1. 首頁
  2. 問答
  3. 無法理解的自定義登錄頁面請求

無法理解的自定義登錄頁面請求

2013-01-17 55 views
0

四郎的行爲,我使用Apache四郎,以確保我的Spring MVC應用程序。這是我的配置:無法理解的自定義登錄頁面請求

<!-- Shiro --> 
<bean id = "hibernateRealm" class = "com.bidapp.presentation.shiro.HibernateRealm" /> 

<bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 
    <property name = "realm" ref = "hibernateRealm" /> 
</bean> 

<bean id = "lifecycleBeanPostProcessor" class = "org.apache.shiro.spring.LifecycleBeanPostProcessor" /> 

<bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
    <property name = "securityManager" ref = "securityManager" /> 
</bean> 
<!-- Shiro -->

在web.xml中(除其他事項外)

<filter> 
    <filter-name>shiroFilter</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    <init-param> 
     <param-name>targetFilterLifecycle</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>shiroFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

我的登錄頁面是context/account/login。當我嘗試提交表單,我得到消息The request sent by the client was syntactically incorrect(). 400 HTTP錯誤代碼,以下爲四郎

記錄 
365348 [http-bio-8080-exec-5] TRACE o.a.s.w.s.OncePerRequestFilter - Filter 'shiroFilter' not yet executed. Executing now. 
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - Context already contains a SecurityManager instance. Returning. 
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No identity (PrincipalCollection) found in the context. Looking for a remembered identity. 
365349 [http-bio-8080-exec-5] TRACE o.a.shiro.web.servlet.SimpleCookie - No 'rememberMe' cookie value 
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No remembered identity found. Returning original context. 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] to thread [http-bio-8080-exec-5] 
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [http-bio-8080-exec-5] 
365349 [http-bio-8080-exec-5] TRACE o.a.s.w.servlet.AbstractShiroFilter - No FilterChain configured for the current request. Using the default. 
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - get() - in thread [http-bio-8080-exec-5] 
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Retrieved value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] bound to thread [http-bio-8080-exec-5] 
365351 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false

真正奇怪的是,我可以點擊back然後forward在我的瀏覽器,帶我到正確的認證的網頁。我試過調試,我的Controller甚至都沒有被調用。但是怎麼可能,如果點擊backforward帶我到正確的網頁?

我沒有在我的web.xml中其他任何過濾器,不使用任何Shiro的默認篩選器,不會故意反正。

這是怎麼回事?

不,它讓我在Eclipse的靛藍髮展任何區別。這是應該調用的代碼,但不是(在調試模式下)。

@RequestMapping(value = "/account/login", method = RequestMethod.POST, params = "login") 
    public String login(@RequestParam("username") String username, 
      @RequestParam("password") String password, 
      @RequestParam("remember") boolean rememberMe, 
      Model model) { 
     Subject currentUser = SecurityUtils.getSubject(); 

     if (!currentUser.isAuthenticated()) { 

      UsernamePasswordToken token = new UsernamePasswordToken(username, password); 
      token.setRememberMe(rememberMe); 
      currentUser.login(token); 

      return "redirect:/account/profile"; 
     } 

     return "home"; 

    }

來源

2013-01-17 Sotirios Delimanolis

回答

0

所以我仍然無法解釋前進和後退按鈕行爲,但這不是Shiro問題。問題出在記住我的複選框。在登錄的處理方法,我有@RequestParam("remember") boolean rememberMe但它應該是@RequestParam(value = "remember", required = false) boolean rememberMerequired意味着你不需要它。默認情況下,Spring讓我們能夠真正的,所以它會說,這是調用正確的方法,但它不能調用它,因爲它不具備它所需要的信息,從而400

來源

2013-01-20 00:52:51

1

如果您沒有在Shiro的配置中定義任何過濾器,Shiro將允許通過任何請求。換句話說,就是因爲你有一個認證的頁面,Shiro不知道要不要保護它。你必須告訴Shiro保護那個頁面。例如:

[main] 
#tell Shiro where to redirect to if login is required: 
authc.loginUrl = /account/login 

[urls] 
# ensure the following pages require authentication (the loginUrl will be 
# allowed however): 
/account/** = authc

至於400錯誤,四郎不發出這樣的錯誤響應 - 它可能是你的容器或彈簧,其發出的錯誤。

另外,如果你使用四郎1.2或更高版本,不要忘了相關<dispatcher>元素添加到<filter-mapping>

http://shiro.apache.org/web.html#Web-Shiro1.2andlater

來源

2013-01-18 01:12:27

+0

是否把網址下'[ urls]'是否意味着我不需要在每個控制器處理程序方法中每次都使用'Subject.isAuthenticated()'?你能解釋一下調度器元素是什麼,我不能在文檔中找到解釋嗎? –

+0

而這些都不能解釋我得到的行爲。我可以訪問任何其他頁面,但不能登錄頁面。 –

相關問題

 相關問題