2013-10-07 92 views
4

你好我想在我的application.But配置Spring Security一旦我輸入用戶名和密碼,並提交表單,我得到錯誤春季安全登錄錯誤:HTTP狀態404 -/j_spring_security_check

HTTP Status 404 - /j_spring_security_check The requested resource is not available.

enter image description here

以下是我的配置文件:

的web.xml

<filter-mapping> 
    <filter-name>CharacterEncodingFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value>/WEB-INF/applicationContext.xml,/WEB-INF/taskTracker-app.xml,/WEB-INF/taskTracker-servlet.xml,/WEB-INF/taskTracker-security.xml</param-value> 
</context-param> 

<servlet> 
    <servlet-name>taskTracker</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <load-on-startup>2</load-on-startup> 
</servlet> 

<servlet-mapping> 
    <servlet-name>taskTracker</servlet-name> 
    <url-pattern>*.html</url-pattern> 
</servlet-mapping> 

的TaskTracker-servlet.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" 
    xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
http://www.springframework.org/schema/tx 
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
http://www.directwebremoting.org/schema/spring-dwr 
http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd"> 

    <bean id="TaskTrackerLoginController" 
     class="org.springframework.web.servlet.mvc.ParameterizableViewController"> 
     <property name="viewName"> 
      <value>/taskTracker/sign-in</value> 
     </property> 
    </bean> 

    <bean id="TaskTrackerErrorController" 
     class="org.springframework.web.servlet.mvc.ParameterizableViewController"> 
     <property name="viewName"> 
      <value>/taskTracker/error</value> 
     </property> 
    </bean> 

    <bean id="WelcomeController" class="com.tracker.web.controllers.WelcomeController"> 
     <property name="BusinessLogic"> 
      <ref bean="BusinessLogic" /> 
     </property> 
     <property name="viewName"> 
      <value>/taskTracker/welcome</value> 
     </property> 
    </bean> 

    <bean id="nonSecurePageMappings" 
     class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> 
     <property name="mappings"> 
      <props> 
       <prop key="/taskTracker/sign-in.html">TaskTrackerLoginController</prop> 
       <prop key="/taskTracker/error.html">TaskTrackerErrorController</prop> 
      </props> 
     </property> 
    </bean> 
    <bean id="PageMappings" 
     class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> 
     <property name="mappings"> 
      <props> 

       <prop key="/taskTracker/welcome.html">WelcomeController</prop> 

      </props> 
     </property> 
    </bean> 

    <bean id="viewResolver" 
     class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
     <property name="viewClass"> 
      <value>org.springframework.web.servlet.view.JstlView</value> 
     </property> 
     <property name="prefix"> 
      <value>/WEB-INF/jsp/</value> 
     </property> 
     <property name="suffix"> 
      <value>.jsp</value> 
     </property> 
    </bean> 
</beans> 

的TaskTracker-security.xml文件

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

    <bean id="SecurityService" class="com.tracker.web.security.SecurityService"> 
     <property name="BusinessLogic"> 
      <ref bean="BusinessLogic" /> 
     </property> 
    </bean> 

    <security:http access-denied-page="/taskTracker/tracker/error.html" auto-config="false"> 
     <security:session-management invalid-session-url="/taskTracker/sign-in.html"> 
     </security:session-management> 
     <security:form-login login-page="/taskTracker/sign-in.html" default-target-url="/taskTracker/welcome.html" 
      always-use-default-target="false" authentication-failure-url="/taskTracker/sign-in.html?error=1" /> 
     <security:logout invalidate-session="true" logout-success-url="/taskTracker/sign-in.html" /> 
     <security:intercept-url pattern="/taskTracker/sign-in.html*" filters="none" /> 
     <security:intercept-url pattern="/taskTracker/welcome.html*" /> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider user-service-ref="SecurityService" /> 
    </security:authentication-manager> 

</beans> 

的TaskTracker-app.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" 
    xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
http://www.springframework.org/schema/tx 
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
http://www.directwebremoting.org/schema/spring-dwr 
http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd"> 

    <bean id="userDao" class="com.tracker.data.dao.jdbc.UserJdbcDao"> 
     <property name="dataSource"> 
      <ref bean="dataSource" /> 
     </property> 
    </bean> 

