j_spring_security_check 使用 SecurityConfig 的 http 404
j_spring_security_check http 404 using SecurityConfig
过去几天,我一直面临 j_spring_security_check 的 404 错误,我想我可以解决这个问题。我已经阅读了几个与此问题相关的堆栈溢出问题,但似乎没有任何改变结果。我希望有人能够发现我在做什么(错误)或没有做什么。
基本上我用的是springxml少配置
AppConfig.java
@Configuration
@ComponentScan(basePackages = {"com.mysample"})
@Import(value = {WebMvcConfig.class,SecurityConfig.class})
public class AppConfig {
}
WebMvcConfig.java
@EnableWebMvc
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter{
@Override
public void configureDefaultServletHandling( DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/pages/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
@Bean
public SimpleMappingExceptionResolver exceptionResolver() {
SimpleMappingExceptionResolver exceptionResolver = new SimpleMappingExceptionResolver();
Properties exceptionMappings = new Properties();
exceptionMappings.put("java.lang.Exception", "error/error");
exceptionMappings.put("java.lang.RuntimeException", "error/error");
exceptionResolver.setExceptionMappings(exceptionMappings);
Properties statusCodes = new Properties();
statusCodes.put("error/404", "404");
statusCodes.put("error/error", "500");
exceptionResolver.setStatusCodes(statusCodes);
return exceptionResolver;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("/static/");
}
WebInitializer.java
public class WebInitializer implements WebApplicationInitializer {
private static final String DISPATCHER_SERVLET_NAME = "dispatcher";
private static final String DISPATCHER_SERVLET_MAPPING = "/";
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
AnnotationConfigWebApplicationContext ctx
= new AnnotationConfigWebApplicationContext();
ctx.register(AppConfig.class);
// Add the servlet mapping manually and make it initialize automatically
ServletRegistration.Dynamic dispatcher = servletContext.addServlet(DISPATCHER_SERVLET_NAME, new DispatcherServlet(ctx));
dispatcher.addMapping(DISPATCHER_SERVLET_MAPPING);
dispatcher.setLoadOnStartup(1);
EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD);
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);
FilterRegistration.Dynamic characterEncoding = servletContext.addFilter("characterEncoding", characterEncodingFilter);
characterEncoding.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
FilterRegistration.Dynamic security = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
security.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
// FilterRegistration.Dynamic sitemesh = servletContext.addFilter("sitemesh", new ConfigurableSiteMeshFilter());
// sitemesh.addMappingForUrlPatterns(dispatcherTypes, true, "*.jsp");
servletContext.addListener(new ContextLoaderListener(ctx));
}
}
已更新SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger log = Logger.getLogger(SecurityConfig.class);
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// auth
// .ldapAuthentication().userDnPatterns("uid= {0},ou=Users,o=ISUAuth")
// .groupSearchBase("ou=Users,o=ISUAuth")
// .contextSource().url("ldaps://isuauth.indstate.edu:636");
auth.inMemoryAuthentication()
.withUser("mrodgers9").password("123456").roles("USER");
log.debug(auth);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/static/**");
log.debug(web);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/static/**","/login").permitAll()
.antMatchers("/secure/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/secure/hello")
.failureUrl("/loginfailed")
.permitAll()
.and()
.logout()
.permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.deleteCookies("JESSIONID")
.invalidateHttpSession(true)
.and()
.csrf();
log.debug(http);
已更新login.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
</head>
<body >
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<c:if test="${param.logout != null}">
<div class="alert alert-danger">
Logout Successful
</div>
</c:if>
<c:if test="${not empty error}">
<div class="alert alert-danger">
Bad Credentials
</div>
</c:if>
<c:url value="/login" var="loginUrl"/>
<form id="loginForm" action="${loginUrl}" method="post">
<fieldset>
<div class="form-group">
User Name : <input class="form-control" name='j_username' type="text">
</div>
<div class="form-group">
Password : <input class="form-control" name='j_password' type="password" value="">
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form >
</div>
</div>
</div>
</div>
</div>
</body>
</html>
已更新LoginController.java
@Controller
public class LoginController {
private static final Logger log = Logger.getLogger(LoginController.class);
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
log.debug(this);
return "login";
}
@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String loginError(Model model) {
log.debug(model);
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value = "/logout", method = RequestMethod.POST)
public String logout(Model model) {
log.debug(model);
model.addAttribute("logout", "true");
return "login";
}
}
更新日志
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:205 - Request is to process authentication
2015-03-18 12:34:42 DEBUG ProviderManager:152 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2015-03-18 12:34:42 DEBUG DaoAuthenticationProvider:134 - User '' not found
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:348 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:349 - Updated SecurityContextHolder to contain null Authentication
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:350 - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@3a737d3f
2015-03-18 12:34:42 DEBUG SimpleUrlAuthenticationFailureHandler:67 - Redirecting to /loginfailed
2015-03-18 12:34:42 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/TranscriptDashboard/loginfailed'
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-03-18 12:34:42 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/loginfailed'; against '/static/**'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:152 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@ec9ad81. A new one will be created.
