j_spring_security_check 使用 SecurityConfig 的 http 404

j_spring_security_check http 404 using SecurityConfig

过去几天,我一直面临 j_spring_security_check 的 404 错误,我想我可以解决这个问题。我已经阅读了几个与此问题相关的堆栈溢出问题,但似乎没有任何改变结果。我希望有人能够发现我在做什么(错误)或没有做什么。

基本上我用的是springxml少配置

AppConfig.java

@Configuration
@ComponentScan(basePackages = {"com.mysample"})
@Import(value = {WebMvcConfig.class,SecurityConfig.class})
public class AppConfig {
}   

WebMvcConfig.java

@EnableWebMvc
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter{

@Override
public void configureDefaultServletHandling(    DefaultServletHandlerConfigurer configurer) {
    configurer.enable();
}

@Bean
public InternalResourceViewResolver viewResolver() {
    InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
    viewResolver.setViewClass(JstlView.class);
    viewResolver.setPrefix("/WEB-INF/pages/");
    viewResolver.setSuffix(".jsp");
    return viewResolver;
}



@Bean
public SimpleMappingExceptionResolver exceptionResolver() {
    SimpleMappingExceptionResolver exceptionResolver = new SimpleMappingExceptionResolver();

    Properties exceptionMappings = new Properties();

    exceptionMappings.put("java.lang.Exception", "error/error");
    exceptionMappings.put("java.lang.RuntimeException", "error/error");

    exceptionResolver.setExceptionMappings(exceptionMappings);

    Properties statusCodes = new Properties();

    statusCodes.put("error/404", "404");
    statusCodes.put("error/error", "500");

    exceptionResolver.setStatusCodes(statusCodes);

    return exceptionResolver;
}

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/static/**").addResourceLocations("/static/");
}

WebInitializer.java

public class WebInitializer implements WebApplicationInitializer {

private static final String DISPATCHER_SERVLET_NAME = "dispatcher";
private static final String DISPATCHER_SERVLET_MAPPING = "/";

@Override
public void onStartup(ServletContext servletContext) throws ServletException {

    AnnotationConfigWebApplicationContext ctx
            = new AnnotationConfigWebApplicationContext();
    ctx.register(AppConfig.class);

    // Add the servlet mapping manually and make it initialize automatically

    ServletRegistration.Dynamic dispatcher = servletContext.addServlet(DISPATCHER_SERVLET_NAME, new DispatcherServlet(ctx));

    dispatcher.addMapping(DISPATCHER_SERVLET_MAPPING);
    dispatcher.setLoadOnStartup(1);


    EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD);

    CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
    characterEncodingFilter.setEncoding("UTF-8");
    characterEncodingFilter.setForceEncoding(true);

    FilterRegistration.Dynamic characterEncoding = servletContext.addFilter("characterEncoding", characterEncodingFilter);
    characterEncoding.addMappingForUrlPatterns(dispatcherTypes, true, "/*");

    FilterRegistration.Dynamic security = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
    security.addMappingForUrlPatterns(dispatcherTypes, true, "/*");

//        FilterRegistration.Dynamic sitemesh =     servletContext.addFilter("sitemesh", new ConfigurableSiteMeshFilter());
//        sitemesh.addMappingForUrlPatterns(dispatcherTypes, true, "*.jsp");

    servletContext.addListener(new ContextLoaderListener(ctx));
    }
}

已更新SecurityConfig.java

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

private static final Logger log = Logger.getLogger(SecurityConfig.class);    

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//        auth
//                .ldapAuthentication().userDnPatterns("uid= {0},ou=Users,o=ISUAuth")
//                .groupSearchBase("ou=Users,o=ISUAuth")
//                    .contextSource().url("ldaps://isuauth.indstate.edu:636");
    auth.inMemoryAuthentication()
            .withUser("mrodgers9").password("123456").roles("USER");
    log.debug(auth);

}

@Override
public void configure(WebSecurity web) throws Exception {

    web.ignoring()
            .antMatchers("/static/**");

    log.debug(web);
}



@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/static/**","/login").permitAll()
        .antMatchers("/secure/**").hasRole("USER")
        .anyRequest().authenticated()
        .and()
        .formLogin()
        .loginPage("/login") 
        .defaultSuccessUrl("/secure/hello")
        .failureUrl("/loginfailed")
        .permitAll()
        .and()
        .logout()
        .permitAll()
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
        .deleteCookies("JESSIONID")
        .invalidateHttpSession(true)
        .and()
        .csrf();

        log.debug(http);

