Spring Security中的Login Logout用例
[英]Login Logout use case in Spring security
問題描述
我正在嘗試使用Spring Security創建登錄用例(我在參考此示例)。
輸入用戶名和密碼后,如果單擊“ login按鈕,則要求輸入
j_spring_security_check.htm
網址,並且獲取上述網址的HTTP狀態404。
我正在使用netbeans IDE。 我不知道哪里出了問題。 請幫忙。
這是web.xml的內容
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
</web-app>
這是login.jsp登錄表單的代碼
<c:if test="${not empty error}">
<div class="errorblock">
Your login attempt was not successful, try again.<br /> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
<form name='f' action="<c:url value='j_spring_security_check.htm' />" method="POST">
<div style="margin-left: 27%">
<input type="text" name="j_username" value="" placeholder="Username" class="login_hint" id="username" title="Username" />
<br/>
<input type="password" name="j_password" value="" placeholder="Password" class="login_hint" id="password" title="Password" />
<br />
<input type ="submit" value ="Login" class ="btn btn-primary loginBtn"/>
</div>
</form>
這是applicationContext-security.xml的內容
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true">
<intercept-url pattern="/admin*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/admin/home.htm"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="root" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
2 個解決方案
解決方案1
2 已采納 2013-06-03 08:23:47
UsernamePasswordAuthenticationFilter攔截發送到/j_spring_security_check j_spring_security_check的記錄(默認情況下),因此很可能只需要從login.jsp的操作URL刪除.htm結尾:
<form name='f' action="<c:url value='j_spring_security_check'/>" method="POST">
哦,好了,看來web.xml也缺少一些東西。 您將需要設置安全過濾器鏈:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
解決方案2
1 2013-06-29 04:47:21
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>Sample</display-name>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml,
/WEB-INF/spring/spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
只需提供servlet-網址映射為* .htm,過濾器映射網址格式為*
嘗試這個。 它會工作。 希望這可以幫助
我可以僅使用Spring Security的CSRF功能而不使用其LOGIN和LOGOUT功能嗎?
[英]Can I use Spring security's CSRF feature only without using its LOGIN and LOGOUT Feature?
在需要更正檢查用戶是否在數據庫中重復 email 時,使用 mvc webapp spring 安全性,形成家庭登錄注銷
[英]Where need to correct check User for dublicate email in database, use mvc webapp spring security, form home login logout
在spring security中覆蓋默認login-processing-url的用例是什么?
[英]What is the use case for overriding default login-processing-url in spring security
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Spring安全登錄和注銷
Spring Security登錄/注銷問題
spring-security login?logout重定向到登錄
我可以僅使用Spring Security的CSRF功能而不使用其LOGIN和LOGOUT功能嗎?
在需要更正檢查用戶是否在數據庫中重復 email 時,使用 mvc webapp spring 安全性,形成家庭登錄注銷
春季安全性注銷電話
Spring Security無法注銷
在spring security中覆蓋默認login-processing-url的用例是什么?
春季安全性注銷
Spring Security:注銷時出現 404
相關標簽