弹簧安全不工作
我正在开发一个 struts2 + spring +tiles + hibernate + spring 安全应用程序
当我转到 url /register 时,我被正确重定向到登录页面, 但使用 bean 配置文件中指定的用户名和密码登录时, 我被重定向回登录页面,网址为“login?error=true”,这意味着登录不成功,正如我提到的“authentication-failure-url =”/login?error=true“”
我已经配置了基于表单的登录使用以下配置
//web.xml
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/medic-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
//medics-security.xml
<http auto-config="true" access-denied-page="/error">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/register*" access="ROLE_USER" />
<intercept-url pattern="/messagePost*" access="ROLE_USER" />
<intercept-url pattern="/messageDelete*" access="ROLE_ADMIN" />
<form-login login-page="/login" authentication-failure-url="/login?error=true"/>
<remember-me/>
<logout/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="secret" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
//login.jsp
<form action="j_spring_security_check">
<label for="j_username">Username</label>
<input type="text" name="j_username" id="j_username"/><br/>
<label for="j_password">Password</label>
<input type="password" name="j_password" id="j_password"/><br/>
<input type='checkbox' name='_spring_security_remember_me'/> Remember me<br/>
<input type="submit" value="Login"/>
<input type="reset" value="Reset"/>
</form>
//struts.xml
<package name="default" namespace="/" extends="struts-default">
<action name="login" class="com.medics.action.LoginAction">
<result name="SUCCESS" type="tiles">login</result>
</action>
<action name="register" class="com.medics.action.RegisterAction">
<result name="SUCCESS">/Register.jsp</result>
</action>
</package>
操作类除了返回“SUCCESS”之外什么也不做
I am developing a struts2 + spring + tiles + hibernate + spring security application
When I go to url /register I am correctly redirected to the login page,
but on logging in with username and password specified in the bean configuration file,
I am redirected back to the login page with url "login?error=true" which means that the login was unsuccessful as I have mentioned "authentication-failure-url="/login?error=true""
I have configured form based login with the following configuration
//web.xml
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/medic-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
//medics-security.xml
<http auto-config="true" access-denied-page="/error">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/register*" access="ROLE_USER" />
<intercept-url pattern="/messagePost*" access="ROLE_USER" />
<intercept-url pattern="/messageDelete*" access="ROLE_ADMIN" />
<form-login login-page="/login" authentication-failure-url="/login?error=true"/>
<remember-me/>
<logout/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="secret" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
//login.jsp
<form action="j_spring_security_check">
<label for="j_username">Username</label>
<input type="text" name="j_username" id="j_username"/><br/>
<label for="j_password">Password</label>
<input type="password" name="j_password" id="j_password"/><br/>
<input type='checkbox' name='_spring_security_remember_me'/> Remember me<br/>
<input type="submit" value="Login"/>
<input type="reset" value="Reset"/>
</form>
//struts.xml
<package name="default" namespace="/" extends="struts-default">
<action name="login" class="com.medics.action.LoginAction">
<result name="SUCCESS" type="tiles">login</result>
</action>
<action name="register" class="com.medics.action.RegisterAction">
<result name="SUCCESS">/Register.jsp</result>
</action>
</package>
Action classes are doing nothing except returning "SUCCESS"
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
由于您尚未为
您可以尝试添加
method="post"看看是否有帮助?Since you have not specified a
methodfor<form>, it usesGET, which is thedefault.spring-security 3.xdoes not allow authentication usingGET, by default.Can you try adding
method="post"and see if that helps?