java 为什么我的自定义登录页面在 Spring Security 4 中不显示?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29595098/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why doesn't my custom login page show with Spring Security 4?
提问by vphilipnyc
I am able to use a custom login page with Spring Security 3.2.4, but after migrating with the code below using 4.0.0, I see a generic login form instead of my custom one:
我可以在 Spring Security 3.2.4 中使用自定义登录页面,但是在使用 4.0.0 迁移下面的代码后,我看到一个通用登录表单而不是我的自定义登录表单:
<beans:bean id="authSuccessHandler" class="com.company.web.RoleBasedAuthenticationSuccessHandler" />
<http disable-url-rewriting="false" use-expressions="true">
<form-login login-page="/login"
username-parameter="j_username"
password-parameter="j_password"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login?login_error=true"
authentication-success-handler-ref="authSuccessHandler"/>
<!-- SOME INTERCEPT-URLs (redacted) -->
<intercept-url pattern="/login" access="permitAll"/>
<remember-me
remember-me-parameter="_spring_security_remember_me"
remember-me-cookie="SPRING_SECURITY_REMEMBER_ME_COOKIE"/>
<logout
logout-url="/j_spring_security_logout"
logout-success-url="/index" />
</http>
I also tried enabling debug logging on the various Spring classes. I set it on my custom authSuccessHandler, but I don't see any output from it. No luck with searching on SO or Google either.
我还尝试在各种 Spring 类上启用调试日志记录。我将它设置在我的自定义 authSuccessHandler 上,但我没有看到它的任何输出。在 SO 或 Google 上搜索也不走运。
Is there anything incompatible about this configuration?
这个配置有什么不兼容的吗?
Update:
更新:
I'm also using Apache Tiles as so:
我也在使用 Apache Tiles:
<definition name="login" extends="scrollableLayout">
<put-attribute name="header" value="/WEB-INF/jsp/heading_blue.jsp"/>
<put-attribute name="body" value="/WEB-INF/jsp/login.jsp"/>
</definition>
And using the following:
并使用以下内容:
<mvc:view-controller path="/login" />
采纳答案by manish
Spring Security 3.x used spring_security_loginas the default login URL (source: official documentation). This could be set to a custom value as <security:form-login login-page="/login">and mapped to a controller to render a custom page.
Spring Security 3.x 用作spring_security_login默认登录 URL(source:官方文档)。这可以设置为自定义值<security:form-login login-page="/login">并映射到控制器以呈现自定义页面。
Spring Security 4.x has abandoned spring_security_loginand switched to loginas the default login URL (source: official Spring Security 4.x migration guide). Therefore, the URL loginnow goes to the default Spring Security infrastructure, that displays the default, auto-generated login page.
Spring Security 4.x 已放弃spring_security_login并切换login为默认登录 URL(source:官方 Spring Security 4.x 迁移指南)。因此,URLlogin现在转到默认的 Spring Security 基础设施,显示默认的、自动生成的登录页面。
The remedy is simple if you are using JSP as the view rendering technology. Simply rename your login page to login.jsp, drop it in the root folder of the page hierarchy and Spring Security will pick it up automatically. If you are not using JSP, you will have to use a different login-pagevalue (perhaps signininstead of loginand then change your controller mapping as well.
如果您使用 JSP 作为视图渲染技术,补救方法很简单。只需将您的登录页面重命名为login.jsp,将其放到页面层次结构的根文件夹中,Spring Security 就会自动选取它。如果您不使用 JSP,您将不得不使用不同的login-page值(也许signin代替login然后更改您的控制器映射。
Note that the default logout URL has also changed in 4.x. If you have any custom logic written for the logout URL, do make sure to review that as well.
请注意,4.x 中的默认注销 URL 也已更改。如果您为注销 URL 编写了任何自定义逻辑,请务必同时查看。
Do review the official migration guide as a lot of things have changed in 4.x.
请查看官方迁移指南,因为 4.x 中发生了很多变化。
