j_spring_security_check HTTP 状态 404(自定义登录)
Posted
技术标签:
【中文标题】j_spring_security_check HTTP 状态 404(自定义登录)【英文标题】:j_spring_security_check HTTP Status 404 (Custom Login) 【发布时间】:2015-10-14 20:41:39 【问题描述】:我正在使用 Spring 4 + Hibernate 4。我检查了每篇文章。但我无法找出问题所在: Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml, /WEB-INF/spring/appSecurity/spring-security.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/panel/**"
access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login login-page="/login" default-target-url="/"
authentication-failure-url="/login?error" username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled from users where username=?"
authorities-by-username-query="select u1.username, u2.role from users u1, user_roles u2 where u1.role_id = u2.role_id and u1.username =?" />
</authentication-provider>
</authentication-manager>
</beans:beans>
login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login</title>
</head>
<body>
<form action="<c:url value='/j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" /></td>
</tr>
</table>
<input type="hidden" name="$_csrf.parameterName"
value="$_csrf.token" />
</form>
</body>
</html>
当我想登录时,网址是 localhost:8080/App/j_spring_security_check
,我收到 404 错误。
有人能解释一下这是什么问题吗?
【问题讨论】:
如果你使用的是spring security 4.x,login-processing-url (/j_spring_security_check) 应该是/login 【参考方案1】:在您的spring-security.xml
中进行以下更改。提及login-processing-url="/j_spring_security_check"
<form-login login-processing-url="/j_spring_security_check" login-page="/login" default-target-url="/"
authentication-failure-url="/login?error" username-parameter="username"
password-parameter="password" />
【讨论】:
我们有注销元素的 logout-processing-url 属性吗? 您可以使用logout-url="/logout"
并成功注销logout-success-url="/logoutPage"
和:" >注销 ?
你应该使用<a href="<c:url value="/logout" />" >Logout</a>
【参考方案2】:
这可能是 spring 安全版本问题。下面的代码将有助于简要说明。
在 spring-security.xml 中
将login-processing-url="/j_spring_security_check"
属性放入<form-login>
用于登录过程。
将logout-url="/j_spring_security_logout""
属性设置为<form-login><logout>
用于注销过程,并将logout-success-url="/Home"
设置为注销后应显示的页面。
<form-login
login-page="/login"
default-target-url="/welcome"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-url="/j_spring_security_logout" logout-success-url="/home" />
另请参阅 Spring Security 迁移 3-to-4 http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-xml.html#m3to4-xmlnamespace-form-login
【讨论】:
以上是关于j_spring_security_check HTTP 状态 404(自定义登录)的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security 登录错误:HTTP 状态 404 - /j_spring_security_check
Java 配置 /j_spring_security_check 未找到
Spring security - 资源 j_spring_security_check 不可用
Spring安全性j_spring_security_check调用给出404未找到错误[关闭]
在 http 元素中使用特定的 url 模式时不调用 j_spring_security_check
PageNotFound:在DispatcherServlet中找不到带有URI [../j_spring_security_check]的HTTP请求的映射