我有一个使用spring-security和数据库登录的jersey(rest)spring应用程序。我将它重定向到登录页面,一旦我输入有效的用户名和密码,它就会重定向回登录页面。
我需要编写其他代码和/或我的配置是否正确。
谢谢!
弹簧security.xml文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/images/**" security="none"/>
<http pattern="/css/**" security="none"/>
<http pattern="/static.css" security="none"/>
<http auto-config="true" disable-url-rewriting="true">
<intercept-url pattern="/login-page.html" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page='/login-page.html'
login-processing-url="/j_spring_security_check.action"
default-target-url="/static-page.html" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select username,password, email
from users where USERNAME=?"
authorities-by-username-query="
select u.username, ur.authority from users u, roles ur
where u.username = ur.username and u.username =? "
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
的web.xml
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:server-context.xml, classpath:spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>jersey-servlet</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>service.admin</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-servlet</servlet-name>
<url-pattern>/sample/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
parital dao application-context.xml,显示已创建的dataSource
...
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/sample" />
<property name="username" value="root" />
<property name="password" value="password" />
</bean>
...
日志消息 - 尝试登录后
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/images/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/css/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/static.css'
[...web.FilterChainProxy] /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[...web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT
[...web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@466481eb. A new one will be created.
[...web.FilterChainProxy] /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[...web.savedrequest.DefaultSavedRequest] pathInfo: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] queryString: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] requestURI: arg1=/sample/; arg2=/sample/j_spring_security_check (property not equals)
[...web.savedrequest.HttpSessionRequestCache] saved request doesn't match
[...web.FilterChainProxy] /j_spring_security_check at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[...web.authentication.AnonymousAuthenticationFilter] Populated SecurityContextHolder with anonymous token: '...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS'
[...web.FilterChainProxy] /j_spring_security_check at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/login-page.html'
[...web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /j_spring_security_check; Attributes: [ROLE_USER]
[...web.access.intercept.FilterSecurityInterceptor] Previously Authenticated: ...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS
[...access.vote.AffirmativeBased] Voter: ...access.vote.RoleVoter@52c51614, returned: -1
[...access.vote.AffirmativeBased] Voter: ...access.vote.AuthenticatedVoter@175023d2, returned: 0
[...web.access.ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentication entry point
...access.AccessDeniedException: Access is denied
at ...access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at ...access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205)
at ...web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
at ...web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at ...web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at ...web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
[...web.savedrequest.HttpSessionRequestCache] DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/sample/j_spring_security_check]
[...web.access.ExceptionTranslationFilter] Calling Authentication entry point.
[...web.DefaultRedirectStrategy] Redirecting to 'http://localhost:8080/sample/login-page.html'
[...web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[...web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/images/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/css/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/static.css'
[...web.FilterChainProxy] /login-page.html at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[...web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT
[...web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@466481eb. A new one will be created.
[...web.FilterChainProxy] /login-page.html at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
[...web.FilterChainProxy] /login-page.html at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
[...web.FilterChainProxy] /login-page.html at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
[...web.FilterChainProxy] /login-page.html at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[...web.savedrequest.DefaultSavedRequest] pathInfo: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] queryString: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] requestURI: arg1=/sample/j_spring_security_check; arg2=/sample/login-page.html (property not equals)
[...web.savedrequest.HttpSessionRequestCache] saved request doesn't match
[...web.FilterChainProxy] /login-page.html at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[...web.FilterChainProxy] /login-page.html at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[...web.authentication.AnonymousAuthenticationFilter] Populated SecurityContextHolder with anonymous token: '...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS'
[...web.FilterChainProxy] /login-page.html at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
[...web.FilterChainProxy] /login-page.html at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[...web.FilterChainProxy] /login-page.html at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/login-page.html'
[...web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /login-page.html; Attributes: [ROLE_ANONYMOUS]
[...web.access.intercept.FilterSecurityInterceptor] Previously Authenticated: ...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS
[...access.vote.AffirmativeBased] Voter: ...access.vote.RoleVoter@52c51614, returned: 1
[...web.access.intercept.FilterSecurityInterceptor] Authorization successful
[...web.access.intercept.FilterSecurityInterceptor] RunAsManager did not change Authentication object
[...web.FilterChainProxy] /login-page.html reached end of additional filter chain; proceeding with original chain
[...web.access.ExceptionTranslationFilter] Chain processed normally
[...web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[...web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/images/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/css/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/static.css'
[...web.FilterChainProxy] /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[...web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT
[...web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@466481eb. A new one will be created.
