春季內存認證不起作用

Question

我是Spring的新手，並試圖通過參考文獻docs.spring.io/spring-security/site/docs/4.0.1.RELEASE/reference/htmlsingle瞭解。但我堅持有問題。當我進入

用戶名（BOB）

和

密碼（bobspassword）

認證失敗。

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-4.0.xsd"> 
    <http pattern="/css/**" security="none" /> 
    <http pattern="/app/login*" security="none"/> 

    <http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> 
     <form-login login-page="/app/login" default-target-url="/home.htm" 
      authentication-failure-url="/app/login?error" 

      always-use-default-target="true" 
      username-parameter="username" password-parameter="password" /> 
     <logout logout-success-url="/app/login?logout"/> 
     <csrf disabled="true"/> 
    </http> 

    <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="jimi" password="password" authorities="ROLE_USER, ROLE_ADMIN" /> 
       <user name="bob" password="bobspassword" authorities="ROLE_USER" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 

</beans:beans> 

下面給出登錄頁面的源代碼。

<%@ page language="java" contentType="text/html; charset=UTF-8" 
    pageEncoding="UTF-8"%> 
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
<title>Insert title here</title> 
</head> 
<body> 

    <c:url value="/login" var="postUrl" /> 
    <form action="${postUrl}" method="post" enctype="multipart/form-data"> 
     <c:if test="${param.error != null}">  
     <p>Invalid username and password.</p> 
     </c:if> 
     <c:if test="${param.logout != null}"> 
     <p>You have been logged out.</p> 
     </c:if> 
     <p> 
      <label for="username">Username</label> 
      <input type="text" 
       id="username" name="username" /> 
     </p> 
     <p> 
      <label for="password">Password</label> <input type="password" 
       id="password" name="password" /> 
     </p> 

     <input type="text" 
     name="${_csrf.parameterName}" 
      value="${_csrf.token}" /> 

     <button type="submit" class="btn">Log in</button> 
    </form> 
</body> 
</html> 

我正在使用spring security 4.0.1.RELEASE，CSRF被禁用。

Answer 1

改變

<form action="${postUrl}" method="post" enctype="multipart/form-data"> 

到

​​

感謝M.Deinum的指點錯誤。