java j_spring_security_check 总是重定向到登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31627869/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
j_spring_security_check always redirect to login
提问by vincent
I got spring security 4 with custom login form and custom UserDetailsService. The problem is every time i submit to j_spring_security_checkit will always redirect back to login page. It feels like it's treating j_spring_security_checkanother resource within my container.
我使用自定义登录表单和自定义UserDetailsService. 问题是每次我提交给j_spring_security_check它时都会重定向回登录页面。感觉就像是在处理j_spring_security_check我容器中的另一个资源。
below is my config. Anything I'm missing?
下面是我的配置。我缺少什么吗?
application-security.xml
应用程序-security.xml
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/logout" access="permitAll" />
<security:intercept-url pattern="/css/**/*.css" access="permitAll" />
<security:intercept-url pattern="/fonts/*.*" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:form-login login-page="/login" default-target-url="/landing" authentication-failure-url="/login?error" authentication-success-handler-ref="loginSuccesHandler" />
<security:logout logout-success-url="/logout" />
<security:csrf disabled="true" />
</security:http>
<security:authentication-manager>
<security:authentication-provider ref="daoAuthenticationProvider" />
</security:authentication-manager>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="userDetailsService" class="a.b.c.MyAppUserDetailService" />
<bean id="loginSuccesHandler" class="a.b.c.LoginSuccessHandler" />
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
login.jsp
登录.jsp
<body>
<form action="<c:url value='j_spring_security_check'/>" name="f" method="post">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<div class="form-group">
<label class="control-label" for="username">Username</label> <input type="text" name="j_username" id="username" class="form-control" style="font-size: 1.5em" maxlength="100" />
</div>
<div class="form-group">
<label class="control-label" for="password">Password</label> <input type="password" name="j_password" id="password" class="form-control" style="font-size: 1.5em" maxlength="100" />
</div>
<button class="btn btn-lg btn-info btn-block shadow-z-3" type="submit"> Login </button>
</form>
</body>
login controller
登录控制器
@Controller
@RequestMapping(value="/login")
public class LoginController {
@RequestMapping(method = RequestMethod.GET)
public String login(HttpSession session,HttpServletRequest req, ModelMap model) {
AuthenticationException ase = (AuthenticationException) session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
if (ase != null) {
model.addAttribute("errorMsg",ase.getMessage());
}
return "login";
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpSession session) {
return "login";
}
}
