我目前正在使用Spring框架中的博客 . 我正在实现Spring Security以进行登录 . 一切都按预期工作,直到我提交始终返回404代码的登录凭据 .
Here is my web.xml cod e
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>avispring</display-name>
<error-page>
<error-code>404</error-code>
<location>/404.html</location>
</error-page>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-database.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Here is my spring security code:
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/avispring"/>
<property name="username" value="root"/>
<property name="password" value=""/>
</bean>
<security:debug/>
<security:http auto-config="true">
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<security:form-login
login-page="/login.html"
authentication-failure-url="/login?login_error=1"
default-target-url="/admin/home.html"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select USERNAME,PASSWORD,ENABLED from USER_AUTHENTICATION where USERNAME=?"
authorities-by-username-query="select u1.USERNAME,u2.ROLE from USER_AUTHENTICATION u1,USER_AUTHORIZATION u2 where u1.USER_ID=u2.USER_ID and u1.USERNAME=?"/>
</security:authentication-provider>
</security:authentication-manager>
part of my login.jsp code is
<form action="<c:url value="/login"/>" method="post">
<div class="form-group has-feedback">
<input type="email" class="form-control" placeholder="Email" name="username">
<span class="glyphicon glyphicon-envelope form-control-feedback"></span>
</div>
<div class="form-group has-feedback">
<input type="password" class="form-control" placeholder="Password" name="password">
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
<div class="row">
<div class="col-xs-8">
<div class="checkbox icheck">
<label>
<input type="checkbox"> Remember Me
</label>
</div>
</div><!-- /.col -->
<div class="col-xs-4">
<button type="submit" class="btn btn-primary btn-block btn-flat" name="submit">Sign In</button>
</div><!-- /.col -->
</div>
</form>
and the console output is
2015年10月16日上午1:06:03 org.springframework.web.servlet.DispatcherServlet noHandlerFound警告:在DispatcherServlet中找不到带有URI [/ avispring / login]的HTTP请求的映射,名称为'spring'
Note:
-
我使用的是spring 4.2.1和spring security 4.0.2
-
大多数论坛都指向上下文路径,即 [appname/login] 或 [appname/j_spring_security_check] ,我认为我的相关
请帮忙...
UPDATE:
当我使用log4j时,表单提交时的调试输出如下:
DEBUG:org.springframework.web.servlet.DispatcherServlet - 绑定到线程的请求上下文:org.apache.catalina.connector.RequestFacade@c8b445 DEBUG:org.springframework.web.servlet.DispatcherServlet - 名为'spring'的DispatcherServlet处理POST请求[/ avispring / login] DEBUG:org.springframework.web.servlet.DispatcherServlet - 在DispatcherServlet中测试处理程序映射[org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf],名称为'spring'DEBUG :org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - 查找路径/登录的处理程序方法DEBUG:org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - 找不到[的处理程序方法/ login] DEBUG:org.springframework.web.servlet.DispatcherServlet - 在DispatcherServlet中测试处理程序映射[org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping@138f01b],名称为'spring'DEBUG:org.springframework.web.servlet .handler.BeanNameUrlHandlerMapping - 找不到[/ login] DEBUG的处理程序映射:org.springframework.web.servlet.DispatcherServlet - 在名为'spring的DispatcherServlet中测试处理程序映射[org.springframework.web.servlet.handler.SimpleUrlHandlerMapping@1ff154c] 'DEBUG:org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - 找不到[/ login] WARN的处理程序映射:org.springframework.web.servlet.PageNotFound - 找不到带URI的HTTP请求的映射[/ avispring / login]在DispatcherServlet中,名称为'spring'DEBUG:org.springframework.web.servlet.DispatcherServlet - 清除线程绑定请求上下文:org.apache.catalina.connector.RequestFacade@c8b445 DEBUG:org.springframework.web.servlet.DispatcherServlet - Successfully已完成的请求DEBUG:org.springframework.web.context.support.XmlWebApplicationContext - 在WebApplicationContext中发布名称空间'spring-servlet'的事件:ServletRequestHandledEvent:url = [/ avispring / login];客户= [0:0:0:0:0:0:0:1];方法= [POST];的servlet = [ spring ];会话= [BC0FB7E62DC0AFABD8EF72B8BF1CED54];用户= [零] . 