java Spring安全操作未映射到j_Spring_安全检查
最近,我试图将示例spring安全性从xml迁移到注释。 我的登录表单没有向j_spring_security_check发送请求,而是将始终登录。请看一看,并提出我错了什么
在下面发布代码和stacktrace:-
用户登录。jsp
<form role="form" class="form" action="<c:url value='/j_spring_security_check' />" method="post">
<div class="form-group">
<label for="exampleInputEmail1">Email address</label><input class="form-control" id="j_username" name="j_username" type="text"/>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label><input class="form-control" id="j_password" name="j_password" type="password"/>
</div>
<div class="checkbox">
<label><input type="checkbox"/> Check me out</label>
</div> <button type="submit" class="btn btn-default">Submit</button>
<input type="hidden"
name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
SecurityConfig。爪哇
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("123456")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/logon").permitAll()
.antMatchers("/register*").permitAll()
.antMatchers("/*").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA') or hasRole('ROLE_USER')")
.and().formLogin().loginPage("/logon").defaultSuccessUrl("/home").failureUrl("/loginfailed?error=1")
.and().logout().logoutSuccessUrl("/logout?logout").and().csrf();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
}
控制员。爪哇
@Controller
public class UserSessionController {
@RequestMapping(value = "/logon", method = RequestMethod.GET)
public String welcome(Locale locale, Model model) {
return "signup";
}
@RequestMapping(value = {"/home"}, method = RequestMethod.GET)
public String home(Locale locale, Model model) {
System.out.println("HomeController.home()");
return "home";
}
}
SpringSecurityInitializer
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
//什么也不做 }
日志:-
DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcher' processing GET request for [/base/logon]
DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /logon
DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Returning handler method [public java.lang.String com.app.base.controller.UserSessionController.welcome(java.util.Locale,org.springframework.ui.Model)]
DEBUG: org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'userSessionController'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Last-Modified value for [/base/logon] is: -1
DEBUG: org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.tiles3.TilesView: name 'signup'; URL [signup]] in DispatcherServlet with name 'dispatcher'
DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request
共 (0) 个答案