个人中心
文章发布
退出
作者热门文章
- iOS/Objective-C 元类和类别
- objective-c - -1001 错误,当 NSURLSession 通过 httpproxy 和/etc/hosts
- java - 使用网络类获取 url 地址
- ios - 推送通知中不播放声音
25
4
我正在尝试将具有自定义登录页面和数据库访问的Spring security添加到我的Spring MVC应用程序中。似乎我的映射是错误的,因为它无法映射 j_spring_security_check。
为了解决这个问题,我查看了以下页面 1 、 2 、 3 但仍无法解决问题。
如果您没有太多时间,请阅读下面的第 2 部分,这是问题的编辑部分开始的地方。否则,请阅读第 1 部分 和第 2 部分。
第 1 部分
我还在我的 web.xml 文件中添加了以下行,但应用程序返回以下异常。
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Caused by: java.lang.IllegalStateException: Duplicate Filter registration for 'springSecurityFilterChain'. Check to ensure the Filter is only configured once.
at org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer.registerFilter(AbstractSecurityWebApplicationInitializer.java:215)
at org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer.insertSpringSecurityFilterChain(AbstractSecurityWebApplicationInitializer.java:147)
at org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer.onStartup(AbstractSecurityWebApplicationInitializer.java:121)
at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:175)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5423)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 6 more
Jun 13, 2015 2:44:54 PM org.apache.catalina.core.ContainerBase startInternal
SEVERE: A child container failed during start
java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:188)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1123)
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:302)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:443)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:732)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.startup.Catalina.start(Catalina.java:691)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1131)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:800)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 6 more
Jun 13, 2015 2:44:54 PM org.apache.catalina.startup.Catalina start
SEVERE: The required Server component failed to start so Tomcat is unable to start.
org.apache.catalina.LifecycleException: Failed to start component [StandardServer[8005]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at org.apache.catalina.startup.Catalina.start(Catalina.java:691)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardService[Catalina]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:732)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 7 more
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:443)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 9 more
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1131)
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:302)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 11 more
不添加该过滤器提交表单后,请求将被以下 Controller 捕获。
@Controller
public class MainController {
@RequestMapping("/{viewName}")
public String index(@PathVariable String viewName) {
...
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<listener>
<listener-class>org.apache.tiles.extras.complete.CompleteAutoloadTilesListener</listener-class>
</listener>
<servlet>
<servlet-name>my</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- <listener> -->
<!-- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> -->
<!-- </listener> -->
<!-- <filter> -->
<!-- <filter-name>springSecurityFilterChain</filter-name> -->
<!-- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> -->
<!-- </filter> -->
<!-- <filter-mapping> -->
<!-- <filter-name>springSecurityFilterChain</filter-name> -->
<!-- <url-pattern>/*</url-pattern> -->
<!-- </filter-mapping> -->
<servlet-mapping>
<servlet-name>my</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/my-security.xml
</param-value>
</context-param>
</web-app>
我的安全.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" access-denied-page="/notFound.jsp"
use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
</http>
