2017-04-16 55 views
1

問題是我的表單正在調用GET控制器而不是POST一個。thymeleaf形式GEt url被調用而不是POST

<form class="m-t" role="form" th:action="@{login}" th:object="${adminLogin}" method="post" autocomplete="off"> 
      <div th:if="${error}" class="alert alert-danger"><span th:text="${error}">Invalid username and password!!</span></div> 
       <div th:if="${logout}" class="alert alert-success"> 
       <span th:text="${logout}">You have been logged out.</span></div> 
       <div class="form-group"> 
        <input type="text" class="form-control" th:field="*{ssoId}" th:placeholder="#{login.form.field.username.placeholder}" required=""></input> 
       </div> 
       <div class="form-group"> 
        <input type="password" class="form-control" th:field="*{password}" th:placeholder="#{login.form.field.password.placeholder}" required=""></input> 
       </div> 
       <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> 
       <button type="submit" formmethod="post" class="btn btn-primary block full-width m-b" th:text="#{login.form.login.button.value}"></button> 

       <a href="#"><small>Forgot password?</small></a> 
      </form> 

這裏是我的控制器

@Controller 
public class AdminController { 

    private static final Logger LOGGER = LogManager.getLogger(AdminController.class); 

    @Autowired 
    FoodoutletUserSecurity userDetailsService; 

    @Autowired 
    private MessageSource messageSource; 

    @RequestMapping(value = { "/login", "/" }, method = RequestMethod.GET) 
    public ModelAndView login(Model model, @RequestParam(value = "error", required = false) String error, 
      @RequestParam(value = "logout", required = false) String logout) { 

     LOGGER.debug("login page"); 
     ModelAndView view = new ModelAndView("login", "command", model); 
     //view.addObject("adminLogin", adminLogin); 
     if (error != null) { 
      view.addObject("error", "Invalid username and password!"); 
     } 

     if (logout != null) { 
      view.addObject("msg", "You've been logged out successfully."); 
     } 


     //view.setViewName("/login"); 

     return view; 

    } 

    @RequestMapping(value = { "/404" }, method = RequestMethod.GET) 
    public ModelAndView error404(HttpServletRequest request) { 
     LOGGER.debug("4 page"); 
     ModelAndView model = new ModelAndView(); 
     model.setViewName("404"); 
     return model; 
    } 

    @ModelAttribute("adminLogin") 
    public AdminLogin createModel() { 
     return new AdminLogin(); 
    } 

    @RequestMapping(value = "/login", method = RequestMethod.POST) 
    public ModelAndView login(Model model, @Valid @ModelAttribute AdminLogin adminLogin, HttpServletRequest request, 
      @RequestParam(value = "error", required = false) String error, @RequestParam(value = "logout", required = false) String logout) { 
     LOGGER.debug("admin login page"); 
     ModelAndView view = (ModelAndView) model; 
     view.addObject("adminLogin", adminLogin); 
     Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); 
     UserDetails userDetails = null; 
     try { 
      userDetails = userDetailsService.loadUserByUsername(adminLogin.getSsoId()); 
     } catch (UsernameNotFoundException ex) { 
      view.addObject("error", "Username not found !"); 
     } 

     if (userDetails != null && userDetailsService.hasRole(userDetails, Role.ADMIN)) { 
      view.setViewName("/admin/index"); 
      LOGGER.debug("returning admin index page"); 
     } else { 
      LOGGER.debug("user is not admin"); 
      view.addObject("error", messageSource.getMessage("login.admin.invalidcredentials", null, request.getLocale())); 
     } 

     if (logout != null) { 
      view.addObject("msg", "You've been logged out successfully."); 
     } 

     return view; 

    } 

    @RequestMapping(value = "/logout", method = RequestMethod.GET) 
    public String logoutPage(HttpServletRequest request, HttpServletResponse response) { 
     Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
     if (auth != null) { 
      new SecurityContextLogoutHandler().logout(request, response, auth); 
     } 
     return "redirect:/login?logout"; 
    } 
} 

@Component("adminLogin") 
public class AdminLogin implements Serializable { 

    private static final long serialVersionUID = -6394045014528037520L; 

    private String ssoId; 

    private String password; 

    public AdminLogin() { 
    } 

    public AdminLogin(String ssoId, String password) { 
     this.ssoId = ssoId; 
     this.password = password; 
    } 

    public String getSsoId() { 
     return ssoId; 
    } 

    public void setSsoId(String ssoId) { 
     this.ssoId = ssoId; 
    } 

    public String getPassword() { 
     return password; 
    } 

    public void setPassword(String password) { 
     this.password = password; 
    } 
} 

這是一個奇怪的行爲..

username參數 'ssoId' 爲空的結果。因此,登錄失敗並顯示配置的錯誤消息。

+0

您是否也在使用Spring Security?你可能想要發佈你的XML/Java配置。看看那裏配置了什麼,因爲通常有一些登錄參數。 – bphilipnyc

回答

0

我的不好。當我發佈此消息時,我一定很累。

問題是我的模型沒有映射意味着hibernate配置文件不在classpath中。另一個問題是安全配置中的用戶名變量不正確。

非常感謝。