spring-mvc 5 j_spring_security_check 404页面错误
Posted
技术标签:
【中文标题】spring-mvc 5 j_spring_security_check 404页面错误【英文标题】:spring-mvc 5 j_spring_security_check 404 page error 【发布时间】:2021-09-06 14:45:03 【问题描述】:web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0">
<display-name>StanWeb</display-name>
<description>StanWeb</description>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml, /WEB-INF/spring-security.xml</param-value>
</context-param>
<servlet>
<servlet-name>MiscChallen</servlet-name>
<servlet-class>com.StanWeb.rpt.MiscChallen</servlet-class>
</servlet>
<servlet>
<servlet-name>AgingRpt</servlet-name>
<servlet-class>com.StanWeb.rpt.AgingRpt</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>SOAccounts</servlet-name>
<url-pattern>/SOAccounts</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AlertsView</servlet-name>
<url-pattern>/AlertsView</url-pattern>
</servlet-mapping>
<error-page>
<error-code>404</error-code>
<location>/pages/commonerror.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/pages/commonerror.jsp</location>
</error-page>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/pages/commonerror.jsp</location>
</error-page>
<listener>
<listener-class>com.StanWeb.filter.CustomHttpSessionListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>com.StanWeb.web.CleanUpSessionListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
</web-app>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http pattern="/resource/**" security="none" />
<http entry-point-ref="loginUrlAuthenticationEntryPoint" use-expressions="true">
<intercept-url pattern="/web/**" access="permitAll" />
<intercept-url pattern="/j_spring security_check" access="isAnonymous()" />
<intercept-url pattern="/web/j_spring security_check" access="isAnonymous()" />
<intercept-url pattern="/**" access="hasAnyRole('USER_ADMINISTRATION', 'IT_SUPPORT')" />
<logout success-handler-ref="CustomLogoutHandler" invalidate-session="true" delete-cookies="JSESSIONID" />
<access-denied-handler error-page="/web/Index.html" />
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<custom-filter position="FORM_LOGIN_FILTER" ref="AuthFilter"/>
<custom-filter position="LAST" ref="appFilter" />
<session-management session-authentication strategy-ref="sas" invalid-session-url="/web/SessionExpired.html" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="CustomAuthenticationProvider"/>
</authentication-manager>
<beans:bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>
<beans:bean id="CustomLogoutHandler" class="com.StanWeb.auth.CustomLogoutHandler"/>
<beans:bean id="CustomAuthenticationProvider" class="com.StanWeb.auth.CustomAuthenticationProvider"/>
<beans:bean id="customAuthenticationSuccessHandler" class="com.StanWeb.auth.CustomAuthenticationSuccessHandler"/>
<beans:bean id="appFilter" class="com.StanWeb.ui.filter.ApplicationFilter"/>
<beans:bean id="customAuthenticationFailureHandler" class="com.StanWeb.auth.CustomAuthenticationFailureHandler"/>
<beans:bean id="redirectSessionInformationExpiredStrategy" class="org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy">
<beans:constructor-arg name="invalidSessionUrl" value="/web/Index.html" />
</beans:bean>
<beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:constructor-arg name="sessionInformationExpiredStrategy" ref="redirectSessionInformationExpiredStrategy" />
</beans:bean>
<beans:bean id="AuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="customAuthenticationFailureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler"/>
<beans:property name="usernameParameter" value="username"/>
<beans:property name="passwordParameter" value="password"/>
</beans:bean>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<beans:constructor-arg>
<beans:list>
<beans:bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry"/>
<beans:property name="maximumSessions" value="1" />
<beans:property name="exceptionIfMaximumExceeded" value="false" />
</beans:bean>
<beans:bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
</beans:bean>
<beans:bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry"/>
</beans:beans>
</beans:list>
</beans:constructor-arg>
</beans:beans>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg name="loginFormUrl" value="/web/Index.html" />
</beans:bean>
</beans:beans>
调度程序-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task" xmlns:cache="http://www.springframework.org/schema/cache" xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee.xsd http://www.springframework.org/schema/lang
http://www.springframework.org/schema/lang/spring-lang.xsd http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task.xsd http://www.springframework.org/schema/cache
http://www.springframework.org/schema/cache/spring-cache.xsd">
<mvc: annotation-driven />
<context: annotation-config />
<context:component-scan base-package="com.StanWeb.ui" />
<context:component-scan base-package="com.StanWeb.auth" />
<context:component-scan base-package="com.StanWeb.utils" />
<cache:annotation-driven key-generator="enhancedDefaultKeyGenerator" />
<beans:bean id="enhanced DefaultKeyGenerator" class="com.StanWeb.cache.interceptor.EnhancedDefaultKeyGenerator" />
<beans:bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager" p:cacheManager-ref="ehcache" />
<beans:bean id="ehcache" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" p:configLocation="classpath:ehcache.xml" p:shared="true" />
<beans:bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/pages/" />
<property name="suffix" value=".jsp" />
</beans:bean>
<resources mapping="/resource/*** location="/resources/" />
<!-- Database connection -->
<beans:bean id="StanWebjdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<value>jdbc/webds</value>
</property>
</beans:bean>
<beans:bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager" scope="singleton">
<property name="dataSource" ref="dataSource" />
</beans:bean>
<tx:annotation-driven transaction-manager="transactionManager" />
<beans:bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000000" />
</beans:bean>
<task:executor id="Executor" pool-size="1" />
<task:scheduler id="Scheduler" pool-size="1" />
<task:annotation-driven executor="Executor" scheduler="Scheduler" />
</beans>
spring-security.xml(用于测试)
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http entry-point-ref-"loginUrlAuthenticationEntryPoint" use-expressions="true">
<intercept-url pattern="/login access="isAnonymous() />
<Intercept-url pattern="/** access="isAuthenticated()" />
<form-login
login-page="/login"
login-processing-url="/login"
default-target-url="/homepage.jsp"
authentication-failure-url="/Index?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/Index.html?logout" />
<csrf disabled="true" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="user" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthentication">
<beans:constructor-arg name="loginFormUrl" value="/web/Index.html" />
</beans:bean>
我已将我的应用程序从 Spring-MVC 3 升级到 5 并使用 Tomcat 版本 9。提供凭据后,页面卡在 j_spring_security_check。即使在不正确的凭据中,页面也会停留在 j_spring_security_check。示例 http://localhost:8080/StanWeb/j_spring_security_check。我注意到 devtools 中的 404 状态。在控制台日志中没有发现错误。请帮忙。
【问题讨论】:
【参考方案1】:路径 /j_spring_security_check 在 spring 4 中已更改为 /login 并在 UsernamePasswordAuthenticationFilter 中处理
你可以在这里找到它的来源:https://github.com/spring-projects/spring-security/blob/master/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java
【讨论】:
以上是关于spring-mvc 5 j_spring_security_check 404页面错误的主要内容,如果未能解决你的问题,请参考以下文章
在实现接口的控制器上使用 @Controller 的 Spring-MVC 问题