彈簧安全未按預期工作

Question

我將使用彈簧安全來定製用戶登錄。

問題是當我嘗試登錄它說我HTTP狀態405 - 請求方法'POST'不支持。此外，我認爲它會調用RestAuthProvider類中的retriveUser（...）方法，但它不會。有人可以幫助我解決這個問題。

我已經做了以下這樣齊名

彈簧security.xml文件

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:security="http://www.springframework.org/schema/security" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

<http auto-config="true"> 
    <intercept-url pattern="/welcome*" access="ROLE_USER" /> 
    <form-login login-page="/login" default-target-url="/welcome" 
     authentication-failure-url="/loginfailed" /> 

    <logout logout-success-url="/logout" /> 
</http> 

<authentication-manager>   
    <authentication-provider ref="restAuthProvider" /> 
</authentication-manager> 

<beans:bean id="restAuthProvider" class="com.tgpl.mmbl.auth.RestAuthProvider" ></beans:bean> 

登錄JSP

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt"%> 
<div id="loginContent"></div> 
<div id="loginFrame"></div> 
<div id="loginForm"> 

    <c:if test="${not empty error}"> 
    <div class="errorblock"> 
     Your login attempt was not successful, try again.<br /> Caused : 
     ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} 
    </div> 
</c:if> 

<form id="frmLogin" name="frmLogin" method="post" <c:url value='j_spring_security_check'/>> 
    <br /> <br /> <br /> <br /> 
    <h3> 
     <font color="#666666"> <fmt:message key="login.userLogin" /> 
     </font> 
    </h3> 
    <p> 
     <input name="j_username" type="text" class="LoginTextbox" id="userName" 
      placeholder="<fmt:message key="login.userName"/>" maxlength="1000" required/> 
    </p> 
    <p> 
     <input name="j_password" type="password" class="LoginTextbox" 
      id="password" placeholder="<fmt:message key="login.password"/>" required/> 
    </p> 
    <p> 
     <input type="submit" name="OK" id="OK" 
      value="<fmt:message key="login.login"/>" class="LoginButton" /> 
    </p> 
    <p> 
     <a href="forgetpassword.html"><fmt:message key="login.forgotPassword" /> ?</a> 
    </p> 
</form> 

Controller類

package com.tgpl.mmbl; 

    import java.util.Locale; 

    import org.slf4j.Logger; 
    import org.slf4j.LoggerFactory; 
    import org.springframework.stereotype.Controller; 
    import org.springframework.ui.Model; 
    import org.springframework.web.bind.annotation.RequestMapping; 
    import org.springframework.web.bind.annotation.RequestMethod; 

/** 
    * Handles requests for the application home page. 
*/ 
@Controller 
    public class HomeController { 

private static final Logger LOGGER = LoggerFactory.getLogger(HomeController.class); 


@RequestMapping(value = "/welcome", method = RequestMethod.GET) 
public String home(Locale locale, Model model) { 
    LOGGER.info("Load welcome page"); 
    return "welcome"; 
} 


@RequestMapping(value = "/", method = RequestMethod.GET) 
public String login(Locale locale, Model model) { 

    LOGGER.info("Load login page"); 
    return "login"; 
} 



@RequestMapping(value = "/loginfailed", method = RequestMethod.GET) 
public String user(Locale locale, Model model) { 

    LOGGER.info("Load loginfailed page"); 
    return "loginfailed"; 
} 



} 

RestAuthProvider.java

package com.tgpl.mmbl.auth; 

import java.util.ArrayList; 
import java.util.List; 

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider; 
import org.springframework.security.core.AuthenticationException; 
import org.springframework.security.core.GrantedAuthority; 
import org.springframework.security.core.authority.SimpleGrantedAuthority; 
import org.springframework.security.core.userdetails.User; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.stereotype.Component; 

@Component 
public class RestAuthProvider extends AbstractUserDetailsAuthenticationProvider { 

@Override 
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) 
     throws AuthenticationException { 
    // TODO Auto-generated method stub 

} 

/* (non-Javadoc) 
* @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.springframework.security.authentication.UsernamePasswordAuthenticationToken) 
*/ 
@Override 
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { 

    System.out.println("Inside Retrive User , User Name :"+username+" , Password "+authentication.getCredentials().toString()); 

    String password = authentication.getCredentials().toString(); 
    UserDetails loadedUser = null; 

    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); 
    authorities.add(new SimpleGrantedAuthority("ROLE_USER")); 
    loadedUser = new User(username, password, authorities); 

    return loadedUser; 
} 
} 

Answer 1

你<form>標籤缺失的行動標籤的屬性名稱。

<form id="frmLogin" name="frmLogin" method="post" 
     <c:url value='j_spring_security_check'/>> 

我會寫

<form id="frmLogin" name="frmLogin" method="post" 
     action="<c:url value='j_spring_security_check'/>"> 

---

BTW：當你有這樣的問題（瀏覽器發送請求和服務器響應的一些事情完全錯誤的）下一次，再一次使用一個像firebug -networkmonitor或live http headers這樣的工具來查看瀏覽器發出的真實請求