Spring 安全性未对用户进行身份验证
Spring security not authenticate the user
我有一个用户名 sajjad 和密码 200200:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/hello/" access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/myLogin.jsp"
default-target-url="/pages/index.jsp"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/myLogin.jsp?error=1"
username-parameter="username" password-parameter="password"/>
<security:csrf disabled="true"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="sajjad" authorities="ROLE_USER" password="200200"/>
</security:authentication-provider>
</security:authentication-manager>
这是myLogin.jsp:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
</head>
<body>
<form action="<c:url value='/j_spring_security_check' />" method="POST">
<label for="username">User Name:</label>
<input id="username" name="j_username" type="text"/>
<label for="password">Password:</label>
<input id="password" name="j_password" type="password"/>
<input type="submit" value="Log In"/>
</form>
</body>
</html>
但是当我输入正确的 username/password 并提交表单时,它显示 failure-url 并且没有对用户进行身份验证。
web.xml
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security-config.xml
/WEB-INF/dispatcher-servlet.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
您已更改安全配置中的用户名参数和密码参数。
但是在形式上你使用的是默认的。
将表单中输入的名称更改为 "username" 和 "password" 并再次检查。
我有一个用户名 sajjad 和密码 200200:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/hello/" access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/myLogin.jsp"
default-target-url="/pages/index.jsp"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/myLogin.jsp?error=1"
username-parameter="username" password-parameter="password"/>
<security:csrf disabled="true"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="sajjad" authorities="ROLE_USER" password="200200"/>
</security:authentication-provider>
</security:authentication-manager>
这是myLogin.jsp:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
</head>
<body>
<form action="<c:url value='/j_spring_security_check' />" method="POST">
<label for="username">User Name:</label>
<input id="username" name="j_username" type="text"/>
<label for="password">Password:</label>
<input id="password" name="j_password" type="password"/>
<input type="submit" value="Log In"/>
</form>
</body>
</html>
但是当我输入正确的 username/password 并提交表单时,它显示 failure-url 并且没有对用户进行身份验证。
web.xml
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security-config.xml
/WEB-INF/dispatcher-servlet.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
您已更改安全配置中的用户名参数和密码参数。 但是在形式上你使用的是默认的。 将表单中输入的名称更改为 "username" 和 "password" 并再次检查。