1
問題是我的表單正在調用GET控制器而不是POST一個。thymeleaf形式GEt url被調用而不是POST
<form class="m-t" role="form" th:action="@{login}" th:object="${adminLogin}" method="post" autocomplete="off">
<div th:if="${error}" class="alert alert-danger"><span th:text="${error}">Invalid username and password!!</span></div>
<div th:if="${logout}" class="alert alert-success">
<span th:text="${logout}">You have been logged out.</span></div>
<div class="form-group">
<input type="text" class="form-control" th:field="*{ssoId}" th:placeholder="#{login.form.field.username.placeholder}" required=""></input>
</div>
<div class="form-group">
<input type="password" class="form-control" th:field="*{password}" th:placeholder="#{login.form.field.password.placeholder}" required=""></input>
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<button type="submit" formmethod="post" class="btn btn-primary block full-width m-b" th:text="#{login.form.login.button.value}"></button>
<a href="#"><small>Forgot password?</small></a>
</form>
這裏是我的控制器
@Controller
public class AdminController {
private static final Logger LOGGER = LogManager.getLogger(AdminController.class);
@Autowired
FoodoutletUserSecurity userDetailsService;
@Autowired
private MessageSource messageSource;
@RequestMapping(value = { "/login", "/" }, method = RequestMethod.GET)
public ModelAndView login(Model model, @RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
LOGGER.debug("login page");
ModelAndView view = new ModelAndView("login", "command", model);
//view.addObject("adminLogin", adminLogin);
if (error != null) {
view.addObject("error", "Invalid username and password!");
}
if (logout != null) {
view.addObject("msg", "You've been logged out successfully.");
}
//view.setViewName("/login");
return view;
}
@RequestMapping(value = { "/404" }, method = RequestMethod.GET)
public ModelAndView error404(HttpServletRequest request) {
LOGGER.debug("4 page");
ModelAndView model = new ModelAndView();
model.setViewName("404");
return model;
}
@ModelAttribute("adminLogin")
public AdminLogin createModel() {
return new AdminLogin();
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ModelAndView login(Model model, @Valid @ModelAttribute AdminLogin adminLogin, HttpServletRequest request,
@RequestParam(value = "error", required = false) String error, @RequestParam(value = "logout", required = false) String logout) {
LOGGER.debug("admin login page");
ModelAndView view = (ModelAndView) model;
view.addObject("adminLogin", adminLogin);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
UserDetails userDetails = null;
try {
userDetails = userDetailsService.loadUserByUsername(adminLogin.getSsoId());
} catch (UsernameNotFoundException ex) {
view.addObject("error", "Username not found !");
}
if (userDetails != null && userDetailsService.hasRole(userDetails, Role.ADMIN)) {
view.setViewName("/admin/index");
LOGGER.debug("returning admin index page");
} else {
LOGGER.debug("user is not admin");
view.addObject("error", messageSource.getMessage("login.admin.invalidcredentials", null, request.getLocale()));
}
if (logout != null) {
view.addObject("msg", "You've been logged out successfully.");
}
return view;
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logoutPage(HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return "redirect:/login?logout";
}
}
@Component("adminLogin")
public class AdminLogin implements Serializable {
private static final long serialVersionUID = -6394045014528037520L;
private String ssoId;
private String password;
public AdminLogin() {
}
public AdminLogin(String ssoId, String password) {
this.ssoId = ssoId;
this.password = password;
}
public String getSsoId() {
return ssoId;
}
public void setSsoId(String ssoId) {
this.ssoId = ssoId;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
這是一個奇怪的行爲..
username參數 'ssoId' 爲空的結果。因此,登錄失敗並顯示配置的錯誤消息。
您是否也在使用Spring Security?你可能想要發佈你的XML/Java配置。看看那裏配置了什麼,因爲通常有一些登錄參數。 – bphilipnyc