Java Spring Security 登录错误:HTTP 状态 404 - /j_spring_security_check
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19227136/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Security Login Error : HTTP Status 404 - /j_spring_security_check
提问by Mithun Sasidharan
Hi I am trying to configure spring security on my application.But once I enter the username and password and submit the form, I get error
嗨,我正在尝试在我的应用程序上配置 spring 安全性。但是一旦我输入用户名和密码并提交表单,我就会收到错误
HTTP Status 404 - /j_spring_security_check The requested resource is not available.
HTTP Status 404 - /j_spring_security_check The requested resource is not available.
Following are the my configuration files :
以下是我的配置文件:
web.xml
网页.xml
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml,/WEB-INF/taskTracker-app.xml,/WEB-INF/taskTracker-servlet.xml,/WEB-INF/taskTracker-security.xml</param-value>
</context-param>
<servlet>
<servlet-name>taskTracker</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>taskTracker</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
taskTracker-servlet.xml
taskTracker-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.directwebremoting.org/schema/spring-dwr
http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd">
<bean id="TaskTrackerLoginController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController">
<property name="viewName">
<value>/taskTracker/sign-in</value>
</property>
</bean>
<bean id="TaskTrackerErrorController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController">
<property name="viewName">
<value>/taskTracker/error</value>
</property>
</bean>
<bean id="WelcomeController" class="com.tracker.web.controllers.WelcomeController">
<property name="BusinessLogic">
<ref bean="BusinessLogic" />
</property>
<property name="viewName">
<value>/taskTracker/welcome</value>
</property>
</bean>
<bean id="nonSecurePageMappings"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/taskTracker/sign-in.html">TaskTrackerLoginController</prop>
<prop key="/taskTracker/error.html">TaskTrackerErrorController</prop>
</props>
</property>
</bean>
<bean id="PageMappings"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/taskTracker/welcome.html">WelcomeController</prop>
</props>
</property>
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass">
<value>org.springframework.web.servlet.view.JstlView</value>
</property>
<property name="prefix">
<value>/WEB-INF/jsp/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
</beans>
taskTracker-security.xml
taskTracker-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<bean id="SecurityService" class="com.tracker.web.security.SecurityService">
<property name="BusinessLogic">
<ref bean="BusinessLogic" />
</property>
</bean>
<security:http access-denied-page="/taskTracker/tracker/error.html" auto-config="false">
<security:session-management invalid-session-url="/taskTracker/sign-in.html">
</security:session-management>
<security:form-login login-page="/taskTracker/sign-in.html" default-target-url="/taskTracker/welcome.html"
always-use-default-target="false" authentication-failure-url="/taskTracker/sign-in.html?error=1" />
<security:logout invalidate-session="true" logout-success-url="/taskTracker/sign-in.html" />
<security:intercept-url pattern="/taskTracker/sign-in.html*" filters="none" />
<security:intercept-url pattern="/taskTracker/welcome.html*" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="SecurityService" />
</security:authentication-manager>
</beans>
taskTracker-app.xml
taskTracker-app.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.directwebremoting.org/schema/spring-dwr
http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd">
<bean id="userDao" class="com.tracker.data.dao.jdbc.UserJdbcDao">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="BusinessLogic" class="com.tracker.business.logic.TrackerBusinessLogicImpl">
<property name="userLogic">
<ref bean="userLogic" />
</property>
</bean>
<bean id="userLogic" class="com.tracker.business.logic.user.UserLogic">
<property name="userDao">
<ref bean="userDao" />
</property>
</bean>
</beans>
SecurityService.java
安全服务.java
package com.tracker.web.security;
import org.apache.log4j.Logger;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.tracker.business.logic.TrackerBusinessLogic;
import com.tracker.business.model.User;
public class SecurityService implements UserDetailsService {
private final static Logger log = Logger.getLogger(SecurityService.class);
private TrackerBusinessLogic trackerBusinessLogic;
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
String errMsg = "User with username: " + username;
User user = trackerBusinessLogic.loadUser(username);
if(user!=null) {
// user has been loaded
} else {
log.error("User with username: " + username + " not found");
}
return user;
}
public TrackerBusinessLogic getBusinessLogic() {
return trackerBusinessLogic;
}
public void setBusinessLogic(TrackerBusinessLogic trackerBusinessLogic) {
this.trackerBusinessLogic = trackerBusinessLogic;
}
}
sign-in.jsp
登录.jsp
<html lang="en-US">
<head>
<title>Login</title>
</head>
<body>
<div class="login">
<h1>Task Tracker Login</h1>
<form action="/j_spring_security_check" method="post">
<input type="text" name="j_username" value="" placeholder="Username" required="required" />
<input type="password" name="j_password" placeholder="Password" required="required" />
<input type="hidden" name="referrer" value="${param.referrer}" />
<input type="submit" value="Let me in." class="btn btn-primary btn-block btn-large">
</form>
</div>
</body>
</html>
Please help me with what am I missing here. Thank You.
请帮我解决我在这里缺少的东西。谢谢你。
采纳答案by Debojit Saikia
In your sign-in.jsp, you need to change the URLto which you are submitting the login request, which you can achieve as below:
在您的 中sign-in.jsp,您需要更改URL您提交登录请求的目标,您可以按如下方式实现:
<c:url value="/j_spring_security_check" var="loginUrl" />
and use this in your form action:
并在您的表单操作中使用它:
<form action="${loginUrl}" method="post">
The login-processing-urlattribute defaults to /j_spring_security_check, and specifies the URL that the login form (which should include the usernameand password) should be submitted to, using an HTTP post.
该login-processing-url属性默认为/j_spring_security_check, 并使用 HTTP 帖子指定登录表单(应包括username和password)应提交到的 URL 。
回答by ZaptoS
I fixed that error when add ${request.contextPath} before /j_spring_security_check
我在 /j_spring_security_check 之前添加 ${request.contextPath} 时修复了该错误
回答by Binayak
Not related to this particular problem (but related with "j_spring_security_check 404" issue). Thought it might help anyone trying to solve the same problem with spring 4, even when all the settings are correct.
与此特定问题无关(但与“j_spring_security_check 404”问题有关)。认为即使所有设置都正确,它可能会帮助任何尝试使用 spring 4 解决相同问题的人。
Since Spring 4, spring has csrf enabled by default, so first check with csrf disabled, if this solves "j_spring_security_check 404" issue.
从 Spring 4 开始,spring 默认启用了 csrf,所以首先检查禁用 csrf,如果这解决了“j_spring_security_check 404”问题。
<http>
<!-- ... -->
<csrf disabled="true"/>
</http>
This is just for test, and if it does work, then enable it again, because disabling csrf is not a good idea for web-app these days. So remove that
这仅用于测试,如果它确实有效,则再次启用它,因为现在禁用 csrf 对 web-app 来说不是一个好主意。所以删除那个
<csrf disabled="true" />
line ('coz crsf is enabled by default), and add a csrf token field in your authentication input form as:
行('coz crsf 默认启用),并在您的身份验证输入表单中添加一个 csrf 令牌字段:
<form action="${loginUrl}" method="post">
<input ... />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
OR
或者
<form action="${loginUrl}?${_csrf.parameterName}=${_csrf.token}" method="post"> .... </form>
