java - Spring Security 显示 'Your login attempt was not successful due to' 用于自定义成员资格

Question

我对 Spring Security 感到困惑，当我打开登录页面时，它显示以下错误消息甚至在提交表单之前。我不知道如何解决这个问题。

Your login attempt was not successful due to 

my-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:oxm="http://www.springframework.org/schema/oxm" xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd 
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd 
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd 
http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">


.....

<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource"
        destroy-method="close">
        <property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <property name="url" value="jdbc:mysql://localhost:8889/myproject" />
        <property name="username" value="test" />
        <property name="password" value="test" />
    </bean>

    <bean id="sessionFactory"
        class="org.springframework.orm.hibernate4.LocalSessionFactoryBean"
        depends-on="dataSource">
        <property name="dataSource" ref="dataSource" />
        <property name="packagesToScan" value="com.myproject.model" />
        <property name="hibernateProperties">
            <props>
                <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
                <prop key="hibernate.format_sql">true</prop>
                <prop key="hibernate.use_sql_comments">true</prop>
                <prop key="hibernate.show_sql">true</prop>
                <prop key="hibernate.hbm2ddl.auto">update</prop>
            </props>
        </property>
    </bean>

<bean id="transactionManager"
        class="org.springframework.orm.hibernate4.HibernateTransactionManager">
        <property name="sessionFactory" ref="sessionFactory"></property>
    </bean>

    <tx:advice id="txAdvice" transaction-manager="transactionManager">
        <tx:attributes>
            <tx:method name="get*" read-only="true" />
            <tx:method name="find*" read-only="true" />
            <tx:method name="*" />
        </tx:attributes>
    </tx:advice>

    <aop:config>
        <aop:pointcut id="userServicePointCut"
            expression="execution(* com.myproject.service.*Service.*(..))" />
        <aop:advisor advice-ref="txAdvice" pointcut-ref="userServicePointCut" />
    </aop:config>

</beans>

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">
    <beans:import resource='login-service.xml' /> 
    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/" access="permitAll" />
        <intercept-url pattern="/member**" access="hasRole('ROLE_MEMBER')" />
        <intercept-url pattern="/signin" access="permitAll" />
        <access-denied-handler error-page="/403" />
        <form-login login-page="/signin" default-target-url="/index"
            authentication-failure-url="/signin?error" username-parameter="username"
            password-parameter="password" />
        <logout logout-success-url="/login?logout" />
        <!-- enable csrf protection -->
        <csrf />
    </http>
    <authentication-manager>
        <authentication-provider user-service-ref="myMemberDetailsService">
            <password-encoder hash="bcrypt" />
        </authentication-provider>
    </authentication-manager>
</beans:beans>

login-service.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

           <bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource"
        destroy-method="close">
        <property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <property name="url" value="jdbc:mysql://localhost:8889/myproject" />
        <property name="username" value="test" />
        <property name="password" value="test" />
    </bean>



</beans>

登录页面

<c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION}">
    <font color="red"> Your login attempt was not successful due
        to <br />
    <br /> <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
    </font>
</c:if>
<div class="row">
    <div class="col-sm-7">
        <div>
            <div>
                <h2 class="panel-title">Log-in</h2>
            </div>
            <c:if test="${not empty param.error}">
                Invalid username and password.
            </c:if>
            <c:if test="${not empty error}">
                <div class="error">${error}</div>
            </c:if>
            <c:if test="${not empty msg}">
                <div class="msg">${msg}</div>
            </c:if>
            <div>
                <form id="form-login" role="form" method="post"
                    action="<c:url value='/j_spring_security_check' />"
                    class="relative form form-default">
                    <input type="hidden" name="${_csrf.parameterName}"
                        value="${_csrf.token}" />
                    <p class="leyend">* Required information</p>
                    <div class="form-group clearfix">
                        <label for="input-email-01" class="col-xs-12 control-label">Email
                            *</label>
                        <div class="input-group col-sm-10">
                            <span class="input-group-addon">@</span> <input type="email"
                                name="username" id="input-email-01" class="form-control"
                                placeholder="Enter email" required>
                        </div>
                    </div>
                    <div class="form-group clearfix">
                        <label for="input-password-01" class="col-xs-12 control-label">Password
                            *</label>
                        <div class="col-sm-10">
                            <input type="password" name="password" id="input-password-01"
                                class="form-control" placeholder="Enter password" required>
                        </div>
                    </div>
                    <div class="form-group clearfix">
                        <div class="col-xs-12">
                            <button type="submit" class="btn btn-action btn-validate">Log
                                In</button>
                        </div>
                    </div>
                </form>

Answer 1

这可能是因为 SPRING_SECURITY_LAST_EXCEPTION 是一个始终包含值的常量。改变

<c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION}">

到

<c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION.message}">

可能会有帮助。