警告 DefaultFilterChainValidator.checkLoginPageIsntProtected 似乎未启用对登录页面的匿名访问
WARNING DefaultFilterChainValidator.checkLoginPageIsntProtected Anonymous access to the login page doesn't appear to be enabled
我正在为 spring 安全认证创建一个简单的 Login form:
这里是security-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="false" use-expressions="true">
<security:intercept-url pattern="/login2.xhtml" access="hasRole('IS_AUTHENTICATED_ANONYMOUSLY')"/>
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/login2.xhtml"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="sajjad" authorities="ROLE_USER" password="abcdef"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
我想验证应用程序的所有请求是 user
这里是 web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml
/WEB-INF/security-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- SPRING SECURITY RELATED CONFIG-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- JSF Servlet is defined to container -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Mapping with servlet and url for the http requests. -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
但问题是当我请求任何页面时,浏览器显示此错误:
(url 是 http://localhost:8080/login2.xhtml)
Tomcat Catalina Log
WARNING [RMI TCP Connection(18)-127.0.0.1] org.springframework.security.config.http.DefaultFilterChainValidator.checkLoginPageIsntProtected Anonymous access to the login page doesn't appear to be enabled.
This is almost certainly an error. Please check your configuration allows unauthenticated access to the configured login page.
(Simulated access was rejected:
org.springframework.security.access.AccessDeniedException: Access is denied)
当您第一次访问登录时;用户没有任何角色(因为他还没有登录 spring 安全)登录页面不应受角色限制;它应该对所有用户可用。
我正在为 spring 安全认证创建一个简单的 Login form:
这里是security-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="false" use-expressions="true">
<security:intercept-url pattern="/login2.xhtml" access="hasRole('IS_AUTHENTICATED_ANONYMOUSLY')"/>
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/login2.xhtml"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="sajjad" authorities="ROLE_USER" password="abcdef"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
我想验证应用程序的所有请求是 user
这里是 web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml
/WEB-INF/security-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- SPRING SECURITY RELATED CONFIG-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- JSF Servlet is defined to container -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Mapping with servlet and url for the http requests. -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
但问题是当我请求任何页面时,浏览器显示此错误:
(url 是 http://localhost:8080/login2.xhtml)
Tomcat Catalina Log
WARNING [RMI TCP Connection(18)-127.0.0.1] org.springframework.security.config.http.DefaultFilterChainValidator.checkLoginPageIsntProtected Anonymous access to the login page doesn't appear to be enabled.
This is almost certainly an error. Please check your configuration allows unauthenticated access to the configured login page.
(Simulated access was rejected:
org.springframework.security.access.AccessDeniedException: Access is denied)
当您第一次访问登录时;用户没有任何角色(因为他还没有登录 spring 安全)登录页面不应受角色限制;它应该对所有用户可用。