当前位置:theitroad>Java 未调用 Spring Security j_spring_security_check

Java 未调用 Spring Security j_spring_security_check

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/16452044/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-16 06:59:29  来源:igfitidea点击:

Spring Security j_spring_security_check not invoked

javaspringspring-security

提问by Rohit Banga

I have a Spring WebApp using custom User, Roles, Permissions tables custom (read "naive") authentication.

我有一个使用自定义用户、角色、权限表自定义(阅读“天真”)身份验证的 Spring WebApp。

I am migrating the code to use Spring Security now. I read tutorials and got to the point where my login.jsp page, css, js, png files can be accessed ANONYMOUSLY. I have a form with action attribute as "j_spring_security_check". On submitting the form the browser performs an HTTP Post to this URL which results in a 404.

我现在正在迁移代码以使用 Spring Security。我阅读了教程并达到了可以匿名访问我的 login.jsp 页面、css、js、png 文件的程度。我有一个动作属性为“j_spring_security_check”的表单。在提交表单时,浏览器会对该 URL 执行 HTTP Post,这会导致 404。

Now I am not mapping j_spring_security_check using RequestMapping. Is that required? When should we have a request mapping for this URL?

现在我没有使用RequestMapping. 这是必须的吗?我们什么时候应该有这个 URL 的请求映射?

In my authentication provider I provide a reference to a bean of a class which implements UserDetailsService. I am expecting Spring to perform the authentication by invoking loadUserByUserName but this method never gets invoked. Why is the method not invoked? Have I misunderstood how authentication should work? Do I need to provide a custom request mapping for j_spring_security_check to make it work?

在我的身份验证提供程序中,我提供了对实现 UserDetailsS​​ervice 的类的 bean 的引用。我希望 Spring 通过调用 loadUserByUserName 来执行身份验证,但是这个方法永远不会被调用。为什么不调用该方法?我是否误解了身份验证应该如何工作?我是否需要为 j_spring_security_check 提供自定义请求映射才能使其工作?

Here is my Custom User Details Service:

这是我的自定义用户详细信息服务:

@Service(value="myUserDetailsService")
public class LoginUserService implements UserDetailsService {

  @Autowired
  private UserRepository userRepository;

  @Override
  public UserDetails loadUserByUsername(String username)
      throws UsernameNotFoundException {

    System.out.println("here");

    User user = userRepository.findUser(username);
    if (user != null)
      return new V2VUserDetails(user);
    else
      return null;
  }

}

Here is my security XML:

这是我的安全 XML:

    <http pattern="/**/*.css" security="none" />
    <http pattern="/**/*.js" security="none" />
    <http pattern="/**/*.png" security="none" />

    <http auto-config="true">
      <intercept-url pattern="/login.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <intercept-url pattern="/**" access="ROLE_USER" />
      <form-login login-page="/login.html"
                  login-processing-url="/j_spring_security_check"
                  default-target-url="/welcomePage.html"
                  authentication-failure-url="/welcomePage.html"
                  always-use-default-target="true" />
    </http>

  <authentication-manager>
    <authentication-provider user-service-ref='myUserDetailsService'/>
  </authentication-manager>

  <beans:bean id="myUserDetailsService"
    class="security.LoginUserService">
  </beans:bean>

I checked several answers on Stackoverflow and other sites but could not fix the problem.

我在 Stackoverflow 和其他网站上检查了几个答案,但无法解决问题。

EditTried the suggestion given here. Now getting BeanFactory not initialized error.

编辑尝试了此处给出的建议。现在得到 BeanFactory 未初始化错误。

EditcontextConfigLocation /WEB-INF/security-v2v-servlet.xml

编辑contextConfigLocation /WEB-INF/security-v2v-servlet.xml 

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>FORWARD</dispatcher>
</filter-mapping>

Update

更新

Current web.xml

当前的 web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         id="WebApp_ID" version="2.5">

    <display-name>Spring3MVC</display-name>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/security-v2v-servlet.xml</param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    <error-page>
        <error-code>500</error-code>
        <location>/errorPage.jsp</location>
    </error-page>
    <error-page>
        <error-code>404</error-code>
        <location>/errorPage.jsp</location>
    </error-page>

    <servlet>
        <servlet-name>v2v</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet>
        <servlet-name>Resource Servlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.ResourceServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>v2v</servlet-name>
        <url-pattern>*.html</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>v2v</servlet-name>
        <url-pattern>*.zip</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>*.css</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>*.js</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>*.jpeg</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>*.gif</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>*.png</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/j_spring_security_check</url-pattern>
    </servlet-mapping>

    <filter>
      <filter-name>UserAddFilter</filter-name>
      <filter-class>
          filter.UserInfoAddToThreadFilter
      </filter-class>
    </filter>
    <filter-mapping>
      <filter-name>UserAddFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>FORWARD</dispatcher>
    </filter-mapping>



    <listener>
      <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    </listener>

</web-app>

回答by Biju Kunjummen

You don't need to create a @RequestMappingfor /j_spring_security_check, that pattern is intercepted by Spring Security Filter and should direct you to your login page.

您不需要创建@RequestMappingfor /j_spring_security_check,该模式会被 Spring Security Filter 拦截,并应将您定向到您的登录页面。

My guess on what is going wrong is that probably the way you have set up the Spring Security Filter. You should have the following entries in your web.xml for your filter:

我对出了什么问题的猜测可能是您设置 Spring Security Filter 的方式。您的 web.xml 中应该为您的过滤器提供以下条目:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

and the Security config file should be loaded up through Root Web application context - one loaded through ContextLoaderListenerNOT the one through DispatcherServlet, eg:

并且安全配置文件应该通过根 Web 应用程序上下文加载 - 一个ContextLoaderListener不是通过 DispatcherServlet加载的,例如:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:/META-INF/context-security.xml</param-value>
</context-param>

If your configuration is along these lines, it should just work.

如果您的配置符合这些要求,它应该可以正常工作。

回答by Michael

  1. Please ensure you have in the login form action j_spring_security_check
  2. Not related to your problem but I recommend to remove the anonymous permission from /j_spring_security_check(remove the following line). Only the login form should have the anonymous permission. <intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  1. 请确保您在登录表单中操作 j_spring_security_check
  2. 与您的问题无关,但我建议从/j_spring_security_check(删除以下行)中删除匿名权限。只有登录表单应该具有匿名权限。<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" />

UpdatePlease remove from web.xml

更新请从 web.xml 中删除

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>/j_spring_security_check</url-pattern>
</servlet-mapping>

相关推荐

如何创建动态二维数组 [JAVA]

如何创建动态二维数组 [JAVA]

如何从 Java 中的 XML 文件中删除 BOM

如何从 Java 中的 XML 文件中删除 BOM

无法在 Ubuntu 13.04 的 R 3.0 中安装 rJava

无法在 Ubuntu 13.04 的 R 3.0 中安装 rJava

Java 在 Tomcat 上运行 Play Framework 2.0?

Java 在 Tomcat 上运行 Play Framework 2.0?

相关推荐
最近更新
标签