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-03-18 12:34:42 DEBUG HstsHeaderWriter:129 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@44d5a600
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/loginfailed'; against '/logout'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:127 - Request 'GET /loginfailed' doesn't match 'POST /login
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/TranscriptDashboard/; arg2=/TranscriptDashboard/loginfailed (property not equals)
2015-03-18 12:34:42 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /loginfailed; Attributes: [permitAll]
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS
2015-03-18 12:34:42 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@20bda7d2, returned: 1
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-03-18 12:34:42 DEBUG FilterChainProxy:323 - /loginfailed reached end of additional filter chain; proceeding with original chain
2015-03-18 12:34:42 DEBUG DispatcherServlet:845 - DispatcherServlet with name 'dispatcher' processing GET request for [/TranscriptDashboard/loginfailed]
2015-03-18 12:34:42 DEBUG RequestMappingHandlerMapping:297 - Looking up handler method for path /loginfailed
2015-03-18 12:34:42 DEBUG RequestMappingHandlerMapping:302 - Returning handler method [public java.lang.String edu.indstate.ics.transcript.web.controller.LoginController.loginError(org.springframework.ui.Model)]
2015-03-18 12:34:42 DEBUG DefaultListableBeanFactory:248 - Returning cached instance of singleton bean 'loginController'
2015-03-18 12:34:42 DEBUG DispatcherServlet:931 - Last-Modified value for [/TranscriptDashboard/loginfailed] is: -1
2015-03-18 12:34:42 DEBUG LoginController:30 - {}
2015-03-18 12:34:42 DEBUG DispatcherServlet:1225 - Rendering view [org.springframework.web.servlet.view.JstlView: name 'login'; URL [/WEB-INF/pages/login.jsp]] in DispatcherServlet with name 'dispatcher'
2015-03-18 12:34:42 DEBUG JstlView:432 - Added model object 'error' of type [java.lang.String] to request in view with name 'login'
2015-03-18 12:34:42 DEBUG JstlView:166 - Forwarding to resource [/WEB-INF/pages/login.jsp] in InternalResourceView 'login'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/web-inf/pages/login.jsp'; against '/static/**'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/web-inf/pages/login.jsp'; against '/logout'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:127 - Request 'GET /web-inf/pages/login.jsp' doesn't match 'POST /login
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/TranscriptDashboard/; arg2=/TranscriptDashboard/WEB-INF/pages/login.jsp (property not equals)
2015-03-18 12:34:42 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-03-18 12:34:42 DEBUG FilterChainProxy:323 - /WEB-INF/pages/login.jsp reached end of additional filter chain; proceeding with original chain
2015-03-18 12:34:42 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-03-18 12:34:42 DEBUG DispatcherServlet:996 - Successfully completed request
2015-03-18 12:34:42 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-03-18 12:34:42 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
好的...所以现在问题不再是 "j_spring_security_check",而是登录不断失败...我们越来越接近了!
添加这个,看看它是否有效
http
.authorizeRequests()
.antMatchers("/resources/**", "/login").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
看看我的配置。我认为您还缺少 defaultSuccessUrl。
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/login").permitAll()
.antMatchers("/admin/**").hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
// .successHandler(successHandler) //----- to handle user role
.failureUrl("/loginfailed")
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.deleteCookies("JSESSIONID")
.invalidateHttpSession( true )
.and();
}
也是我的登录页面。有点 bootstrap(ed)
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<c:if test="${param.logout != null}">
<div class="alert alert-danger">
Logout Successful
</div>
</c:if>
<c:if test="${not empty error}">
<div class="alert alert-danger">
Bad Credentials
</div>
</c:if>
<c:url value="/login" var="loginUrl"/>
<form:form action="${loginUrl }" method="post">
<fieldset>
<div class="form-group">
User Name : <input class="form-control" name='username' type="text">
</div>
<div class="form-group">
Password : <input class="form-control" name='password' type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form:form>
</div>
</div>
</div>
</div>
</div>
..
public void configureGlobal( AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select userId, password, enabled from Users where userId = ?")