<!-- <beans:import resource="security-db.xml" /> -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="alex" password="123456" authorities="ROLE_USER" />
<user name="mkyong" password="123456" authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
AppConfig.java
@EnableWebMvc
@Configuration
@ComponentScan({ "com.myproject.*" })
@EnableTransactionManagement
@Import({ SecurityConfig.class })
public class AppConfig {
@Bean
public SessionFactory sessionFactory() {
LocalSessionFactoryBuilder builder = new LocalSessionFactoryBuilder(
dataSource());
builder.scanPackages("com.myproject.model").addProperties(
getHibernateProperties());
return builder.buildSessionFactory();
}
private Properties getHibernateProperties() {
Properties prop = new Properties();
prop.put("hibernate.format_sql", "true");
prop.put("hiberate.show_sql", "true");
prop.put("hibernate.dialect", "org.hibernate.dialect.MySQL5Dialect");
return prop;
}
@Bean(name = "dataSource")
public BasicDataSource dataSource() {
BasicDataSource ds = new BasicDataSource();
ds.setDriverClassName("com.mysql.jdbc.Driver");
ds.setUrl("jdbc:mysql://localhost:3306/test");
ds.setUsername("jack");
ds.setPassword("jack");
return ds;
}
@Bean
public HibernateTransactionManager txManager() {
return new HibernateTransactionManager(sessionFactory());
}
}
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(
passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/profile/**")
.access("hasRole('ADMIN')").and().formLogin()
.loginPage("/signin").failureUrl("/signin?error")
.usernameParameter("username").passwordParameter("password")
.and().logout().logoutSuccessUrl("/index").and().csrf().and()
.exceptionHandling().accessDeniedPage("/403");
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
SpringMVCInitializer.java
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
public class SpringMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
LoginController.java
@Controller
public class LoginController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("login");
return model;
}
}
**
第 2 部分
**
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<listener>
<listener-class>org.apache.tiles.extras.complete.CompleteAutoloadTilesListener</listener-class>
</listener>
<servlet>
<servlet-name>my</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>my</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
AppConfig.java
@EnableWebMvc
@Configuration
@ComponentScan({ "com.myproject" })
@EnableTransactionManagement
@Import({ SecurityConfig.class })
public class AppConfig {
@Bean
public SessionFactory sessionFactory() {
LocalSessionFactoryBuilder builder = new LocalSessionFactoryBuilder(
dataSource());
builder.scanPackages("com.myproject.model").addProperties(
getHibernateProperties());
return builder.buildSessionFactory();
}
private Properties getHibernateProperties() {
Properties prop = new Properties();
prop.put("hibernate.format_sql", "true");
prop.put("hiberate.show_sql", "true");
prop.put("hibernate.dialect", "org.hibernate.dialect.MySQL5Dialect");
return prop;
}
@Bean(name = "dataSource")
public BasicDataSource dataSource() {
BasicDataSource ds = new BasicDataSource();
ds.setDriverClassName("com.mysql.jdbc.Driver");
ds.setUrl("jdbc:mysql://localhost:3306/test");
ds.setUsername("jack");
ds.setPassword("jack");
return ds;
}
@Bean
public HibernateTransactionManager txManager() {
return new HibernateTransactionManager(sessionFactory());
}
}
SecurityConfig.java
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
// auth.userDetailsService(userDetailsService).passwordEncoder(
// passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/profile/**")
.access("hasRole('ADMIN')").and().formLogin()
.loginPage("/login").failureUrl("/login?error")
.and().logout().logoutSuccessUrl("/index").and().csrf().and()
.exceptionHandling().accessDeniedPage("/403");
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
SpringMVCInitializer.java
public class SpringMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
