Spring登录页面有效但我的登录页面不适用?
我正在使用MySQL在Spring3中构建一个系统。如果我使用Spring登录页面,一切都很好,但我不喜欢这个设计所以我做了一个login.jsp并更改了我的context.xml文件,但我不能让我的login.jsp显示?
[CODE]<http auto-config="true" use-expressions="true" >
<intercept-url pattern="/friends/**" access="hasRole('ROLE_USER')" />
<form-login login-processing-url="/EPA/j_spring_security_check"
login-page="/login"
authentication-failure-url="/login?login_error=t"/>
</http>[/CODE]
以下是错误
[CODE][DEBUG,FilterChainProxy] Converted URL to lowercase, from: '/spring_security_login'; to: '/spring_security_login'
[DEBUG,FilterChainProxy] Candidate is: '/spring_security_login'; pattern is /**; matched=true
[DEBUG,FilterChainProxy] /spring_security_login at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[DEBUG,HttpSessionSecurityContextRepository] Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@bbe24eac: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbe24eac: Principal: org.springframework.security.core.userdetails.User@5e22dd8: Username: guest; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: BD1B281579EB6F9693C81DD20B0B4E9E; Granted Authorities: ROLE_USER'
[DEBUG,FilterChainProxy] /spring_security_login at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
[DEBUG,FilterChainProxy] /spring_security_login at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
[DEBUG,FilterChainProxy] /spring_security_login at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
[DEBUG,FilterChainProxy] /spring_security_login at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[DEBUG,FilterChainProxy] /spring_security_login at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[DEBUG,FilterChainProxy] /spring_security_login at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[DEBUG,AnonymousAuthenticationFilter] SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbe24eac: Principal: org.springframework.security.core.userdetails.User@5e22dd8: Username: guest; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: BD1B281579EB6F9693C81DD20B0B4E9E; Granted Authorities: ROLE_USER'
[DEBUG,FilterChainProxy] /spring_security_login at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
[DEBUG,FilterChainProxy] /spring_security_login at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[DEBUG,FilterChainProxy] /spring_security_login at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[DEBUG,ExpressionBasedFilterInvocationSecurityMetadataSource] Converted URL to lowercase, from: '/spring_security_login'; to: '/spring_security_login'
[DEBUG,ExpressionBasedFilterInvocationSecurityMetadataSource] Candidate is: '/spring_security_login'; pattern is /friends/**; matched=false
[DEBUG,FilterSecurityInterceptor] Public object - authentication not attempted
[DEBUG,FilterChainProxy] /spring_security_login reached end of additional filter chain; proceeding with original chain
[DEBUG,ExceptionTranslationFilter] Chain processed normally
[DEBUG,SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed[/CODE]
答案 0 :(得分:1)
Spring安全性可能无法找到您的login.jsp
,因此会进入默认登录页面。
您是否在某个地方进行了映射,将/login
转换为您的网络应用中相应位置的login.jsp
?像
!-- View Resolver for JSPs -->
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
答案 1 :(得分:0)
您的表单登录信息为login-processing-url="/EPA/j_spring_security_check
,但是请求是/j_spring_security_check
而没有/ EPA。
答案 2 :(得分:0)
login-page属性的值不是视图名称。
你需要做两件事:
1. 将登录页面属性值映射到控制器。示例:
XML:
<form-login login-page="/mylogin.do" ... />
控制器:
@RequestMapping("/mylogin.do")
public String showLoginForm() {
/* return a view name that will be used by your Viewresolver
if you return "login" then view resolver will resolve it to login.jsp
*/
...
}
2. :授予对登录页面的访问权限:
<intercept-url patter="/mylogin.do" access="permitAll" />