Spring 安全自定义登录重定向冲突
Spring security custom login redirection conflict
我已经使用 spring 安全性创建了一个自定义登录表单,在某些时候它工作得很好,但有时在登录后 URL 会重定向到 css 或图像或 js 文件夹.在我点击刷新后它工作正常,我不知道我的 spring 安全有什么问题。
自定义登录页面
<form:form class="form-vertical login-form" action="j_spring_security_check" method="post">
<h3 class="form-title">Login to your account</h3>
<input type="text" autocomplete="off" placeholder="Username" name="j_username"/>
<input type="password" autocomplete="off" placeholder="Password" name="j_password"/>
<font color="red">
<span>${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</span>
</font>
</form:form>
安全上下文xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- We will be defining all security related configurations in this file -->
<http pattern="/" security="none"/>
<http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()"/> <!-- this means all URL in this app will be checked if user is authenticated -->
<!-- We will just use the built-in form login page in Spring -->
<form-login login-page="/" login-processing-url="/j_spring_security_check" default-target-url="/home" authentication-failure-url="/"/>
<logout logout-url="/logout" logout-success-url="/"/> <!-- the logout url we will use in JSP -->
</http>
<authentication-manager>
<authentication-provider>
<!-- Normally, in this part, you will declare the source of your users
But for simplicity, we will hard-code the users. This is very useful while testing setup -->
<user-service>
<user name="admin" password="admin" authorities="Admin, User"/>
<user name="user" password="user" authorities="User"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
登录控制器
@RequestMapping("/")
public String loginForm()
{
return "login";
}
网络xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>YESKAY</display-name>
<!-- Spring security -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-servlet.xml
/WEB-INF/security-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Define a filter to enable Spring Security, be sure to use the suggested name 'springSecurityFilterChain' -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- <welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>-->
</web-app>
登录成功url
http://localhost:8080/PROJECT/home
有时会重定向到 url 下方或其他内容
http://localhost:8080/PROJECT/resources/assets/plugins/font-awesome/font/fontawesome-webfont.ttf?v=3.2.0
我的文件夹结构
您需要从 Spring 安全过滤器中忽略对您的静态资源路径的请求,否则它可能会对触发登录的实际请求感到困惑(因为浏览器也会发送对页面的请求图片等资源)。
添加类似
的东西
<http pattern="/resources/**" security="none"/>
到你的配置的顶部应该这样做。
我已经使用 spring 安全性创建了一个自定义登录表单,在某些时候它工作得很好,但有时在登录后 URL 会重定向到 css 或图像或 js 文件夹.在我点击刷新后它工作正常,我不知道我的 spring 安全有什么问题。
自定义登录页面
<form:form class="form-vertical login-form" action="j_spring_security_check" method="post">
<h3 class="form-title">Login to your account</h3>
<input type="text" autocomplete="off" placeholder="Username" name="j_username"/>
<input type="password" autocomplete="off" placeholder="Password" name="j_password"/>
<font color="red">
<span>${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</span>
</font>
</form:form>
安全上下文xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- We will be defining all security related configurations in this file -->
<http pattern="/" security="none"/>
<http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()"/> <!-- this means all URL in this app will be checked if user is authenticated -->
<!-- We will just use the built-in form login page in Spring -->
<form-login login-page="/" login-processing-url="/j_spring_security_check" default-target-url="/home" authentication-failure-url="/"/>
<logout logout-url="/logout" logout-success-url="/"/> <!-- the logout url we will use in JSP -->
</http>
<authentication-manager>
<authentication-provider>
<!-- Normally, in this part, you will declare the source of your users
But for simplicity, we will hard-code the users. This is very useful while testing setup -->
<user-service>
<user name="admin" password="admin" authorities="Admin, User"/>
<user name="user" password="user" authorities="User"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
登录控制器
@RequestMapping("/")
public String loginForm()
{
return "login";
}
网络xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>YESKAY</display-name>
<!-- Spring security -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-servlet.xml
/WEB-INF/security-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Define a filter to enable Spring Security, be sure to use the suggested name 'springSecurityFilterChain' -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- <welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>-->
</web-app>
登录成功url
http://localhost:8080/PROJECT/home
有时会重定向到 url 下方或其他内容
http://localhost:8080/PROJECT/resources/assets/plugins/font-awesome/font/fontawesome-webfont.ttf?v=3.2.0
我的文件夹结构
您需要从 Spring 安全过滤器中忽略对您的静态资源路径的请求,否则它可能会对触发登录的实际请求感到困惑(因为浏览器也会发送对页面的请求图片等资源)。
添加类似
的东西<http pattern="/resources/**" security="none"/>
到你的配置的顶部应该这样做。