主 Controller
@Controller
public class MainController {
@RequestMapping("/{viewName}")
public String index(@PathVariable String viewName) {
System.err.println("View Name is :" + viewName);
if (isValidView(viewName)) {
return viewName;
}
return null;
}
关于 MainController,这是我处理 www.myproject.com/index、www.myproject.com/contactus 等静态页面的方式。关于这个问题我的另一个问题是 here
最佳答案
您的代码中存在多个问题。最重要的一点是您混合了 Spring Security 的 Java 配置和 XML 配置。决定您喜欢使用哪种配置。在我的回答中,我将重点关注基于 Java 的配置,因为我将从您的代码中完全删除 XML 配置。
在您的情况下,默认情况下 @EnableWebSecurity 注释已经注册了适当的过滤器。但是,如果您使用的是 Spring MVC,则它应该是 @EnableWebMvcSecurity。
此外,查看您的 HttpSecurity 配置:
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/profile/**")
.access("hasRole('ADMIN')").and().formLogin()
.loginPage("/signin").failureUrl("/signin?error")
.usernameParameter("username").passwordParameter("password")
.and().logout().logoutSuccessUrl("/index").and().csrf().and()
.exceptionHandling().accessDeniedPage("/403");
}
您显然是在告诉登录页面将位于 /signin,但在您的 LoginController 中,映射是针对 /login 的。你配置 .usernameParameter("username") .passwordParameter("password") 做什么?在 Spring Security 默认配置中已经这样做了。
你还应该添加 SecurityInitializer 类,它在 Spring Security 3.2 中看起来像这样:
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
public SecurityInitializer() {
super(SecurityConfig.class);
}
}
总而言之,将 Spring Security 添加到您的项目中的基本步骤是执行以下操作:
@EnableWebMvcSecurity 注释的 Spring Security 类,尤其是在 configureGlobal(...) 和 configure(...) 方法中;AbstractSecurityWebApplicationInitializer的类;基本的登录表单如下所示:
<form name='loginForm' method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
</form>
这些基本步骤可在您的项目中启用 Spring Security。有关更多信息,好的教程是: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html http://docs.spring.io/spring-security/site/docs/3.2.x/guides/form.html
祝你好运:)
关于java - Spring 安全抛出 javax.servlet.ServletException : Could not resolve view with name 'j_spring_security_check' ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30815367/
25
4
0
我有一个关于 Java Servlet 的问题。 假设我在 servlet 网页“somePage”上。我想登录(使用另一个 servlet,“登录”servlet)。所以我点击“somePage”上
如何将变量数组从一个 servlet 传递到另一个 servlet? 最佳答案 如果您要将当前请求传递给另一个servlet,则只需将其设置为请求属性即可。 request.setAttribute(
什么可能导致此错误? Caused by: jakarta.servlet.UnavailableException: Servlet class org.restlet.ext.servle
我的maven依赖树是这样的 我想问我maven如何解决这个冲突,有两个servlet-api.jar?提前谢谢你。 最佳答案 如果您想从 Velocity 工具中删除 servlet-api,您可以
config ProcessReg ProcessReg text HelloWorld1 public class config implements Serv
您好,我有一个关于 servlet 调用另一个 servlet 的问题 我有一个名为 Relay 的主 servlet,它将负责控制其他 servlet 用户将点击并将转发到 Relay servle
在我的 REST API 项目中,我已将 /* 映射到 RESTServlet,并且需要在同一 WAR 中托管静态内容。我更愿意将 /static/* 映射到 WAS liberty 提供的默认 se
响应映射在 Servlet 中如何工作? 每个响应如何知道清除特定 HTML 或 Handlebars 上的输出? 最佳答案 有一个 ember-java带有 Jersey REST 服务 的 git
有一个 @WebServlet(urlPatterns = "/myServlet/") .如果用户转到 myapp/myServlet/other ,我仍然希望我的 servlet 能够捕获。也就是
我正在使用 Filter 在我的所有页面中插入反点击劫持 header - 这工作正常,除了 JBoss EAP 6.3 容器管理的登录页面,这是更重要的页面之一拥有它。 登录页面根本不调用过滤器,登
我正在尝试使用 RequestDispatcher 将数据从一个 servlet 传递到另一个 servlet。这是我的调度程序代码。 String address; address = "/Java
我刚刚开始使用 Servlet,并设法让一些 Servlet 充当单独的 URL,用于填充数据库以进行一些虚拟测试。某种形式: public class Populate_ServletName ex
我是否需要同时配置app.servlet.version 和 grails.servlet.version? 前者在application.properties中,后者在BuildConfig.gro
在Myeclipse中我创建了一个名为web1的Web项目,并添加了一个名为servlet1的servlet,web.xml如下: servlet1 servlet1
这个问题在这里已经有了答案: How to run a background task in a servlet based web application? (5 个回答) 6年前关闭。 是否可以在
在我的 ManagedBean 中,如果我将范围从 @RequestScoped 更改为 @ViewScoped,我将收到以下错误堆栈。我该如何解决这个问题?不过,当我运行应用程序时,我可以在页面中看
这个问题已经有答案了: How do I execute multiple servlets in sequence? (2 个回答) 已关闭 3 年前。 我已经构建了jdbc-Servlet的代码,
我一直在徒劳地尝试实现 tomcat 9 的 jakarta servlet,而不是以前的 javax.servlet 实现(因为我的理解是 jakarta 包是前进的方向)。问题是,当我将浏览器指向
我是 Spring 新手,正在尝试使用 Maven 部署和运行我的第一个 Spring Web 应用程序。有关更多详细信息,请参阅 here (我昨天发布的一个问题): 现在,我遇到的问题是:当我尝试
我正在尝试学习如何使用 JSP。我遇到了一些毫无意义的事情,至少在我看来是这样: 当我尝试运行时: response.getWriter().println(m.getDb().printAll())
我是一名优秀的程序员,十分优秀!