j_spring_security_check不可

Question

我升級的Spring Security 2至3

此前的security.xml已AuthenticationProcessingFilter和AuthenticationProcessingFilterEntryPoint

所以我的新的security.xml是

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> 
<beans:bean id="userAuthenticationService" 
    class="com.raykor.core.service.UserAuthenticationService" /> 

<beans:bean id="shaEncoder" 
    class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" /> 

<global-method-security /> 

<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint"> 

    <intercept-url pattern="/resettingPassword.do**" access="ROLE_ADMIN" /> 
    <intercept-url pattern="/resetPassword.do**" access="ROLE_ADMIN" /> 
    <logout logout-success-url="/index.jsp" invalidate-session="true" /> 
</http> 

<authentication-manager alias="authenticationManager"> 
    <authentication-provider user-service-ref="userAuthenticationService"> 
     <password-encoder ref="shaEncoder"> 
      <salt-source user-property="salt" /> 
     </password-encoder> 
    </authentication-provider> 
</authentication-manager> 

<beans:bean id="authenticationFilter" 
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
    <beans:property name="filterProcessesUrl" value="/j_spring_security_check" /> 
    <beans:property name="authenticationManager" ref="authenticationManager" /> 
    <beans:property name="authenticationFailureHandler" 
     ref="failureHandler" /> 
    <beans:property name="authenticationSuccessHandler" 
     ref="successHandler" /> 
</beans:bean> 

<beans:bean id="successHandler" 
    class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
    <beans:property name="alwaysUseDefaultTargetUrl" value="false" /> 
    <beans:property name="defaultTargetUrl" value="/home.do" /> 
</beans:bean> 

<beans:bean id="failureHandler" 
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
    <beans:property name="defaultFailureUrl" value="/login.do?error=true" /> 
</beans:bean> 

<beans:bean id="authenticationProcessingFilterEntryPoint" 
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
    <beans:property name="loginFormUrl" value="/login.do" /> 
    <beans:property name="forceHttps" value="false" /> 
</beans:bean> 

`

還增加了過濾器springSecurityFilterChain在web.xml

在它打開login.do登錄頁面，在提交其提交給j_spring_security_check用戶名和密碼爲爲j_username & 爲j_password

那麼，爲什麼是否說j_spring_security_check不可用

Answer 1

我錯過了添加自定義過濾裁判我更新 作爲

<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint"> 
    <custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter"/> 
    <intercept-url pattern="/resettingPassword.do**" access="ROLE_ADMIN" /> 
    <intercept-url pattern="/resetPassword.do**" access="ROLE_ADMIN" /> 
    <logout logout-success-url="/index.jsp" invalidate-session="true" /> 
</http> 

完成所有已通過bean定義進行配置

Answer 2

您實例化UsernamePasswordAuthenticationFilter，但它不會成爲安全篩選器鏈的一部分，只是b創造它。嘗試從http配置元素中刪除auto-config="false"，並在其中包含一個<form-login>元素。我覺得可以用更簡潔namespace configuration應該使用Spring Security是首選3