.authoritiesByUsernameQuery("select userId , role from Users where userId = ?");
}
如果您还没有登录控制器,请添加。
@Controller
public class 登录控制器 {
@RequestMapping(value="/login",method= RequestMethod.GET )
public String login(){
return "login";
}
@RequestMapping(value="/loginfailed", method= RequestMethod.GET )
public String loginError(Model model){
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value= "/logout", method = RequestMethod.POST)
public String logout(Model model){
model.addAttribute("logout","true");
return "login";
}
}
过去几天,我一直面临 j_spring_security_check 的 404 错误,我想我可以解决这个问题。我已经阅读了几个与此问题相关的堆栈溢出问题,但似乎没有任何改变结果。我希望有人能够发现我在做什么(错误)或没有做什么。
基本上我用的是springxml少配置
AppConfig.java
@Configuration
@ComponentScan(basePackages = {"com.mysample"})
@Import(value = {WebMvcConfig.class,SecurityConfig.class})
public class AppConfig {
}
WebMvcConfig.java
@EnableWebMvc
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter{
@Override
public void configureDefaultServletHandling( DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/pages/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
@Bean
public SimpleMappingExceptionResolver exceptionResolver() {
SimpleMappingExceptionResolver exceptionResolver = new SimpleMappingExceptionResolver();
Properties exceptionMappings = new Properties();
exceptionMappings.put("java.lang.Exception", "error/error");
exceptionMappings.put("java.lang.RuntimeException", "error/error");
exceptionResolver.setExceptionMappings(exceptionMappings);
Properties statusCodes = new Properties();
statusCodes.put("error/404", "404");
statusCodes.put("error/error", "500");
exceptionResolver.setStatusCodes(statusCodes);
return exceptionResolver;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("/static/");
}
WebInitializer.java
public class WebInitializer implements WebApplicationInitializer {
private static final String DISPATCHER_SERVLET_NAME = "dispatcher";
private static final String DISPATCHER_SERVLET_MAPPING = "/";
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
AnnotationConfigWebApplicationContext ctx
= new AnnotationConfigWebApplicationContext();
ctx.register(AppConfig.class);
// Add the servlet mapping manually and make it initialize automatically
ServletRegistration.Dynamic dispatcher = servletContext.addServlet(DISPATCHER_SERVLET_NAME, new DispatcherServlet(ctx));
dispatcher.addMapping(DISPATCHER_SERVLET_MAPPING);
dispatcher.setLoadOnStartup(1);
EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD);
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);
FilterRegistration.Dynamic characterEncoding = servletContext.addFilter("characterEncoding", characterEncodingFilter);
characterEncoding.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
FilterRegistration.Dynamic security = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
security.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
// FilterRegistration.Dynamic sitemesh = servletContext.addFilter("sitemesh", new ConfigurableSiteMeshFilter());
// sitemesh.addMappingForUrlPatterns(dispatcherTypes, true, "*.jsp");
servletContext.addListener(new ContextLoaderListener(ctx));
}
}
已更新SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger log = Logger.getLogger(SecurityConfig.class);
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// auth
// .ldapAuthentication().userDnPatterns("uid= {0},ou=Users,o=ISUAuth")
// .groupSearchBase("ou=Users,o=ISUAuth")
// .contextSource().url("ldaps://isuauth.indstate.edu:636");
auth.inMemoryAuthentication()
.withUser("mrodgers9").password("123456").roles("USER");
log.debug(auth);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/static/**");
log.debug(web);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/static/**","/login").permitAll()
.antMatchers("/secure/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/secure/hello")
.failureUrl("/loginfailed")
.permitAll()
.and()
.logout()
.permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.deleteCookies("JESSIONID")
.invalidateHttpSession(true)
.and()
.csrf();
log.debug(http);
已更新login.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
</head>
<body >
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<c:if test="${param.logout != null}">
<div class="alert alert-danger">
Logout Successful
</div>
</c:if>
<c:if test="${not empty error}">
<div class="alert alert-danger">
Bad Credentials
</div>
</c:if>
<c:url value="/login" var="loginUrl"/>
<form id="loginForm" action="${loginUrl}" method="post">
<fieldset>
<div class="form-group">
User Name : <input class="form-control" name='j_username' type="text">
</div>
<div class="form-group">
Password : <input class="form-control" name='j_password' type="password" value="">
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form >
</div>
</div>
</div>
</div>
</div>
</body>
</html>
已更新LoginController.java
@Controller
public class LoginController {
private static final Logger log = Logger.getLogger(LoginController.class);
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
log.debug(this);
return "login";
}
@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String loginError(Model model) {
log.debug(model);
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value = "/logout", method = RequestMethod.POST)
public String logout(Model model) {
log.debug(model);
model.addAttribute("logout", "true");
return "login";
}
}
更新日志
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:205 - Request is to process authentication
2015-03-18 12:34:42 DEBUG ProviderManager:152 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2015-03-18 12:34:42 DEBUG DaoAuthenticationProvider:134 - User '' not found
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:348 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:349 - Updated SecurityContextHolder to contain null Authentication
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:350 - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@3a737d3f
2015-03-18 12:34:42 DEBUG SimpleUrlAuthenticationFailureHandler:67 - Redirecting to /loginfailed
2015-03-18 12:34:42 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/TranscriptDashboard/loginfailed'
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-03-18 12:34:42 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/loginfailed'; against '/static/**'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:152 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@ec9ad81. A new one will be created.
