春季安全性未按预期工作

Question

我将使用Spring Security来定制用户登录。

问题是当我尝试登录时说我的HTTP状态405-请求方法'POST'不支持。 我也想它会调用RestAuthProvider类中的retriveUser（...）方法，但不是。 可以帮我解决这个问题。

我已经完成了以下工作

弹簧security.xml文件

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<http auto-config="true">
    <intercept-url pattern="/welcome*" access="ROLE_USER" />
    <form-login login-page="/login" default-target-url="/welcome"
        authentication-failure-url="/loginfailed" />

    <logout logout-success-url="/logout" />
</http>

<authentication-manager>        
    <authentication-provider ref="restAuthProvider" />
</authentication-manager>

<beans:bean id="restAuthProvider" class="com.tgpl.mmbl.auth.RestAuthProvider" ></beans:bean>

登录jsp

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt"%>
<div id="loginContent"></div>
<div id="loginFrame"></div>
<div id="loginForm">

  <c:if test="${not empty error}">
    <div class="errorblock">
        Your login attempt was not successful, try again.<br /> Caused :
        ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
    </div>
</c:if>

<form id="frmLogin" name="frmLogin"  method="post" <c:url value='j_spring_security_check'/>>
    <br /> <br /> <br /> <br />
    <h3>
        <font color="#666666"> <fmt:message key="login.userLogin" />
        </font>
    </h3>
    <p>
        <input name="j_username" type="text" class="LoginTextbox" id="userName"
            placeholder="<fmt:message key="login.userName"/>" maxlength="1000" required/>
    </p>
    <p>
        <input name="j_password" type="password" class="LoginTextbox"
            id="password" placeholder="<fmt:message key="login.password"/>" required/>
    </p>
    <p>
        <input type="submit" name="OK" id="OK"
            value="<fmt:message key="login.login"/>" class="LoginButton" />
    </p>
    <p>
        <a href="forgetpassword.html"><fmt:message key="login.forgotPassword" /> ?</a>
    </p>
</form>

控制器类

package com.tgpl.mmbl;

  import java.util.Locale;

  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import org.springframework.stereotype.Controller;
  import org.springframework.ui.Model;
  import org.springframework.web.bind.annotation.RequestMapping;
  import org.springframework.web.bind.annotation.RequestMethod;

/**
  * Handles requests for the application home page.
 */
 @Controller
   public class HomeController {

private static final Logger LOGGER = LoggerFactory.getLogger(HomeController.class);


@RequestMapping(value = "/welcome", method = RequestMethod.GET)
public String home(Locale locale, Model model) {
    LOGGER.info("Load welcome page");
    return "welcome";
}


@RequestMapping(value = "/", method = RequestMethod.GET)
public String login(Locale locale, Model model) {

    LOGGER.info("Load login page");
    return "login";
}



@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String user(Locale locale, Model model) {

    LOGGER.info("Load loginfailed page");
    return "loginfailed";
}



 }

RestAuthProvider.java

package com.tgpl.mmbl.auth;

import java.util.ArrayList;
import java.util.List;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

@Component
public class RestAuthProvider extends AbstractUserDetailsAuthenticationProvider {

@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication)
        throws AuthenticationException {
    // TODO Auto-generated method stub

}

/* (non-Javadoc)
 * @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
 */
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {

    System.out.println("Inside Retrive User , User Name :"+username+" , Password "+authentication.getCredentials().toString());

    String password = authentication.getCredentials().toString();
    UserDetails loadedUser = null;

    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
    loadedUser = new User(username, password, authorities);

    return loadedUser;
}
 }

Answer 1

您的<form>标记缺少action标记的属性名称。

<form id="frmLogin" name="frmLogin"  method="post" 
      <c:url value='j_spring_security_check'/>>

我会写

<form id="frmLogin" name="frmLogin"  method="post"
      action="<c:url value='j_spring_security_check'/>">

---

顺便说一句：当您下次遇到这样的问题（浏览器发送请求并且服务器响应某些错误）时，请先使用firebug -networkmonitor或live http标头之类的工具查看实际的请求由浏览器发送