    <bean id="BusinessLogic" class="com.tracker.business.logic.TrackerBusinessLogicImpl"> 
     <property name="userLogic"> 
      <ref bean="userLogic" /> 
     </property> 
    </bean> 

    <bean id="userLogic" class="com.tracker.business.logic.user.UserLogic"> 
     <property name="userDao"> 
      <ref bean="userDao" /> 
     </property> 
    </bean> 
</beans> 

SecurityService.java

package com.tracker.web.security; 

import org.apache.log4j.Logger; 
import org.springframework.dao.DataAccessException; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 

import com.tracker.business.logic.TrackerBusinessLogic; 
import com.tracker.business.model.User; 

public class SecurityService implements UserDetailsService { 
    private final static Logger log = Logger.getLogger(SecurityService.class); 
    private TrackerBusinessLogic trackerBusinessLogic; 

    public UserDetails loadUserByUsername(String username) 
      throws UsernameNotFoundException, DataAccessException { 

     String errMsg = "User with username: " + username; 

     User user = trackerBusinessLogic.loadUser(username); 
     if(user!=null) { 
      // user has been loaded 
     } else { 
      log.error("User with username: " + username + " not found"); 
     } 
     return user; 
    } 

    public TrackerBusinessLogic getBusinessLogic() { 
     return trackerBusinessLogic; 
    } 

    public void setBusinessLogic(TrackerBusinessLogic trackerBusinessLogic) { 
     this.trackerBusinessLogic = trackerBusinessLogic; 
    } 
} 

登錄in.jsp

<html lang="en-US"> 
<head> 
    <title>Login</title> 
</head> 
<body> 
<div class="login"> 
    <h1>Task Tracker Login</h1> 
    <form action="/j_spring_security_check" method="post"> 
     <input type="text" name="j_username" value="" placeholder="Username" required="required" /> 
     <input type="password" name="j_password" placeholder="Password" required="required" /> 
     <input type="hidden" name="referrer" value="${param.referrer}" /> 
     <input type="submit" value="Let me in." class="btn btn-primary btn-block btn-large"> 
    </form> 
</div> 
</body> 
</html> 

請幫我什麼我在這裏失蹤。謝謝。

回答

8

在你sign-in.jsp,您需要更改URL到您所提交的登錄請求,你可以按照以下實現:

<c:url value="/j_spring_security_check" var="loginUrl" /> 

,並在你的表單操作使用:

<form action="${loginUrl}" method="post"> 

login-processing-url屬性默認爲/j_spring_security_check,並指定登錄表單(應包括usernamepassword)應提交給的URL,使用H TTP後。

+0

你有這個'<%​​@ taglib uri =「http://java.sun.com/jsp/jstl/core」prefix =「c」%>'添加到你的jsp? –

+0

非常感謝...現在提交,我得到http:// localhost:8080/TaskTracker/taskTracker/sign-in.html?error = 1這意味着該操作正在被調用並返回此URL用於失敗的登錄嘗試。 ..但問題是,我試圖登錄的用戶名和密碼,確實存在..那麼爲什麼是登錄失敗? –

+0

是因爲數據庫連接失敗。但是如果是這樣的話,我會在控制檯日誌中得到JDBC異常,但我沒有任何錯誤。 –

2

我固定的錯誤時加$ {} request.contextPath前/ j_spring_security_check

2

不涉及這方面的問題(但 「j_spring_security_check 404」 的問題有關)。認爲它可以幫助任何人試圖解決與春季4相同的問題,即使所有的設置都是正確的。

自Spring 4以來,spring默認啓用了csrf,因此首先檢查csrf是否禁用,如果解決了「j_spring_security_check 404」問題。

<http> 
    <!-- ... --> 
    <csrf disabled="true"/> 
</http> 

這僅僅是測試,如果它的工作,然後再啓用它,因爲禁用CSRF是不是一個好主意,web應用程序,這些天。所以刪除

<csrf disabled="true" /> 

線('怎麼CRSF默認啓用),並在驗證輸入表單中添加一個CSRF令牌字段:

<form action="${loginUrl}" method="post"> 
    <input ... /> 
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> 
</form> 

OR

<form action="${loginUrl}?${_csrf.parameterName}=${_csrf.token}" method="post"> .... </form>