彈簧安全性404錯誤

Question

結合使用Spring Security和Hibernate，當用戶到達/ login並輸入其憑據時，應該將其轉發到/ users / home。 但是他不是第一次登錄，而是顯示404消息，請求的資源不可用（有時在/favicon.ico上（如果它在活動域中，在localhost /上，如果在localhost中）。 如果他返回登錄頁面並使用相同的憑據再次登錄，則說明他已正確登錄到/ users / home。 這是為什么？ http://pastie.org/8586150

春季安全xml：

<security:form-login
    login-page="/login"

    authentication-failure-url="/login?error=true"

    default-target-url="/users/home"/>

 <security:authentication-manager>
         <security:authentication-provider user-service-ref="customUserDetailsService">
         </security:authentication-provider>
 </security:authentication-manager>

-控制器--------

@RequestMapping(value = "/users/home" )
    public String userHome(ModelMap model, HttpServletRequest request) {
        User springUser = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        String loginId = springUser.getUsername(); //get logged in username

        result = userService.getUserByLoginId(loginId); 
        Users user = (Users)result.getObject();
        HttpSession session = request.getSession(true);
        session.setAttribute("userName", user.getName());
//        model.addAttribute("username", user.getName());

        return "/users/home";       
    }

---

package web.service.common;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Repository;
import web.dao.UsersDAO;
import web.dao.impl.jpa.UsersDAOImpl;
import web.entity.Users;


@Service
public class CustomUserDetailsService implements UserDetailsService{

    //@Resource
   @Autowired
   private UsersDAO userDAO;

 public UserDetails loadUserByUsername(String email)
   throws UsernameNotFoundException, DataAccessException {


  // Declare a null Spring User
  UserDetails springUser = null;


  try {
    System.out.println("the email passed from CustomUserDetailsService in method loadUserByUsername is: " +email);

   Users dbUser = userDAO.getUserByLoginId(email);

   springUser =  new User(
     dbUser.getEmail(),
     dbUser.getPassword().toLowerCase(),
     true,
     true,
     true,
     true,
     //getAuthorities(dbUser.getAccess()) );
     getAuthorities(2) );

  } catch (Exception e) {

   e.printStackTrace();
    System.out.println(e.getMessage());
   throw new UsernameNotFoundException("Error in retrieving user");
  }
   System.out.println("debug ---- 4");

  return springUser;
 }

  public Collection<GrantedAuthority> getAuthorities(Integer access) {
   List<GrantedAuthority> authList = (List<GrantedAuthority>) new ArrayList<GrantedAuthority>(2);


   authList.add(new GrantedAuthorityImpl("ROLE_USER"));


   return authList;
   }

}

Answer 1

這可能是由於沒有從數據庫獲取用戶。 當您從數據庫中找不到任何用戶時，嘗試返回null。

Users dbUser = userDAO.getUserByLoginId(email);
if(dbUser==null){
    return null;
}

我還將與UserService分享我為Spring安全性開發的教程。 可能會幫助您進一步

https://www.mediafire.com/?9e2rd4ozb4qujuj

Answer 2

<security:intercept-url pattern="/favicon.ico" access="permitAll"/> 
<security:intercept-url pattern="/" access="permitAll"/> 

解決了問題:)

Answer 3

您需要允許訪問該圖標圖標的所有內容。 :)