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-03-18 12:34:42 DEBUG HstsHeaderWriter:129 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@44d5a600
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/loginfailed'; against '/logout'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:127 - Request 'GET /loginfailed' doesn't match 'POST /login
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/TranscriptDashboard/; arg2=/TranscriptDashboard/loginfailed (property not equals)
2015-03-18 12:34:42 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /loginfailed; Attributes: [permitAll]
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS
2015-03-18 12:34:42 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@20bda7d2, returned: 1
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-03-18 12:34:42 DEBUG FilterChainProxy:323 - /loginfailed reached end of additional filter chain; proceeding with original chain
2015-03-18 12:34:42 DEBUG DispatcherServlet:845 - DispatcherServlet with name 'dispatcher' processing GET request for [/TranscriptDashboard/loginfailed]
2015-03-18 12:34:42 DEBUG RequestMappingHandlerMapping:297 - Looking up handler method for path /loginfailed
2015-03-18 12:34:42 DEBUG RequestMappingHandlerMapping:302 - Returning handler method [public java.lang.String edu.indstate.ics.transcript.web.controller.LoginController.loginError(org.springframework.ui.Model)]
2015-03-18 12:34:42 DEBUG DefaultListableBeanFactory:248 - Returning cached instance of singleton bean 'loginController'
2015-03-18 12:34:42 DEBUG DispatcherServlet:931 - Last-Modified value for [/TranscriptDashboard/loginfailed] is: -1
2015-03-18 12:34:42 DEBUG LoginController:30 - {}
2015-03-18 12:34:42 DEBUG DispatcherServlet:1225 - Rendering view [org.springframework.web.servlet.view.JstlView: name 'login'; URL [/WEB-INF/pages/login.jsp]] in DispatcherServlet with name 'dispatcher'
2015-03-18 12:34:42 DEBUG JstlView:432 - Added model object 'error' of type [java.lang.String] to request in view with name 'login'
2015-03-18 12:34:42 DEBUG JstlView:166 - Forwarding to resource [/WEB-INF/pages/login.jsp] in InternalResourceView 'login'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/web-inf/pages/login.jsp'; against '/static/**'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/web-inf/pages/login.jsp'; against '/logout'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:127 - Request 'GET /web-inf/pages/login.jsp' doesn't match 'POST /login
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/TranscriptDashboard/; arg2=/TranscriptDashboard/WEB-INF/pages/login.jsp (property not equals)
2015-03-18 12:34:42 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-03-18 12:34:42 DEBUG FilterChainProxy:323 - /WEB-INF/pages/login.jsp reached end of additional filter chain; proceeding with original chain
2015-03-18 12:34:42 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-03-18 12:34:42 DEBUG DispatcherServlet:996 - Successfully completed request
2015-03-18 12:34:42 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-03-18 12:34:42 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
好的...所以现在问题不再是 "j_spring_security_check",而是登录不断失败...我们越来越接近了!
添加这个,看看它是否有效
http
.authorizeRequests()
.antMatchers("/resources/**", "/login").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
看看我的配置。我认为您还缺少 defaultSuccessUrl。
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/login").permitAll()
.antMatchers("/admin/**").hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
// .successHandler(successHandler) //----- to handle user role
.failureUrl("/loginfailed")
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.deleteCookies("JSESSIONID")
.invalidateHttpSession( true )
.and();
}
也是我的登录页面。有点 bootstrap(ed)
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<c:if test="${param.logout != null}">
<div class="alert alert-danger">
Logout Successful
</div>
</c:if>
<c:if test="${not empty error}">
<div class="alert alert-danger">
Bad Credentials
</div>
</c:if>
<c:url value="/login" var="loginUrl"/>
<form:form action="${loginUrl }" method="post">
<fieldset>
<div class="form-group">
User Name : <input class="form-control" name='username' type="text">
</div>
<div class="form-group">
Password : <input class="form-control" name='password' type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form:form>
</div>
</div>
</div>
</div>
</div>
..
public void configureGlobal( AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select userId, password, enabled from Users where userId = ?")
.authoritiesByUsernameQuery("select userId , role from Users where userId = ?");
}
如果您还没有登录控制器,请添加。
@Controller
public class 登录控制器 {
@RequestMapping(value="/login",method= RequestMethod.GET )
public String login(){
return "login";
}
@RequestMapping(value="/loginfailed", method= RequestMethod.GET )
public String loginError(Model model){
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value= "/logout", method = RequestMethod.POST)
public String logout(Model model){
model.addAttribute("logout","true");
return "login";
}
}