j_spring_security_check HTTP 状态 404（自定义登录）

Posted 2023-02-27

【中文标题】j_spring_security_check HTTP 状态 404（自定义登录）

【英文标题】：j_spring_security_check HTTP Status 404 (Custom Login)

【发布时间】：2015-10-14 20:41:39

【问题描述】：

我正在使用 Spring 4 + Hibernate 4。我检查了每篇文章。但我无法找出问题所在： Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <!-- The definition of the Root Spring Container shared by all Servlets 
        and Filters -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/root-context.xml, /WEB-INF/spring/appSecurity/spring-security.xml</param-value>
    </context-param>

    <!-- Creates the Spring Container shared by all Servlets and Filters -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Processes application requests -->
    <servlet>
        <servlet-name>appServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>appServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/panel/**"
            access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
        <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />

        <form-login login-page="/login" default-target-url="/"
            authentication-failure-url="/login?error" username-parameter="username"
            password-parameter="password" />
        <logout logout-success-url="/login?logout" />

        <!-- enable csrf protection -->
        <csrf />
    </http>

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="select username,password,enabled from users where username=?"
                authorities-by-username-query="select u1.username, u2.role from users u1, user_roles u2 where u1.role_id = u2.role_id and u1.username =?" />
        </authentication-provider>
    </authentication-manager>

</beans:beans>

login.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login</title>
</head>
<body>
    <form action="<c:url value='/j_spring_security_check' />" method='POST'>

        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='username' value=''></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type='password' name='password' /></td>
            </tr>
            <tr>
                <td colspan='2'><input name="submit" type="submit"
                    value="submit" /></td>
            </tr>
        </table>

        <input type="hidden" name="$_csrf.parameterName"
            value="$_csrf.token" />

    </form>
</body>
</html>

当我想登录时，网址是 localhost:8080/App/j_spring_security_check，我收到 404 错误。 有人能解释一下这是什么问题吗？

【问题讨论】：

如果你使用的是spring security 4.x，login-processing-url (/j_spring_security_check) 应该是/login

【参考方案1】：

在您的spring-security.xml 中进行以下更改。提及login-processing-url="/j_spring_security_check"

<form-login login-processing-url="/j_spring_security_check" login-page="/login" default-target-url="/"
            authentication-failure-url="/login?error" username-parameter="username"
            password-parameter="password" />

【讨论】：

我们有注销元素的 logout-processing-url 属性吗？

您可以使用logout-url="/logout" 并成功注销logout-success-url="/logoutPage"

和：" >注销 ?

你应该使用<a href="<c:url value="/logout" />" >Logout</a>

【参考方案2】：

这可能是 spring 安全版本问题。下面的代码将有助于简要说明。

在 spring-security.xml 中

将login-processing-url="/j_spring_security_check" 属性放入<form-login> 用于登录过程。

将logout-url="/j_spring_security_logout"" 属性设置为<form-login><logout> 用于注销过程，并将logout-success-url="/Home" 设置为注销后应显示的页面。

<form-login 
      login-page="/login"
        default-target-url="/welcome" 
                login-processing-url="/j_spring_security_check"
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-url="/j_spring_security_logout" logout-success-url="/home"  />

另请参阅 Spring Security 迁移 3-to-4 http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-xml.html#m3to4-xmlnamespace-form-login