1. 首页
  2. 问答
  3. 总是为Spring返回404 j_spring_security_check

总是为Spring返回404 j_spring_security_check

2015-09-27 317 views
0

我尝试使用spring来创建Web应用程序,并且有一个页面用于对用户进行身份验证并识别用户的角色。但是登录后,我总是得到404,并且回顾我的日志,AuthenticationFilter甚至无法识别用户角色。请帮助我..我花了几天的时间,但仍然没有预期的结果。谢谢。总是为Spring返回404 j_spring_security_check

这是我的配置和代码。

的web.xml

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value>/WEB-INF/security-context.xml</param-value> 
</context-param> 

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 


<servlet> 
    <servlet-name>user-dispatcher</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <load-on-startup>1</load-on-startup> 
</servlet> 

<servlet-mapping> 
    <servlet-name>user-dispatcher</servlet-name> 
    <url-pattern>/user/*</url-pattern> 
</servlet-mapping>

安全的context.xml

<http auto-config='true'> 
    <intercept-url pattern="/user/operation/Healthcheck" 
     access="ROLE_USER" /> 
    <form-login login-page="/" default-target-url="/" 
     authentication-failure-url="/?login=error" /> 
    <logout logout-success-url="/" /> 
</http> 

<authentication-manager> 
    <authentication-provider> 
     <user-service> 
      <user name="tester" password="test" authorities="ROLE_USER" /> 
     </user-service> 
    </authentication-provider> 
</authentication-manager>

我的控制器类

@Controller 
@RequestMapping("/operation") 
public class UserOperationController { 

     @RequestMapping("") 
     public ModelAndView home() { 
      return new ModelAndView("index"); 
     } 


     @RequestMapping("/Healthcheck") 
     public ModelAndView healthCheck() { 

      ....Some Operation.... 

      return new ModelAndView("healthcheck", "result", "positive"); 
     } 
}

的index.jsp

<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%> 

<c:set var="base" value="${pageContext.request.contextPath }/user/operation/" scope="session"/> 
<sec:authentication property="principal" var="auth" scope="session" /> 

<html> 
<body> 
<h2>Hello World!</h2> 
<h2>${auth }</h2> 
<form action="${base }j_spring_security_check" method="post"> 
    Username:<input type="text" name="j_username" /><br/> 
    Password:<input type="password" name="j_password" /><br/> 
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> <br/> 
    <input type="submit" value="Login" /> 
</form> 
<a href="${base }j_spring_security_logout">Logout</a> 
</body> 
</html>

我在Tomcat中得到消息日志

2015-09-28 01:15:57 DEBUG AntPathRequestMatcher:151 - Checking match of request 
: '/user/operation/j_spring_security_check'; against '/login' 
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi 
ty_check at position 7 of 13 in additional filter chain; firing Filter: 'BasicAu 
thenticationFilter' 
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi 
ty_check at position 8 of 13 in additional filter chain; firing Filter: 'Request 
CacheAwareFilter' 
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi 
ty_check at position 9 of 13 in additional filter chain; firing Filter: 'Securit 
yContextHolderAwareRequestFilter' 
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi 
ty_check at position 10 of 13 in additional filter chain; firing Filter: 'Anonym 
ousAuthenticationFilter' 
2015-09-28 01:15:57 DEBUG AnonymousAuthenticationFilter:100 - Populated Security 
ContextHolder with anonymous token: 'org.springframework.security.authentication 
[email protected]: Principal: anonymousUser; Credentials: [ 
PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authe 
[email protected]: RemoteIpAddress: 127.0.0.1; Session 
Id: 8DBBBE56C5021B1DC6DC04236AFD7569; Granted Authorities: ROLE_ANONYMOUS' 
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi 
ty_check at position 11 of 13 in additional filter chain; firing Filter: 'Sessio 
nManagementFilter' 
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi 
ty_check at position 12 of 13 in additional filter chain; firing Filter: 'Except 
ionTranslationFilter' 
2015-09-28 01:15:57 DEBUG FilterChainProxy:324 - /user/operation/j_spring_securi 
ty_check at position 13 of 13 in additional filter chain; firing Filter: 'Filter 
SecurityInterceptor' 
2015-09-28 01:15:57 DEBUG AntPathRequestMatcher:151 - Checking match of request 
: '/user/operation/j_spring_security_check'; against '/user/operation/healthchec 
k' 
2015-09-28 01:15:57 DEBUG FilterSecurityInterceptor:209 - Public object - authen 
tication not attempted 
2015-09-28 01:15:57 DEBUG FilterChainProxy:309 - /user/operation/j_spring_securi 
ty_check reached end of additional filter chain; proceeding with original chain 
2015-09-28 01:15:57 DEBUG DispatcherServlet:861 - DispatcherServlet with name 'u 
ser-dispatcher' processing POST request for [/UsquareAppSource/user/operation/j_ 
spring_security_check] 
2015-09-28 01:15:57 DEBUG RequestMappingHandlerMapping:319 - Looking up handler 
method for path /operation/j_spring_security_check 
2015-09-28 01:15:57 DEBUG RequestMappingHandlerMapping:329 - Did not find handle 
r method for [/operation/j_spring_security_check] 
2015-09-28 01:15:57 WARN PageNotFound:1136 - No mapping found for HTTP request 
with URI [/UsquareAppSource/user/operation/j_spring_security_check] in Dispatche 
rServlet with name 'user-dispatcher' 
2015-09-28 01:15:57 DEBUG HttpSessionSecurityContextRepository:337 - SecurityCon 
text is empty or contents are anonymous - context will not be stored in HttpSess 
ion.

我怀疑这可能是认证管理问题,因为它甚至不能点击登录按钮后,确定用户角色.... 或者登录页面路径不应该与调度程序 - servlet url模式混合? 非常感谢

来源

2015-09-27 SerMintt

+0

因为您的网址有误。它是'/ j_spring_security_check'(在新版本中它是'/ login'),不包括你调用的调度器servlet或控制器的路径。你的'$ {base}'是错误的,我强烈建议使用URL标记,而不是试图自己破解一个URL。 –

回答

1

感谢M. Deinum

我发现/ j_spring_security_check,为j_username和为j_password已经在4.0.2.RELEASE版本被弃用。

现在我将我的jsp更改为以下版本,它现在可以工作。

<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%> 

<sec:authentication property="principal" var="auth" scope="session" /> 

<html> 
<body> 
<h2>Hello World!</h2> 
<h2>${auth }</h2> 
<form action="<c:url value='/login' />" method="POST"> 
    Username:<input type="text" name="username" /><br/> 
    Password:<input type="password" name="password" /><br/> 
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> <br/> 
    <input type="submit" value="Login" /> 
</form> 
</body> 
</html>

来源

2015-09-28 08:44:07 SerMintt

相关问题

 相关问题