2
我想學習彈簧安全,所以我已經下載了一些示例項目,然後我試圖實現該解決方案到我的項目。但是當我嘗試提交登錄表單時,我總是獲取在applicationContext-security.xml中定義的403頁面。但我期望的是'authentication-failure-url'用於無效的用戶名/密碼,或'default-target-url'用於正確的用戶名/密碼,而不是'access-denied-handler'/ forbidden(我的403頁面)。我會非常感激,如果有經驗的人能夠幫助我。 應用的security.xml彈簧安全登錄總是得到訪問被拒絕
<security:http security="none" pattern="/public/**"/>
<security:http security="none" pattern="/login*"/>
<security:http security="none" pattern="/maxSessionError*"/>
<security:http security="none" pattern="/forbidden*"/>
<security:http use-expressions="true">
<security:intercept-url pattern="/**" access="isAuthenticated()"/>
<security:form-login login-page="/login"
default-target-url="/home"
authentication-failure-url="/login"
authentication-success-handler-ref="loginSuccessHandler"
/>
<security:logout invalidate-session="true" delete-cookies="true" success-handler-ref="logoutSuccessHandler" />
<security:access-denied-handler error-page="/forbidden"/>
<security:session-management session-fixation-protection="newSession" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/maxSessionError" />
</security:session-management>
<security:custom-filter ref="xunxiSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
</security:http>
的login.jsp
<form action="<%=request.getContextPath()%>/j_spring_security_check" method="post" class="login-form" id="login-form" >
<label>Username</label>
<input type="text" placeholder="username" name="j_username"/>
<label>Password</label>
<input type="password" placeholder="password" name="j_password"/>
<label>
<input type="checkbox" name="_spring_security_remember_me" /> Remember me </label>
<button type="submit" >
Login
</button>
</div>
</form>
您使用的是哪個版本的Spring Security? – holmis83
sping 4.2.2彈簧安全4.0.2 –