当前位置: 代码迷 >> java >> j_spring_security_check始终重定向到登录
  详细解决方案

j_spring_security_check始终重定向到登录

热度:102   发布时间:2023-07-16 17:39:34.0

我使用自定义登录表单和自定义UserDetailsService获得了spring security 4。 问题是每次我提交到j_spring_security_check它总是会重定向回登录页面。 感觉它正在处理容器中的j_spring_security_check另一个资源。

下面是我的配置。 我缺少什么?

应用程序的security.xml

<security:http auto-config="true" use-expressions="true">
    <security:intercept-url pattern="/login" access="permitAll" />
    <security:intercept-url pattern="/logout" access="permitAll" />
    <security:intercept-url pattern="/css/**/*.css" access="permitAll" />
    <security:intercept-url pattern="/fonts/*.*" access="permitAll" />
    <security:intercept-url pattern="/**" access="isAuthenticated()" />
    <security:form-login login-page="/login" default-target-url="/landing" authentication-failure-url="/login?error" authentication-success-handler-ref="loginSuccesHandler" />
    <security:logout logout-success-url="/logout" />
    <security:csrf disabled="true" />
</security:http>
<security:authentication-manager>
    <security:authentication-provider ref="daoAuthenticationProvider" />
</security:authentication-manager>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService" />
    <property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="userDetailsService" class="a.b.c.MyAppUserDetailService" />
<bean id="loginSuccesHandler" class="a.b.c.LoginSuccessHandler" />
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

login.jsp的

<body>
    <form action="<c:url value='j_spring_security_check'/>" name="f" method="post">
        <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
        <div class="form-group">
            <label class="control-label" for="username">Username</label> <input type="text" name="j_username" id="username" class="form-control" style="font-size: 1.5em" maxlength="100" />
        </div>
        <div class="form-group">
            <label class="control-label" for="password">Password</label> <input type="password" name="j_password" id="password" class="form-control" style="font-size: 1.5em" maxlength="100" />
        </div>
        <button class="btn btn-lg btn-info btn-block shadow-z-3" type="submit"> Login </button>
    </form>
</body>

登录控制器

@Controller
@RequestMapping(value="/login")
public class LoginController {

@RequestMapping(method = RequestMethod.GET)
public String login(HttpSession session,HttpServletRequest req, ModelMap model) {
    AuthenticationException ase = (AuthenticationException) session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
    if (ase != null) {
        model.addAttribute("errorMsg",ase.getMessage());
    }
    return "login";
}


@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpSession session) {

    return "login";
}
}

我找到了答案。 在将spring form-login login-processing-url属性添加到form-login之后,弹簧4与弹簧3的区别在于它按预期工作。

查看此了解详情。

  相关解决方案