已更新login.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>

</head>
<body  >


    <div class="container">
        <div class="row">
            <div class="col-md-4 col-md-offset-4">
                <div class="panel panel-default">
                    <div class="panel-heading">
                        <h3 class="panel-title">Please sign in</h3>
                    </div>
                    <div class="panel-body">
                        <c:if test="${param.logout != null}">
                            <div class="alert alert-danger">
                                Logout Successful
                            </div>
                        </c:if>
                        <c:if test="${not empty error}">
                            <div class="alert alert-danger">
                                Bad Credentials
                            </div>
                        </c:if>
                        <c:url value="/login" var="loginUrl"/>
                        <form id="loginForm" action="${loginUrl}"  method="post">
                            <fieldset>
                                <div class="form-group">
                                    User Name : <input class="form-control" name='j_username' type="text">
                                </div>
                                <div class="form-group">
                                    Password : <input class="form-control"  name='j_password'  type="password" value="">
                                </div>
                                <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
                                <input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
                            </fieldset>
                        </form >
                    </div>
                </div>
            </div>
        </div>
    </div>

</body>
</html>

已更新LoginController.java

@Controller
public class LoginController {
    private static final Logger log =     Logger.getLogger(LoginController.class);
    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String login() {
        log.debug(this);
        return "login";
    }

    @RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
    public String loginError(Model model) {
        log.debug(model);
        model.addAttribute("error", "true");
        return "login";
    }

    @RequestMapping(value = "/logout", method = RequestMethod.POST)
    public String logout(Model model) {
        log.debug(model);
        model.addAttribute("logout", "true");
        return "login";
    }

}

更新日志

2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:205 - Request is to process authentication
2015-03-18 12:34:42 DEBUG ProviderManager:152 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2015-03-18 12:34:42 DEBUG DaoAuthenticationProvider:134 - User '' not found
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:348 -   Authentication request failed:   org.springframework.security.authentication.BadCredentialsException: Bad credentials
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:349 - Updated SecurityContextHolder to contain null Authentication
2015-03-18 12:34:42 DEBUG UsernamePasswordAuthenticationFilter:350 - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@3a737d3f
2015-03-18 12:34:42 DEBUG SimpleUrlAuthenticationFailureHandler:67 - Redirecting to /loginfailed
2015-03-18 12:34:42 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/TranscriptDashboard/loginfailed'
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-03-18 12:34:42 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/loginfailed'; against '/static/**'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:152 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@ec9ad81. A new one will be created.
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-03-18 12:34:42 DEBUG HstsHeaderWriter:129 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@44d5a600
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/loginfailed'; against '/logout'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:127 - Request 'GET /loginfailed' doesn't match 'POST /login
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/TranscriptDashboard/; arg2=/TranscriptDashboard/loginfailed (property not equals)
2015-03-18 12:34:42 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /loginfailed at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /loginfailed; Attributes: [permitAll]
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS
2015-03-18 12:34:42 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@20bda7d2, returned: 1
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-03-18 12:34:42 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-03-18 12:34:42 DEBUG FilterChainProxy:323 - /loginfailed reached end of additional filter chain; proceeding with original chain
2015-03-18 12:34:42 DEBUG DispatcherServlet:845 - DispatcherServlet with name 'dispatcher' processing GET request for [/TranscriptDashboard/loginfailed]
2015-03-18 12:34:42 DEBUG RequestMappingHandlerMapping:297 - Looking up handler method for path /loginfailed
2015-03-18 12:34:42 DEBUG RequestMappingHandlerMapping:302 - Returning handler method [public java.lang.String edu.indstate.ics.transcript.web.controller.LoginController.loginError(org.springframework.ui.Model)]
2015-03-18 12:34:42 DEBUG DefaultListableBeanFactory:248 - Returning cached instance of singleton bean 'loginController'
2015-03-18 12:34:42 DEBUG DispatcherServlet:931 - Last-Modified value for [/TranscriptDashboard/loginfailed] is: -1
2015-03-18 12:34:42 DEBUG LoginController:30 - {}
2015-03-18 12:34:42 DEBUG DispatcherServlet:1225 - Rendering view [org.springframework.web.servlet.view.JstlView: name 'login'; URL [/WEB-INF/pages/login.jsp]] in DispatcherServlet with name 'dispatcher'
2015-03-18 12:34:42 DEBUG JstlView:432 - Added model object 'error' of type [java.lang.String] to request in view with name 'login'
2015-03-18 12:34:42 DEBUG JstlView:166 - Forwarding to resource [/WEB-INF/pages/login.jsp] in InternalResourceView 'login'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/web-inf/pages/login.jsp'; against '/static/**'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/web-inf/pages/login.jsp'; against '/logout'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AntPathRequestMatcher:127 - Request 'GET /web-inf/pages/login.jsp' doesn't match 'POST /login
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-03-18 12:34:42 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/TranscriptDashboard/; arg2=/TranscriptDashboard/WEB-INF/pages/login.jsp (property not equals)
2015-03-18 12:34:42 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-03-18 12:34:42 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5EA2BBD54B055DCA1D60F7D028404C58; Granted Authorities: ROLE_ANONYMOUS'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-03-18 12:34:42 DEBUG FilterChainProxy:337 - /WEB-INF/pages/login.jsp at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-03-18 12:34:42 DEBUG FilterChainProxy:323 - /WEB-INF/pages/login.jsp reached end of additional filter chain; proceeding with original chain
2015-03-18 12:34:42 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-03-18 12:34:42 DEBUG DispatcherServlet:996 - Successfully completed request
2015-03-18 12:34:42 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-03-18 12:34:42 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-03-18 12:34:42 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed

