java - Spring security - 从自定义登录页面调用自定义身份验证提供程序

Question

我有一个自定义登录页面 (SecureLogin.jsp)

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Login</title>
    </head>
    <body>

    <form action="<c:url value='j_spring_security_check' />" method='POST'>
        <table>
            <tr>
                <td>Username</td>
                <td><input type="text" id="userName" name="userName"/></td>
            </tr>
            <tr>
                <td>Password</td>
                <td><input type="text" id="password" name="password"/><td>
            </tr>
        </table>
        <input type="submit"  value="submit" action="submit">
    </form>

    </body>
</html>

Spring security.xml如下:

<http>
    <intercept-url pattern="/security/SecureLogin.jsp*" filters="none" />
    <intercept-url pattern="/security/showCustomPage*" access="hasRole('ROLE_CUSTOM')" />
    <form-login 
            login-page="/security/SecureLogin.jsp" 
            login-processing-url="/j_spring_security_check"
            authentication-success-handler-ref="customAuthenticationSuccessHandler"
            authentication-failure-url="/security/showError.jsp"  />
</http>

<authentication-manager>
    <authentication-provider  ref="customAuthenticationProvider"/>

</authentication-manager>

我想让 customAuthenticationProvider 处理我的登录调用。 但是在提交登录凭据时，它显示 错误 404:SRVE0295E:报告错误:404 上述错误的应用程序网址是:

http://localhost:9081/app/security/j_spring_security_check

我是 Spring 和 Spring 安全的新手。任何帮助深表感谢。 另外，如果有更好的控制登录的方法，请提出。

编辑:Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <display-name>app</display-name>
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
    </welcome-file-list>

<!-- Spring Entries Start  -->
    <listener>
         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:/config/context.xml</param-value>
    </context-param>
    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:/config/dispatcher-config.xml</param-value>
        </init-param>

    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/api/*</url-pattern>
        <url-pattern>/security/*</url-pattern>
    </servlet-mapping>

    <!-- Spring Security Entries start -->  
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <session-config>
        <session-timeout>1</session-timeout>
    </session-config>
    <!-- Spring Security Entries end -->

<!-- Spring Entries End -->

</web-app>

上下文.xml

<import resource="security.xml" />
<context:component-scan base-package="com.demo" />
<context:annotation-config />

调度程序配置文件

<bean id="viewResolver"
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass"
        value="org.springframework.web.servlet.view.JstlView" />
        <property name="prefix" value="/WEB-INF/jsp/" />
        <property name="suffix" value=".jsp" />
    </bean>


    <context:component-scan base-package="com.demo.endpoint" />
    <context:annotation-config />

Answer 1

解决方案:我将 spring security 升级到 3.1.7 并更改了 security.xml

<http pattern="/security/**" auto-config="true" use-expressions="true" authentication-manager-ref="customAuthenticationManager" >
        <intercept-url pattern="/security/SecureLogin.jsp*" access="permitAll" />
        <intercept-url pattern="/security/doSecureLogin*" access="permitAll" /> 
        <intercept-url pattern="/security/j_spring_security_check*" access="permitAll"  />
        <intercept-url pattern="/security/Login.jsp/**" access="permitAll" />       
        <intercept-url pattern="/security/showCustomPage*" access="hasRole('ROLE_CUSTOM')" />
        <intercept-url pattern="/security/**" access="hasRole('ROLE_WELCOME')" />
        <form-login 
        login-page="/security/SecureLogin.jsp" 
        login-processing-url="/security/j_spring_security_check"
        authentication-failure-url="/security/showError.jsp"  />

    </http>
    <http pattern="/api/**" auto-config="true" security="none" />


    <authentication-manager alias="customAuthenticationManager">
        <authentication-provider  ref="customAuthenticationProvider"/> 
    </authentication-manager>   

在 http 标记中，我引用了我的身份验证管理器，其中定义了我的自定义身份验证提供程序。现在点击提交，custom-authentication-provider 被调用。
感谢大家的帮助。