我有一个自定义登录页面 (SecureLogin.jsp)
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login</title>
</head>
<body>
<form action="<c:url value='j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>Username</td>
<td><input type="text" id="userName" name="userName"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" id="password" name="password"/><td>
</tr>
</table>
<input type="submit" value="submit" action="submit">
</form>
</body>
</html>
Spring security.xml如下:
<http>
<intercept-url pattern="/security/SecureLogin.jsp*" filters="none" />
<intercept-url pattern="/security/showCustomPage*" access="hasRole('ROLE_CUSTOM')" />
<form-login
login-page="/security/SecureLogin.jsp"
login-processing-url="/j_spring_security_check"
authentication-success-handler-ref="customAuthenticationSuccessHandler"
authentication-failure-url="/security/showError.jsp" />
</http>
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
我想让 customAuthenticationProvider 处理我的登录调用。
但是在提交登录凭据时,它显示
错误 404:SRVE0295E:报告错误:404
上述错误的应用程序网址是:
http://localhost:9081/app/security/j_spring_security_check
我是 Spring 和 Spring 安全的新手。任何帮助深表感谢。 另外,如果有更好的控制登录的方法,请提出。
编辑:Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>app</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<!-- Spring Entries Start -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/config/context.xml</param-value>
</context-param>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/config/dispatcher-config.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/api/*</url-pattern>
<url-pattern>/security/*</url-pattern>
</servlet-mapping>
<!-- Spring Security Entries start -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<!-- Spring Security Entries end -->
<!-- Spring Entries End -->
</web-app>
上下文.xml
<import resource="security.xml" />
<context:component-scan base-package="com.demo" />
<context:annotation-config />
调度程序配置文件
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<context:component-scan base-package="com.demo.endpoint" />
<context:annotation-config />
最佳答案
解决方案:我将 spring security 升级到 3.1.7 并更改了 security.xml
<http pattern="/security/**" auto-config="true" use-expressions="true" authentication-manager-ref="customAuthenticationManager" >
<intercept-url pattern="/security/SecureLogin.jsp*" access="permitAll" />
<intercept-url pattern="/security/doSecureLogin*" access="permitAll" />
<intercept-url pattern="/security/j_spring_security_check*" access="permitAll" />
<intercept-url pattern="/security/Login.jsp/**" access="permitAll" />
<intercept-url pattern="/security/showCustomPage*" access="hasRole('ROLE_CUSTOM')" />
<intercept-url pattern="/security/**" access="hasRole('ROLE_WELCOME')" />
<form-login
login-page="/security/SecureLogin.jsp"
login-processing-url="/security/j_spring_security_check"
authentication-failure-url="/security/showError.jsp" />
</http>
<http pattern="/api/**" auto-config="true" security="none" />
<authentication-manager alias="customAuthenticationManager">
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
在 http 标记中,我引用了我的身份验证管理器,其中定义了我的自定义身份验证提供程序。现在点击提交,custom-authentication-provider 被调用。
感谢大家的帮助。
关于java - Spring security - 从自定义登录页面调用自定义身份验证提供程序,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49667094/