Spring Security j_spring_security_check not invoked
我有一个使用自定义用户,角色,权限表自定义(读为"朴素")身份验证的Spring WebApp。
我现在正在迁移代码以使用Spring Security。我阅读了教程,以至可以匿名访问我的login.jsp页面,css,js,png文件的地步。我有一个动作属性为" j_spring_security_check"的表格。提交表单后,浏览器会对该URL执行HTTP Post,从而导致404。
现在我不使用
在我的身份验证提供程序中,我提供了对实现UserDetailsS??ervice的类的bean的引用。我期望Spring通过调用loadUserByUserName来执行身份验证,但是永远不会调用此方法。为什么不调用该方法?我是否误解了身份验证的工作方式?我是否需要为j_spring_security_check提供自定义请求映射才能使其正常工作?
这是我的自定义用户详细信息服务:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | @Service(value="myUserDetailsService") public class LoginUserService implements UserDetailsService { @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("here"); User user = userRepository.findUser(username); if (user != null) return new V2VUserDetails(user); else return null; } } |
这是我的安全XML:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | <http pattern="/**/*.css" security="none" /> <http pattern="/**/*.js" security="none" /> <http pattern="/**/*.png" security="none" /> <http auto-config="true"> <intercept-url pattern="/login.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/**" access="ROLE_USER" /> <form-login login-page="/login.html" login-processing-url="/j_spring_security_check" default-target-url="/welcomePage.html" authentication-failure-url="/welcomePage.html" always-use-default-target="true" /> </http> </authentication-manager> <beans:bean id="myUserDetailsService" class="security.LoginUserService"> </beans:bean> |
我在Stackoverflow和其他站点上检查了几个答案,但无法解决问题。
编辑
尝试了这里给出的建议。现在得到BeanFactory未初始化错误。
编辑
contextConfigLocation
/WEB-INF/security-v2v-servlet.xml
1 2 3 4 5 6 7 8 9 10 11 | <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> |
更新
当前的web.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>Spring3MVC</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/security-v2v-servlet.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <error-page> <error-code>500</error-code> <location>/errorPage.jsp</location> </error-page> <error-page> <error-code>404</error-code> <location>/errorPage.jsp</location> </error-page> <servlet> <servlet-name>v2v</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>2</load-on-startup> </servlet> <servlet> <servlet-name>Resource Servlet</servlet-name> <servlet-class>org.springframework.web.servlet.ResourceServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>v2v</servlet-name> <url-pattern>*.html</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>v2v</servlet-name> <url-pattern>*.zip</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.css</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.js</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.jpeg</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.gif</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.png</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>/j_spring_security_check</url-pattern> </servlet-mapping> <filter> <filter-name>UserAddFilter</filter-name> <filter-class> filter.UserInfoAddToThreadFilter </filter-class> </filter> <filter-mapping> <filter-name>UserAddFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> </web-app> |
您不需要为
我对出现问题的猜测可能是您设置Spring Security Filter的方式。您应该在web.xml中为过滤器添加以下条目:
1 2 3 4 5 6 7 8 | <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> |
和Security配置文件应该通过Root Web应用程序上下文加载-一个通过
1 2 3 4 | <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:/META-INF/context-security.xml</param-value> </context-param> |
如果您的配置符合这些要求,那么它应该可以正常工作。
更新
请从web.xml
中删除
1 2 3 4 | <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>/j_spring_security_check</url-pattern> </servlet-mapping> |