Login with Spring Security and jdbcTemplate Spring security login and register
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM