当前位置: 文江博客话题详情

为什么我没有收到 Spring Security 登录错误消息?

发布于 2024-09-26 16:54:30 字数 2216 浏览 1 评论 0原文

使用 Spring Security 3 以及 Struts 2 和 Tiles 2,我有一个登录页面,该页面会在应该出现时出现并按预期执行登录 - 但是,当我输入错误的用户凭据时,我会返回到登录页面,但没有有关的信息出了什么问题。我检查了所有配置参数,但看不出问题出在哪里。

我的 Spring Security XML 配置如下:

 <http auto-config="true" use-expressions="true">
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/css/**" access="permitAll" />
    <intercept-url pattern="/images/**" access="permitAll" />
    <intercept-url pattern="/js/**" access="permitAll" />
    <intercept-url pattern="/public/**" access="permitAll" />
    <intercept-url pattern="/home/**" access="permitAll" />
    <intercept-url pattern="/user/**" access="hasRole('AUTH_MANAGE_USERS')" />
    <intercept-url pattern="/group/**" access="hasRole('AUTH_MANAGE_USERS')" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <access-denied-handler error-page="/403.html"/>
    <form-login  login-page="/public/login.do" always-use-default-target="false"/>
    <logout invalidate-session="true" logout-success-url="/public/home.do"/>
</http>

我的 Struts Action 如下所示:

<package name="public" namespace="/public" extends="secure">
    <action name="login">
        <result name="success" type="tiles">tiles.login.panel</result>
        <result name="input" type="tiles">tiles.login.panel</result>
        <result name="error">/WEB-INF/jsp/error.jsp</result>
    </action>
    <action name="logout">
        <result name="success" type="redirect">/j_spring_security_logout</result>
    </action>
</package>

Login.jsp 页面(图块的一部分)查找 Spring Security 的异常...

<c:if test="${not empty param.login_error}">
   <span class="actionError">
   Your login attempt was not successful, try again.<br/><br/>
        Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
  </span>
</c:if>
<form id="loginForm" name="loginForm" action="/j_spring_security_check" method="post">
  ...
</form>

谁能告诉我缺少什么?预先感谢您的任何/所有回复。

原文

Using Spring Security 3 along with Struts 2 and Tiles 2, I have a login page that appears when it is supposed to and performs the login as expected -- however when I enter bad user credentials I am returned to the login page with no information about what went wrong. I've checked all my configuration parameters and I can't see where the problem is.

My Spring Security XML config is as follows:

 <http auto-config="true" use-expressions="true">
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/css/**" access="permitAll" />
    <intercept-url pattern="/images/**" access="permitAll" />
    <intercept-url pattern="/js/**" access="permitAll" />
    <intercept-url pattern="/public/**" access="permitAll" />
    <intercept-url pattern="/home/**" access="permitAll" />
    <intercept-url pattern="/user/**" access="hasRole('AUTH_MANAGE_USERS')" />
    <intercept-url pattern="/group/**" access="hasRole('AUTH_MANAGE_USERS')" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <access-denied-handler error-page="/403.html"/>
    <form-login  login-page="/public/login.do" always-use-default-target="false"/>
    <logout invalidate-session="true" logout-success-url="/public/home.do"/>
</http>

My Struts Action looks like this:

<package name="public" namespace="/public" extends="secure">
    <action name="login">
        <result name="success" type="tiles">tiles.login.panel</result>
        <result name="input" type="tiles">tiles.login.panel</result>
        <result name="error">/WEB-INF/jsp/error.jsp</result>
    </action>
    <action name="logout">
        <result name="success" type="redirect">/j_spring_security_logout</result>
    </action>
</package>

And the login.jsp page (part of the tile) looks for the exception from Spring Security...

<c:if test="${not empty param.login_error}">
   <span class="actionError">
   Your login attempt was not successful, try again.<br/><br/>
        Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
  </span>
</c:if>
<form id="loginForm" name="loginForm" action="/j_spring_security_check" method="post">
  ...
</form>

Can anyone tell me what I am missing? Thanks in advance for any/all replies.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

眉目亦如画i 2024-10-03 16:54:30

Spring Security 不会自动设置 param.login_error 。您需要手动执行以下操作:

<form-login  
    login-page="/public/login.do" 
    authentication-failure-url = "/public/login.do?login_error=1"
    always-use-default-target="false"/>

Spring Security doesn't set param.login_error automatically. You need to do it manaully as follows:

<form-login  
    login-page="/public/login.do" 
    authentication-failure-url = "/public/login.do?login_error=1"
    always-use-default-target="false"/>
回复 原文
深海里的那抹蓝 2024-10-03 16:54:30

帮助转换错误消息(如最后评论中)的一个建议是使用 AuthenticationFailureHandler 将不同的异常类型映射到 ui 层代码可以查找唯一消息的不同错误代码。它看起来像:

<security:form-login login-page="/login" 
    authentication-failure-handler-ref="authenticationFailureHandler"/>

<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/login?reason=login_error"/>
    <property name="exceptionMappings">
        <map>
        <entry><key><value>org.springframework.security.authentication.LockedException</value></key>
            <value>/login?reason=user_locked</value></entry>

            <entry><key><value>org.springframework.security.authentication.DisabledException</value></key>
            <value>/login?reason=user_disabled</value></entry>

            <entry><key><value>org.springframework.security.authentication.AuthenticationServiceException</value></key>
            <value>/login?reason=connection</value></entry>
        </map>
    </property>
</bean>

One suggestion for helping with the conversion of error messages like in the final comment is to use an AuthenticationFailureHandler to map different exception types to different error codes that the ui-layer code can lookup unique messages for. It looks like:

<security:form-login login-page="/login" 
    authentication-failure-handler-ref="authenticationFailureHandler"/>

<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/login?reason=login_error"/>
    <property name="exceptionMappings">
        <map>
        <entry><key><value>org.springframework.security.authentication.LockedException</value></key>
            <value>/login?reason=user_locked</value></entry>

            <entry><key><value>org.springframework.security.authentication.DisabledException</value></key>
            <value>/login?reason=user_disabled</value></entry>

            <entry><key><value>org.springframework.security.authentication.AuthenticationServiceException</value></key>
            <value>/login?reason=connection</value></entry>
        </map>
    </property>
</bean>
回复 原文
~没有更多了~

关于作者

醉南桥

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

yangzhenyu123

文章 0 评论 0

lvzun

文章 0 评论 0

执笔绘流年

文章 0 评论 0

芯好空

文章 0 评论 0

始于初秋

文章 0 评论 0

谁与争疯

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文