好的...所以现在问题不再是 "j_spring_security_check",而是登录不断失败...我们越来越接近了!

添加这个,看看它是否有效

http
     .authorizeRequests()                                                                
    .antMatchers("/resources/**", "/login").permitAll()                  
    .antMatchers("/admin/**").hasRole("ADMIN")

看看我的配置。我认为您还缺少 defaultSuccessUrl。

protected void configure(HttpSecurity http) throws Exception {

 http
 .authorizeRequests()                                                                
.antMatchers("/resources/**", "/login").permitAll()                  
.antMatchers("/admin/**").hasRole("USER")                           
.and()

.formLogin()
    .loginPage("/login")
    .defaultSuccessUrl("/")
 //   .successHandler(successHandler) //----- to handle user role
    .failureUrl("/loginfailed")             
    .permitAll()
    .and()

.logout()
    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
    .deleteCookies("JSESSIONID")
    .invalidateHttpSession( true )
    .and();                    

}

也是我的登录页面。有点 bootstrap(ed)

<div class="container">
        <div class="row">
            <div class="col-md-4 col-md-offset-4">
                <div class="panel panel-default">
                    <div class="panel-heading">
                        <h3 class="panel-title">Please sign in</h3>
                    </div>
                    <div class="panel-body">
                    <c:if test="${param.logout != null}">
                        <div class="alert alert-danger">
                            Logout Successful
                        </div>
                    </c:if>
                    <c:if test="${not empty error}">
                        <div class="alert alert-danger">
                            Bad Credentials
                        </div>
                    </c:if>
                    <c:url value="/login" var="loginUrl"/>
                        <form:form action="${loginUrl }" method="post">
                        <fieldset>
                            <div class="form-group">
                                User Name : <input class="form-control"  name='username' type="text">
                            </div>
                            <div class="form-group">
                                Password : <input class="form-control"  name='password'  type="password" value="">
                            </div>
                            <input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
                        </fieldset>
                        </form:form>
                    </div>
                </div>
            </div>
        </div>
    </div>

..

public void configureGlobal( AuthenticationManagerBuilder auth) throws Exception {  
    auth
    .jdbcAuthentication()
    .dataSource(dataSource)
    .usersByUsernameQuery("select userId, password, enabled from Users where userId = ?")
    .authoritiesByUsernameQuery("select userId , role from Users where userId = ?");

}

如果您还没有登录控制器,请添加。

@Controller

public class 登录控制器 {

@RequestMapping(value="/login",method= RequestMethod.GET )
public String login(){
    return "login";
}

@RequestMapping(value="/loginfailed", method= RequestMethod.GET )
public String loginError(Model model){
    model.addAttribute("error", "true");
    return "login";
}

@RequestMapping(value= "/logout", method = RequestMethod.POST)
public String logout(Model model){
    model.addAttribute("logout","true");
    return "login";
}

}