它是来自spring security config的片段:
<form-login login-page="/home.jsp"
authentication-failure-url="/loginFailed" default-target-url="/index" />
<logout logout-success-url="/logOut" />
但是,如果我成功进入,我会前往/logOut
如果点击退出 - 转到home.jsp
。
如果登录失败 - home.jsp
有什么奇怪的行为?
更新
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>home.jsp</welcome-file>
</welcome-file-list>
</web-app>
根context.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<!-- Настраивает управление транзакциями с помощью аннотации @Transactional -->
<!-- -->
<import resource="classpath:spring/BeanConfig.xml" />
<!-- Файл с настройками Security -->
<import resource="security_config.xml" />
<!-- <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> -->
<!-- <property name="basename" value="/WEB-INF/messages/messages" /> -->
<!-- </bean> -->
</beans>
securuty_config.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http use-expressions="true" >
<intercept-url pattern="/home.jsp" access="permitAll" />
<intercept-url pattern="/*" access="isAuthenticated()"/>
<form-login login-page="/home.jsp"
authentication-failure-url="/loginFailed" default-target-url="/index" />
<logout logout-success-url="/logOut" />
</http>
<authentication-manager>
<authentication-provider ref="provider" />
<!-- <authentication-provider> -->
<!-- <user-service> -->
<!-- <user name="name" authorities="ROLE_USER"/> -->
<!-- </user-service> -->
<!-- </authentication-provider> -->
</authentication-manager>
</beans:beans>
形成真相化片段:
<form method="POST" action="<c:url value="/j_spring_security_check" />"
答案 0 :(得分:1)
您好@ user2740224可以尝试security_config.xml
这样的事情:
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<http use-expressions="true" >
<intercept-url pattern="/index*" access="isAuthenticated()" />
<form-login login-page="/home" default-target-url="/index" always-use-default-target="true" authentication-failure-url="/loginFailed" />
<logout logout-success-url="/home" delete-cookies="JSESSIONID" invalidate-session="true" />
...
</http>
我希望能帮到你:)