我想制作自己的登录表单。当我更改登录页面时,我无法打开它。 Google Chrome 告诉我此页面的重定向次数过多...
我的代码:
@RequestMapping(value="/login", method = RequestMethod.GET)
public ModelAndView loginPage() {
ModelAndView modelAndView = new ModelAndView("login");
return modelAndView;
}
@RequestMapping(value="/loginError", method = RequestMethod.GET)
public ModelAndView loginErrorPage() {
ModelAndView modelAndView = new ModelAndView("login");
modelAndView.addObject("error", "true");
modelAndView.addObject("msg", "invalid login credentials");
return modelAndView;
}
设置:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/**").access("hasRole('ROLE_USER')")
.and().formLogin().loginPage("/login").defaultSuccessUrl("/index").failureUrl("/loginError");
}
和登录表单:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<c:if test="${error eq 'true'}">
${msg}
</c:if>
<form name='loginForm' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>User Name:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td><input name="submit" type="submit"
value="submit" />
</td>
<td><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
</body>
</html>
你能告诉我问题出在哪里吗?我研究了很多教程,但总是遇到同样的问题。许多重定向...
顺便说一句。 IntelliJ 无法解析:j_spring_security_chec最佳答案
如手册中所述,您需要允许登录页面的请求,否则它将进入无限循环:
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#jc-form
We must grant all users (i.e. unauthenticated users) access to our log in page. The formLogin().permitAll() method allows granting access to all users for all URLs associated with form based log in.
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/**").access("hasRole('ROLE_USER')")
.and().formLogin().loginPage("/login").permitAll()
.defaultSuccessUrl("/index").failureUrl("/loginError");
}
关于spring - 使用自己的登录表单进行太多重定向 - Spring Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40495244/