java无法在spring mvc中显示带有错误消息的同一页面
这个想法很简单,如果我的登录失败,用户将被重定向到/loginerror
,但不作为例外工作
登录控制器
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(Model model) {
return "login";
}
@RequestMapping(value = "/loginerror", method = RequestMethod.GET)
public String loginFailed(Model model) {
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(Model model) {
return "login";
}
登录。jsp
<c:if test="${not empty error}">
<div class="alert alert-danger">
<spring:message
code="AbstractUserDetailsAuthenticationProvider.badCredentials" />
<br />
</div>
</c:if>
<form action="<c:url value= "/j_spring_security_check"></c:url>"
method="post">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="User Name"
name='j_username' type="text">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password"
name='j_password' type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit"
value="Login">
</fieldset>
</form>
</div>
安全上下文。xml
<security:http auto-config="true">
<security:intercept-url pattern="/all/add"
access="hasRole('ROLE_ADMIN')" />
<security:form-login login-page="/login"
default-target-url="/all/add" authentication-failure-url="/loginerror" />
<security:logout logout-success-url="/logout" />
<security:csrf disabled="true" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" authorities="ROLE_ADMIN"
password="admin" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
我试图做的是,当用户登录失败时,将其重定向到登录页面,但每次我这样做时,我都会收到错误404页面未在urllocalhost......../j_spring_security_check
编辑
spring错误消息是AbstractUserDetailsAuthenticationProvider.badCredentials=The user-name or password you entered is incorrect.
将debug语句放入/loginerror
方法之后,我知道这个方法甚至没有被调用
如果url错误,如何拦截此消息
网络。xml
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
# 1 楼答案
检查截取URL的顺序,它是基于first-in的。也许这就是问题所在。 也可以在下面的代码中尝试
# 2 楼答案
您正在使用的spring版本不支持
<form action="<c:url value= "/j_spring_security_check"></c:url>" method="post">
改为使用/login作为url<form action="<c:url value= "/login"></c:url>" method="post">
既然你问了,这个链接清楚地解释了不同之处Why doesn't my custom login page show with Spring Security 4?# 3 楼答案
我在您的控制器中没有看到“/loginerror”,这将是一个问题,因此当然该方法永远不会被调用,请将失败url更改为loginerror loginerror或loginFailed。正如其他人所指出的,您通常会-failure url=“/login?error=true”,然后使用error-request参数向用户显示他们的登录出错