这是我的 spring 安全配置的片段:
<security:http use-expressions="true">
<security:intercept-url pattern="/*" access="permitAll"/>
<security:intercept-url pattern="/admin*" access="hasRole('ROLE_ADMIN')" />
<security:form-login login-page="/zaloguj" default-target-url="/"
authentication-success-handler-ref="loginSuccessHandler"
authentication-failure-url="/zaloguj?error"
login-processing-url="/login"
/>
<security:logout logout-url="/wyloguj"
invalidate-session="true"
logout-success-url="/"
/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" authorities="ROLE_ADMIN" password="admin"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
当我输入登录表单 admin admin 时,我会被重定向到authentication-failure-url。我究竟做错了什么?我正在使用 Spring Security 版本 3.2.0.RELEASE。预先感谢您的任何帮助。最好的问候
最佳答案
尝试激活 Spring 安全性的调试日志记录。
以下配置适合我
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/welcome*" access="hasRole('ROLE_ADMIN')" />
<security:form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="test" password="123456" authorities="ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
我的日志记录配置(log4j.properties)
# Root logger option
log4j.rootLogger=INFO, stdout
# Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
log4j.logger.org.springframework.security=DEBUG,stdout
以下是成功登录时打印的调试语句
2014-03-09 03:56:08 DEBUG UsernamePasswordAuthenticationFilter:205 - Request is to process authentication
.........
2014-03-09 03:56:08 DEBUG SessionFixationProtectionStrategy:97 - Started new session: bq2ozweuwq07l16o2nspj4q3
2014-03-09 03:56:08 DEBUG UsernamePasswordAuthenticationFilter:319 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bf69f27c: Principal: org.springframework.security.core.userdetails.User@364492: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 1ajcb4rxv6p4ryg58262el5e8; Granted Authorities: ROLE_ADMIN
..................
2014-03-09 03:56:08 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /welcome
2014-03-09 03:56:08 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/welcome'
关于java - spring安全无法登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22271645/