0
我正在嘗試按照自定義的自定義登錄自定義登錄Spring Security的示例。不知道我犯了什麼錯誤,但我無法弄清楚爲什麼自定義表單登錄不起作用。該頁面被重定向到受保護的資源而無需身份驗證。春季安全自定義登錄表格
該項目使用spring-data-jpa獲取要在視圖中顯示的數據。
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>spring-security2</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- The front controller of this Spring Web application, responsible for handling all application requests -->
<servlet>
<servlet-name>springDispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map all requests to the DispatcherServlet for handling -->
<servlet-mapping>
<servlet-name>springDispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- needed for ContextLoaderListener -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/security-context.xml</param-value>
</context-param>
<!-- Bootstraps the root web application context before servlet initialization -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
調度-servlet.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<context:component-scan base-package="domain.app"/>
<mvc:annotation-driven/>
<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/view/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<mvc:resources location="/resources/" mapping="/resources/**"/>
</beans>
安全的context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:http auto-config="true" use-expressions="false" >
<security:form-login
login-page="/login"
login-processing-url="/login"
username-parameter="custom_username"
password-parameter="custom_password"
authentication-failure-url="/login?error=true"/>
<security:intercept-url pattern="/films/*" access="ROLE_USER"/>
<security:intercept-url pattern="/login/*" access="ROLE_ANONYMOUS, ROLE_USER"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="password" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
控制器
@Controller
public class FilmController {
@Autowired
private FilmRepository repository;
@RequestMapping("/")
public String film(Model model) {
model.addAttribute("films", repository.findAll());
return "film";
}
@RequestMapping("/films")
public String popularFilms(Model model) {
model.addAttribute("films", repository.findByCategory("Popular"));
return "films";
}
@RequestMapping(value="/login", method=RequestMethod.GET)
public String login() {
return "login";
}
}
的login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
</head>
<body>
<c:url value="/login" var="loginVar" />
<form action="${loginVar}" method="post">
<div class="form-group">
<label for="username">Email address</label>
<input type="text" class="form-control" name="custom_username"
placeholder="username">
</div>
<div class="form-group">
<label for="password">Password</label> <input
type="password" class="form-control" name="custom_password"
placeholder="Password">
</div>
<c:if test="${param.error != null}">
<span class="label label-danger">Invalid username or password</span>
</c:if>
<button type="submit" class="btn btn-default">Submit</button>
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</body>
</html>
我覺得春無法識別過濾器放置委託代理過濾器下面的所有配置,請告訴我,如果它的工作 –
嘗試添加csrf保護令牌我看不到一個令牌,你也沒有禁用它 –
我太懷疑了,並添加了csrf標記,但這也不起作用。還有另一個應用程序正在工作,我看到的唯一區別是它具有高於安全上下文的根應用程序上下文,並且上下文偵聽器加載器位於web.xml中的servlet定義之上。我會檢查是否有任何區別。 – vijayanand