我使用Spring MVC中使用Spring Security版本3.1.3和Tomcat 7.0.37配置與圖案的春季安全過濾器鏈返回404/j_spring_security_check
我需要配置2支安全過濾器鏈,一個用於BasicAuthentication另一個用於FormBasedAuthentication。
這裏是我的彈簧security.xml文件:
<beans:beans ...>
...
<!-- ....................... -->
<!-- The Gui is secured here -->
<!-- ....................... -->
<http auto-config="true" use-expressions="true" pattern="/gui/**">
<intercept-url pattern="/gui/login**" access="isAnonymous()"/>
<form-login login-page="/gui/login" default-target-url="/gui/welcome"
authentication-failure-url="/gui/loginfailed" />
<logout logout-success-url="/gui/logout" />
<intercept-url pattern="/welcome*" access="hasRole('een_admin')" />
<intercept-url pattern="/mandantAdmin/**" access="isAuthenticated()"/>
<intercept-url pattern="/standortAdmin/**" access="isAuthenticated()"/>
<intercept-url pattern="/ereignisse/**" access="isAuthenticated()" />
<intercept-url pattern="/tickets/**" access="isAuthenticated()"/> <!-- requires-channel="https" -->
<intercept-url pattern="/**" access="hasRole('een_admin')"/>
</http>
<!-- ................................. -->
<!-- The Service Methods are secured here -->
<!-- ................................. -->
<http use-expressions="true" >
<http-basic />
<logout logout-url="/resources/j_spring_security_logout"/>
<intercept-url pattern="/service/ticketManagement/**" access="isAuthenticated()"/>
<intercept-url pattern="/service/standortKonfig/**" access="isAuthenticated()"/>
<intercept-url pattern="/service/ereignisStorage/**" access="isAuthenticated()"/>
</http>
<debug/>
<authentication-manager>
<authentication-provider>
<password-encoder hash="sha-256"/>
<user-service>
<user name="123" password="asdf" authorities="een_admin" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
我的web.xml如下:
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- ........................................................................... -->
<!-- Spring Security -->
<!-- ........................................................................... -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
當訪問基於表單的受保護的資源的一個我成功地委派給配置的自定義登錄表單。但進入我的憑據後,我得到一個404錯誤的「j_spring_security_check」無法找到(它使用這個網址:"http://127.0.0.1:8080/webapp/j_spring_security_check"
)
下面是一些日誌:
Request received for '/gui/login':
[email protected]
servletPath:/gui/login
pathInfo:null
Security filter chain: [
SecurityContextPersistenceFilter
LogoutFilter
UsernamePasswordAuthenticationFilter
BasicAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
Request received for '/j_spring_security_check':
[email protected]
servletPath:/j_spring_security_check
pathInfo:null
Security filter chain: [
SecurityContextPersistenceFilter
LogoutFilter
BasicAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
01:06:06,345 WARN http-apr-8080-exec-3 servlet.PageNotFound:1080 - No mapping found for HTTP request with URI [/webapp/j_spring_security_check] in DispatcherServlet with name 'mvc-dispatcher'
In access_logs:
"POST /webapp/j_spring_security_check HTTP/1.1" 404 949
注意失蹤UsernamePasswordAuthenticationFilter時重定向。
如果我在第一個元素中刪除模式屬性pattern =「/ gui/**」並註釋掉第二個元素(否則需要攔截器url模式),它可以正常工作。
簡化了一點:向http元素添加模式屬性時,j_spring_security_check無法找到。
我做錯了什麼,有人可以幫助我嗎?
非常感謝,你真的幫我解決了這個問題! – mulrich 2013-03-25 09:57:29
我使用「/ gui/j_spring_security_check」作爲登錄處理url,我的login.jsp將其數據發送給它的值相同,並且它現在可用。我不太清楚如何使用這個「登錄」。do「,那麼」j_spring_security_check「在哪裏起作用? – mulrich 2013-03-25 10:06:26
它不再相關。login-processing-url設置過濾器響應的URL,只要它與登錄表單中的URL匹配,無所謂,'/ j_spring_security_check'只是默認值。 – 2013-03-25 17:04:10