Spring-安全自定义表单未加载(未找到抛出页面)
Spring-security custom form not loading(throuwing page not found)
我一直在开发 Spring-mvc with apache velocity,现在坚持使用 Spring-security 集成。
我浏览了 mkyong 提供的文档和示例:http://www.mkyong.com/tutorials/spring-security-tutorials/
问题:每个其他请求都会发送到控制器,但“/login”没有到达控制器,因为控制台不显示模型对象的系统输出值。
这是我的 spring-security.xml:
<http auto-config="true" use-expressions="true">
<form-login login-page="/login" default-target-url="/sample.html" authentication-failure-url="/login?error" username-parameter="userName" password-parameter="password" />
<intercept-url pattern="/login*" access="isAnonymous()" />
<logout invalidate-session="true" logout-success-url="/login?success" />
<csrf />
</http>
控制器:
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
logger.info("Login Page Redirect..");
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("loginPage");
System.out.println("Print Model:"+model);
return model;
}
spring-servlet.xml
<beans xmlns="http://www......>
<mvc:annotation-driven />
<context:component-scan base-package="com.anksys.bgms"></context:component-scan>
<mvc:default-servlet-handler />
<!-- This bean sets up the Velocity environment for us based on a root path
for templates. Optionally, a properties file can be specified for more control
over the Velocity environment, but the defaults are pretty same for file
based template loading. -->
<bean id="velocityConfig"
class="org.springframework.web.servlet.view.velocity.VelocityConfigurer">
<property name="resourceLoaderPath" value="/WEB-INF/views/velocity/" />
</bean>
<!-- Velocity template resolver -->
<bean
class="org.springframework.web.servlet.view.velocity.VelocityLayoutViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.velocity.VelocityLayoutView" />
<property name="layoutUrl" value="base_template.vm"></property>
<property name="cache" value="true" />
<property name="prefix" value="" />
<property name="suffix" value=".vm" />
<property name="order" value="1" />
<property name="attributesMap">
<map>
<entry key="authz"><bean class="com.anksys.bgms.security.VelocityUserDetails"></bean></entry>
</map>
</property>
</bean>
<!-- JSP resolver -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
<property name="order" value="2" />
</bean>
loginPage.jsp路径:
webapp/WEB-INF/views/loginPage.jsp
请提出任何解决方法..
提前致谢..
以下是日志中的行。
2015-01-28 10:02:25 DEBUG DefaultRedirectStrategy:36 - Redirecting to 'http://localhost:8081/BGMS/login'
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:300 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-01-28 10:02:25 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:148 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:90 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@243b81d0. A new one will be created.
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 3 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-01-28 10:02:25 DEBUG AntPathRequestMatcher:127 - Request 'GET /login' doesn't match 'POST /j_spring_security_logout
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-01-28 10:02:25 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-01-28 10:02:25 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-01-28 10:02:25 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/BGMS/user/sample.html; arg2=/BGMS/login (property not equals)
2015-01-28 10:02:25 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-01-28 10:02:25 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa1b5a: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 8373E425131980C1C5DF87CB932C8AB0; Granted Authorities: ROLE_ANONYMOUS'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-01-28 10:02:25 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login'; against '/user/**'
2015-01-28 10:02:25 DEBUG FilterSecurityInterceptor:185 - Public object - authentication not attempted
2015-01-28 10:02:25 DEBUG FilterChainProxy:323 - /login reached end of additional filter chain; proceeding with original chain
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:300 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-01-28 10:02:25 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-01-28 10:02:25 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
对不起!!
在 web.xml url 映射标签中出错。
我一直在开发 Spring-mvc with apache velocity,现在坚持使用 Spring-security 集成。 我浏览了 mkyong 提供的文档和示例:http://www.mkyong.com/tutorials/spring-security-tutorials/
问题:每个其他请求都会发送到控制器,但“/login”没有到达控制器,因为控制台不显示模型对象的系统输出值。
这是我的 spring-security.xml:
<http auto-config="true" use-expressions="true">
<form-login login-page="/login" default-target-url="/sample.html" authentication-failure-url="/login?error" username-parameter="userName" password-parameter="password" />
<intercept-url pattern="/login*" access="isAnonymous()" />
<logout invalidate-session="true" logout-success-url="/login?success" />
<csrf />
</http>
控制器:
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
logger.info("Login Page Redirect..");
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("loginPage");
System.out.println("Print Model:"+model);
return model;
}
spring-servlet.xml
<beans xmlns="http://www......>
<mvc:annotation-driven />
<context:component-scan base-package="com.anksys.bgms"></context:component-scan>
<mvc:default-servlet-handler />
<!-- This bean sets up the Velocity environment for us based on a root path
for templates. Optionally, a properties file can be specified for more control
over the Velocity environment, but the defaults are pretty same for file
based template loading. -->
<bean id="velocityConfig"
class="org.springframework.web.servlet.view.velocity.VelocityConfigurer">
<property name="resourceLoaderPath" value="/WEB-INF/views/velocity/" />
</bean>
<!-- Velocity template resolver -->
<bean
class="org.springframework.web.servlet.view.velocity.VelocityLayoutViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.velocity.VelocityLayoutView" />
<property name="layoutUrl" value="base_template.vm"></property>
<property name="cache" value="true" />
<property name="prefix" value="" />
<property name="suffix" value=".vm" />
<property name="order" value="1" />
<property name="attributesMap">
<map>
<entry key="authz"><bean class="com.anksys.bgms.security.VelocityUserDetails"></bean></entry>
</map>
</property>
</bean>
<!-- JSP resolver -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
<property name="order" value="2" />
</bean>
loginPage.jsp路径:
webapp/WEB-INF/views/loginPage.jsp
请提出任何解决方法..
提前致谢..
以下是日志中的行。
2015-01-28 10:02:25 DEBUG DefaultRedirectStrategy:36 - Redirecting to 'http://localhost:8081/BGMS/login'
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:300 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-01-28 10:02:25 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:148 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:90 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@243b81d0. A new one will be created.
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 3 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-01-28 10:02:25 DEBUG AntPathRequestMatcher:127 - Request 'GET /login' doesn't match 'POST /j_spring_security_logout
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-01-28 10:02:25 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
2015-01-28 10:02:25 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
2015-01-28 10:02:25 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/BGMS/user/sample.html; arg2=/BGMS/login (property not equals)
2015-01-28 10:02:25 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-01-28 10:02:25 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa1b5a: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 8373E425131980C1C5DF87CB932C8AB0; Granted Authorities: ROLE_ANONYMOUS'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-01-28 10:02:25 DEBUG FilterChainProxy:337 - /login at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-01-28 10:02:25 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login'; against '/user/**'
2015-01-28 10:02:25 DEBUG FilterSecurityInterceptor:185 - Public object - authentication not attempted
2015-01-28 10:02:25 DEBUG FilterChainProxy:323 - /login reached end of additional filter chain; proceeding with original chain
2015-01-28 10:02:25 DEBUG HttpSessionSecurityContextRepository:300 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-01-28 10:02:25 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-01-28 10:02:25 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
对不起!!
在 web.xml url 映射标签中出错。