java - Spring 安全http 404错误

Question

出于学习目的，我简单地使用了 Spring-hibernate 应用程序。它具有一对多的数据库关联，您可以在其中添加一个仓库，并且可以为每个仓库添加项目。现在我想添加 spring-security 进行身份验证，但是当我尝试访问该站点时，我收到 HTTP 错误 404。

这是 web.xml 中的 spring-security par:

<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>
        /WEB-INF/spring-security.xml
   </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

这是 spring-security.xml :

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security 
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http use-expressions="true">
        <intercept-url pattern="/record/**" access="permitAll" />
        <form-login />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="password" authorities="supervisor, teller, user" />
                <user name="dianne" password="emu" authorities="teller, user" />
                <user name="scott" password="wombat" authorities="user" />
                <user name="peter" password="opal" authorities="user" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

如果我将 access="permitAll" 更改为 `access="hasRole('supervisor')"当我尝试访问该应用程序时，系统会要求我输入用户名和密码，但是当我输入它们时，我也会收到 404 错误。如果没有 spring-security，当我访问“http://localhost:8080/testapp/record/list”时，应用程序可以正常工作...... 我用这个网站来了解 spring security - http://static.springsource.org/spring-security/site/tutorial.html

这是我的主 Controller :

@Controller
@RequestMapping("/record")
public class MainController {

    protected static Logger logger = Logger.getLogger("controller");

    @Resource(name="warehouseService")
     private WarehouseService warehouseService;

     @Resource(name="itemService")
     private ItemService itemService;

        @RequestMapping(value = "/list", method = RequestMethod.GET)
        public String getRecords(Model model) {
         logger.debug("Received request to show records page");

         // Retrieve all persons
         List<Warehouse> warehouses = warehouseService.getAll();

         // Prepare model object
         List<WarehouseDTO> warehousesDTO = new ArrayList<WarehouseDTO>();

         for (Warehouse warehouse: warehouses) {
          // Create new data transfer object
             WarehouseDTO dto = new WarehouseDTO();

       dto.setId(warehouse.getId());
       dto.setName(warehouse.getName());
       dto.setAddress(warehouse.getAddress());
       dto.setManager(warehouse.getManager());
       dto.setItems(itemService.getAll(warehouse.getId()));

       warehousesDTO.add(dto);
         }

         model.addAttribute("warehouses", warehousesDTO);

      return "records";
     }

有什么想法吗？

Answer 1

尝试在 form-login 标签中指定一个 default-target-url。我猜你的身份验证和 Spring 安全默认情况下将请求路由到应用程序的根目录，该应用程序未映射导致 404。

<form-login default-target-url="/record/list"/>

如果失败尝试(不确定 View 是如何映射的):

<form-login default-target-url="/record/list/"/>