我使用spring 4.1.6和spring security 4.0.6 我正在尝试为主页和管理页面单独登录/注销。原因是主页通过iframe绑定了单点登录的东西。 主页上的所有工作都正常,但我在管理页面上实施登录时遇到了麻烦。
我将断点放到adminAuthenticationFilter.successfulAuthentication()中,看起来它从未被调用过。 我尝试了以下方法:
POST "username" and "password" to "http://localhost:8086/app/admin/login" - returns login page without calling successfulAuthentication()
POST "username" and "password" to "http://localhost:8086/app/login" - returns 404 error
POST via old-way: "j_username" and "j_password" to "http://localhost:8086/app/admin/j_spring_security_check" or "http://localhost:8086/app/j_spring_security_check" - gives 404 error
这是我的security.xml配置
<http auto-config="false" entry-point-ref="mainpageAuthenticationEntryPoint" create-session="ifRequired" >
<intercept-url pattern="/mainpage*" access="hasRole('ROLE_SIMPLE')" />
<custom-filter before="BASIC_AUTH_FILTER" ref="mainpageLoginTokenFilter" />
<logout logout-url="/logout" success-handler-ref="mainpageLogoutSuccessHandler" />
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
<access-denied-handler error-page="/error.html"/>
<csrf disabled="true" />
</http>
<http pattern="/adminpage" request-matcher="regex" auto-config="false" entry-point-ref="adminAuthenticationEntryPoint">
<intercept-url pattern="/adminpage" access="hasRole('ROLE_ADMIN')"/>
<logout logout-url="/admin/logout" success-handler-ref="adminLogoutSuccessHandler"/>
<custom-filter position="FORM_LOGIN_FILTER" ref="adminAuthenticationFilter"/>
</http>
<beans:bean id="adminAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg name="loginFormUrl" value="/admin/login"/>
</beans:bean>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<mvc:view-controller path="/admin/login" view-name="login"/>
<mvc:view-controller path="/admin/logout" view-name="login"/>
我研究了其他类似的问题,但没有成功解决这个问题。将不胜感激任何帮助。感谢。
修改 将security.xml更改为以下内容。问题仍然存在
<http pattern="/adminpage.*" request-matcher="regex" auto-config="false">
<intercept-url pattern="/adminpage" access="hasRole('ROLE_ADMIN')"/>
<logout logout-url="/admin/logout" success-handler-ref="administratorLogoutSuccessHandler"/>
<form-login login-page="/admin/login" login-processing-url="/admin/j_spring_security_check"
username-parameter="j_username" password-parameter="j_password"
default-target-url="/adminpage" always-use-default-target="true"
authentication-success-handler-ref="administratorAuthenticationSuccessHandler"
authentication-failure-handler-ref="administratorAuthenticationFailureHandler"/>
</http>
<beans:bean id="administratorAuthenticationSuccessHandler" class="com.test.AdministratorAuthenticationSuccessHandler">
<beans:constructor-arg name="defaultTargetUrl" value="/adminpage"/>
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
</beans:bean>
<beans:bean id="administratorAuthenticationFailureHandler" class="com.test.AdministratorAuthenticationFailureHandler">
<beans:constructor-arg name="defaultFailureUrl" value="/admin/login"/>
</beans:bean>