Spring Security - 奇怪的错误
所有,
我正在尝试将 Spring Security(3.0.7) 添加到我的 Web 应用程序(Spring 3.0.6,Tiles 2.2)。默认的
- 每次用户单击登录链接时,登录页面都会被调用两次
- 如果用户不存在,则 UserDetailsService 会抛出异常,但该异常永远不会在任何地方被拾取并使用。这会导致
重新路由到登录页面而不是身份验证失败网址 - 当使用错误的用户名登录时,我从未看到错误消息(这可能是由于上面提到的先前问题)
- 成功登录后,有时会打开正确的页面,其他时候它会随机打开页面内引用的 JavaScript 文件。
我已经遵循了所有教程,但无法想出任何有效的方法。有谁知道负责创建默认登录的类吗?也许我可以查看源代码并模仿他们的内容。
有人经历过这样奇怪的行为吗?
All,
I am trying to add Spring Security(3.0.7) to my web application(Spring 3.0.6, Tiles 2.2). The default <form-login/> works as expected, but I can't create a custom one that does. Some issues encountered:
- Every time a user clicks on the login link, the login page gets called twice
- The UserDetailsService throws an Exception if the user doesn't exist, but the exception never gets picked up anywhere and used. This causes the <form-login/> to reroute to the login-page instead of the authentication-failure-url
- I never see error messages when logging in with a bad username (This may be due to the previous issue mentioned above)
- After a successful login, sometimes it will open to the correct page, other times it will randomly open up a javascript file that was being referenced inside the page.
I've followed all the tutorials out there and cannot come up with anything working. Does anyone happen to know the class responsible for creating the default login? Perhaps I can look at the source code and mimic what they have.
Has anyone experienced weird behavior like this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我解决了我的 2 个问题。我将其发布,以防其他人发生同样的事情。
对于#1/#4:该站点使用图块,并且整个站点使用默认的 html 标头块。
配置显式地阻止了未登录的用户使用此 javascript 文件。
因此,当用户访问主页时,除了 foo.js 之外,该网站都会加载。由于 foo.js 中的方法在登录之前从未被调用,所以一切似乎都工作正常。
然而,当有人尝试登录时,Spring Security 会将 foo.js 视为第一个显示的受保护页面,并自动将其打开。
这也导致登录页面被调用了两次。一次用于实际登录链接,一次用于 foo.js 文件。
I figured out 2 of my issues. I'm posting them in case anyone else has the same thing happen.
For #1/#4: The site was using tiles, and a default html header block was used throughout the site.
The configuration explicilty blocked this javascript file for users who were not logged in.
So when a user came to the home page, the site would load except for foo.js. Since the methods in foo.js never get called before logging in, everything seemed to work fine.
However when someone tried to log in, Spring Security saw foo.js as the first protected page to show, and automatically opened it up.
This also caused the login page to be called twice. Once for the actual login link, and once for the foo.js file.