时间= [3毫秒]; status = [OK] DEBUG:org.springframework.web.context.support.XmlWebApplicationContext - 在Root WebApplicationContext中发布事件:ServletRequestHandledEvent:url = [/ avispring / login];客户= [0:0:0:0:0:0:0:1];方法= [POST];的servlet = [ spring ];会话= [BC0FB7E62DC0AFABD8EF72B8BF1CED54];用户= [零] . 时间= [3毫秒]; status = [OK] DEBUG:org.springframework.web.servlet.DispatcherServlet - 绑定到线程的请求上下文:org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG:org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name' spring'处理[/avispring/404.html]的POST请求DEBUG:org.springframework.web.servlet.DispatcherServlet - 在DispatcherServlet中测试处理程序映射[org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf]名为'spring'DEBUG:org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - 查找路径/404.html DEBUG的处理程序方法:org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - 找到1个匹配的映射[/404.html]:[{[/ 404.html]}] DEBUG:org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - 返回处理程序方法[public org] .springframework.web.servlet.ModelAndView com.avispring.controll ers.HelloController.errorPage()] DEBUG:org.springframework.web.servlet.DispatcherServlet - 测试处理程序适配器[org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter@511db5] DEBUG:org.springframework.web.servlet.DispatcherServlet - 测试处理程序适配器[org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter@1a86ee] DEBUG:org.springframework.web.servlet.DispatcherServlet - 测试处理程序适配器[org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter @ c26a5f] DEBUG:org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - 使用参数[] DEBUG调用[HelloController.errorPage]方法:org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - 方法[errorPage]返回[ModelAndView:引用名为'/ 404'的视图; model is null] DEBUG:org.springframework.web.servlet.DispatcherServlet - 渲染视图[org.springframework.web.servlet.view.JstlView:name'/ 404'; DispatcherServlet中的URL [/WEB-INF/jsp//404.jsp]],名称为'spring'DEBUG:org.springframework.web.servlet.view.JstlView - 使用模型{}和静态名称'/ 404'呈现视图attributes {} DEBUG:org.springframework.web.servlet.view.JstlView - 转发到InternalResourceView'/ 404'DEBUG中的资源[/WEB-INF/jsp//404.jsp]:org.springframework.web.servlet.DispatcherServlet - 清除线程绑定请求上下文:org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG:org.springframework.web.servlet.DispatcherServlet - 已成功完成请求DEBUG:org.springframework.web.context.support.XmlWebApplicationContext - 发布事件在WebApplicationContext中命名空间'spring-servlet':ServletRequestHandledEvent:url = [/ avispring / 404.html];客户= [0:0:0:0:0:0:0:1];方法= [POST];的servlet = [ spring ];会话= [BC0FB7E62DC0AFABD8EF72B8BF1CED54];用户= [零] . 时间= [1毫秒]; status = [OK] DEBUG:org.springframework.web.context.support.XmlWebApplicationContext - 在Root WebApplicationContext中发布事件:ServletRequestHandledEvent:url = [/ avispring / 404.html];客户= [0:0:0:0:0:0:0:1];方法= [POST];的servlet = [ spring ];会话= [BC0FB7E62DC0AFABD8EF72B8BF1CED54];用户= [零] . 时间= [1毫秒];状态= [OK]
2 回答
好的,这太令人沮丧了,我通过点击和试用找到了答案 . 对于所有面临我问题的人,我发布了我的解决方案 . 我必须在我的web.xml文件中只更改一行 . 我不得不替换这段代码
用这个代码
我甚至不需要spring-security.xml文件中的这一行
希望可能对某人有所帮助 . 快乐的编码......
您是否尝试设置
<security:form-login>
元素的login-processing-url
属性?我使用与Spring和Spring Security相同的最新版本,我添加了login-processing-url
属性,如下所示:一切正常,我甚至不需要以下元素:
当然,如果你想使用
/login
而不是/j_spring_security_check
,你可以自由地使用/login
. 只需确保您在JSP和Spring Security配置文件中放置的URI匹配即可 .希望这会有所帮助......
杰夫
------------ UPDATE ------------
我想一想...... Spring Security在版本4中引入了跨站点请求伪造(CSRF)保护 . 当我更新我的代码时,为了避免在我所有受保护的JSP中添加CSRF管理(对我的业务需求不是必需的),我必须在
<security:http>
元素中添加以下元素:请试一试,告诉我它是否有效 .