Spring Security：本地主机页面不起作用

Posted 2023-02-25

【中文标题】Spring Security：本地主机页面不起作用

【英文标题】：Spring Security: The localhost page isn’t working

【发布时间】：2016-07-14 11:12:53

【问题描述】：

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring/root-context.xml
            /WEB-INF/spring/security-context.xml
        </param-value>
    </context-param>

    <!-- Creates the Spring Container shared by all Servlets and Filters -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Processes application requests -->
    <servlet>
        <servlet-name>appServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>appServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

<!-- security config  -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

安全上下文.xml

http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <security:http auto-config="true" use-expressions="false">
        <security:form-login login-page="/login" login-processing-url="/login" username-parameter="uname" 
        password-parameter="pass" default-target-url="/home"/>
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="spider" password="peter" authorities="ROLE_USER"/>
                <security:user name="ironman" password="tony" authorities="ROLE_ADMIN,ROLE_USER"/>
                <security:user name="thor" password="thor" authorities="ROLE_USER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

login.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>login</title>
</head>
<body>
    <form method="POST">
        Name:<input type="text" name="uname"><br>
        Pass:<input type="password" name="pass"><br>
        <sec:csrfInput/>
        <input type="submit" value="Login">
    </form>
</body>
</html>

HomeController.java

@Controller
public class HomeController 

    private static final Logger logger = LoggerFactory.getLogger(HomeController.class);

    /**
     * Simply selects the home view to render by returning its name.
     */
    @RequestMapping(value = "/home", method = RequestMethod.GET)
    public String home(Locale locale, Model model) 
        logger.info("Welcome home! The client locale is .", locale);

        Date date = new Date();
        DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);

        String formattedDate = dateFormat.format(date);

        model.addAttribute("serverTime", formattedDate );

        return "home";
    

    @RequestMapping(value="/login",method=RequestMethod.GET)
    public String goLogin()
        return "login";
    

**> **url 是“localhost:8080/controller/login”****

我得到了 localhost 页面不工作 localhost 将您重定向了太多次。 ERR_TOO_MANY_REDIRECTS

【参考方案1】：

ERR_TOO_MANY_REDIRECTS 表示您有重定向循环。在您的情况下，您尝试访问登录页面，但 <security:intercept-url pattern="/**" access="ROLE_USER"/> 声明您需要为每个 URL 登录为 USER。 Spring security 然后尝试转发到登录 URL，这会触发另一个重定向。

要解决您的问题，您需要为/login URL 定义安全豁免，允许匿名用户查看登录页面。

祝你好运，

问候 丹尼尔

【讨论】：

感谢丹尼尔·拉沃伊。现在它的工作。非常非常感谢......由于声誉问题，我无法给出有用的答案。很抱歉。

不客气！不要犹豫，接受答案并投票 ;) 祝你项目的其余部分好运。