[...web.FilterChainProxy] /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[...web.savedrequest.DefaultSavedRequest] pathInfo: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] queryString: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] requestURI: arg1=/sample/; arg2=/sample/j_spring_security_check (property not equals)
[...web.savedrequest.HttpSessionRequestCache] saved request doesn't match
[...web.FilterChainProxy] /j_spring_security_check at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[...web.authentication.AnonymousAuthenticationFilter] Populated SecurityContextHolder with anonymous token: '...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS'
[...web.FilterChainProxy] /j_spring_security_check at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[...web.FilterChainProxy] /j_spring_security_check at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[...web.util.AntPathRequestMatcher] Checking match of request : '/j_spring_security_check'; against '/login-page.html'
[...web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /j_spring_security_check; Attributes: [ROLE_USER]
[...web.access.intercept.FilterSecurityInterceptor] Previously Authenticated: ...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS
[...access.vote.AffirmativeBased] Voter: ...access.vote.RoleVoter@52c51614, returned: -1
[...access.vote.AffirmativeBased] Voter: ...access.vote.AuthenticatedVoter@175023d2, returned: 0
[...web.access.ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentication entry point
...access.AccessDeniedException: Access is denied
...(removed full stack trace)
[...web.savedrequest.HttpSessionRequestCache] DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/sample/j_spring_security_check]
[...web.access.ExceptionTranslationFilter] Calling Authentication entry point.
[...web.DefaultRedirectStrategy] Redirecting to 'http://localhost:8080/sample/login-page.html'
[...web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[...web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/images/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/css/**'
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/static.css'
[...web.FilterChainProxy] /login-page.html at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[...web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT
[...web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@466481eb. A new one will be created.
[...web.FilterChainProxy] /login-page.html at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
[...web.FilterChainProxy] /login-page.html at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
[...web.FilterChainProxy] /login-page.html at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
[...web.FilterChainProxy] /login-page.html at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[...web.savedrequest.DefaultSavedRequest] pathInfo: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] queryString: both null (property equals)
[...web.savedrequest.DefaultSavedRequest] requestURI: arg1=/sample/j_spring_security_check; arg2=/sample/login-page.html (property not equals)
[...web.savedrequest.HttpSessionRequestCache] saved request doesn't match
[...web.FilterChainProxy] /login-page.html at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[...web.FilterChainProxy] /login-page.html at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[...web.authentication.AnonymousAuthenticationFilter] Populated SecurityContextHolder with anonymous token: '...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS'
[...web.FilterChainProxy] /login-page.html at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
[...web.FilterChainProxy] /login-page.html at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[...web.FilterChainProxy] /login-page.html at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[...web.util.AntPathRequestMatcher] Checking match of request : '/login-page.html'; against '/login-page.html'
[...web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /login-page.html; Attributes: [ROLE_ANONYMOUS]
[...web.access.intercept.FilterSecurityInterceptor] Previously Authenticated: ...authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: ...web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 37AD1209E0F0EC148C607B42933758BF; Granted Authorities: ROLE_ANONYMOUS
[...access.vote.AffirmativeBased] Voter: ...access.vote.RoleVoter@52c51614, returned: 1
[...web.access.intercept.FilterSecurityInterceptor] Authorization successful
[...web.access.intercept.FilterSecurityInterceptor] RunAsManager did not change Authentication object
[...web.FilterChainProxy] /login-page.html reached end of additional filter chain; proceeding with original chain
[...web.access.ExceptionTranslationFilter] Chain processed normally
[...web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[...web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed
答案 0 :(得分:3)
您尝试使用 / j_spring_security_check 发送身份验证,但在您声明的配置中:
login-processing-url="/j_spring_security_check.action"
该网址未被拦截,因此您无法登录。