[英]Spring boot with Spring Security j_spring_security_check not allowed
[英]Spring 3 Security j_spring_security_check
我正在嘗試了解 spring 安全性是如何工作的,所以我下載了一些示例項目,然后我嘗試在我的項目中實施該解決方案。 但是當我嘗試登錄時,我收到404
錯誤,並且在地址欄中我有http://localhost:8080/fit/j_spring_security_check
。 我試圖在這里查看類似的問題,但我無法意識到如何將其應用於我的項目。 我真的很感激,如果有人更有經驗,可以幫助我。
我的應用程序結構如下所示:
應用上下文.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<context:annotation-config/>
<context:component-scan base-package="cz.cvut.fit"/>
<import resource="classpath:applicationContext-security.xml"/>
</beans>
applicationContext-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<context:annotation-config/>
<context:component-scan base-package="cz.cvut.fit" />
<mvc:annotation-driven />
<security:global-method-security jsr250-annotations="enabled"
proxy-target-class="true"/>
</beans>
applicationContext-security.xml:
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/views/login.jsp*" security="none"/>
<security:http pattern="/views/denied.jsp" security="none"/>
<security:http auto-config="true" access-denied-page="/denied.jsp" servlet-api-provision="false">
<security:intercept-url pattern="/views/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/views/edit/**" access="ROLE_EDIT"/>
<security:intercept-url pattern="/views/admin/**" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:form-login login-page="/views/login.jsp" authentication-failure-url="/denied.jsp"
default-target-url="/home.jsp"/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
<security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
您正在嘗試根據網頁的當前上下文路徑驗證 uri。 JSTL 標記庫可用於確保您根據應用程序的上下文輕松生成正確的 url。 如果你想快速實現它,你可以通過使用標簽庫來做到這一點。 為此,您可以將 jstl 標記庫添加到 jsp 的頂部:
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
然后您可以使用以下內容發布到登錄 servlet。
<form action="<c:url value="/j_spring_security_check"></c:url>" method="post" role="form">
這確保您始終發布到 <your_application_context>/j_spring_security_check。
jstl 參考: http : //docs.oracle.com/javaee/5/jstl/1.1/docs/tlddocs/c/url.html
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
添加您的 web.xml 文件。它是您的 springSecurityFilterChain 的創建 Bean。然后您得到了響應
路徑/j_spring_security_check
在 spring 4 已更改為/login
並在UsernamePasswordAuthenticationFilter
處理
你可以在這里找到它的來源: https : //github.com/spring-projects/spring-security/blob/master/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.