gpt4 book ai didi

java - 启用 Spring Security 4 的 Spring MVC

转载 作者:行者123 更新时间:2023-11-29 04:55:32 28 4
gpt4 key购买 nike

我正在使用 Spring 4 并尝试为我的应用程序设置 Spring Security。我以前从未做过,所以我不知道自己做错了什么。

在我的 pom.xml 中,我已经像这样添加了 Spring 安全性:

    <dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>

我还将它添加到 web.xml 文件中:

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.context.WebApplicationContext.ROOT</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

而且我还实现了 spring-security.xml 文件:

    <beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">

<http disable-url-rewriting="false">
<headers disabled="true"/>
<csrf disabled="true"/>

<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('ROLE_EMPLOYEE')"/>
<form-login login-page="/login"
default-target-url='/user'
always-use-default-target='true' />
<logout logout-url="/j_spring_security_logout"/>
</http>

<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder"/>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select email,password, enabled from users where email=?"
authorities-by-username-query=
"select email, role from user_roles where email =? " />
</authentication-provider>
</authentication-manager>

<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>

在 LoginController 中我有方法:

    @RequestMapping("/login")
public String login() {
return "login";
}

最后是我的 login.jsp 文件:

            <c:url var="loginUrl" value="/j_spring_security_check" />
<form action="${loginUrl}" method="post">
<p>
<label for="j_username">User:</label>
</p>
<input type="text" id="j_username" name="j_username" />
<p>
<label for="j_password">Password:</label>
</p>
<input type="password" id="j_password" name="j_password">
<p>
<label for="_spring_security_remember_me">Remember Me</label>
</p>
<input type="checkbox" id="_spring_security_remember_me" name="_spring_security_remember_me" />
<div>
<input name="submit" type="submit" />
</div>
</form>

加载登录页面并提交正确的电子邮件和密码后,我仍然停留在同一页面上,没有任何反应。有任何想法吗?从控制台我得到这个:

22:42:33.006 [tomcat-http--29] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: BDB553F099DA8716E7F821D89E5E51E8; Granted Authorities: ROLE_ANONYMOUS'
22:42:33.010 [tomcat-http--13] DEBUG o.s.s.w.s.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/project/resources/core/css/login.css]
22:42:33.010 [tomcat-http--29] DEBUG o.s.security.web.FilterChainProxy - /resources/core/css/bootstrap.min.css at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
22:42:33.012 [tomcat-http--13] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
22:42:33.013 [tomcat-http--29] DEBUG o.s.security.web.FilterChainProxy - /resources/core/css/bootstrap.min.css at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
22:42:33.013 [tomcat-http--13] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/project/login'
22:42:33.014 [tomcat-http--29] DEBUG o.s.security.web.FilterChainProxy - /resources/core/css/bootstrap.min.css at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
22:42:33.014 [tomcat-http--13] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
22:42:33.014 [tomcat-http--29] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/resources/core/css/bootstrap.min.css'; against '/login'
22:42:33.014 [tomcat-http--13] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
22:42:33.014 [tomcat-http--29] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /resources/core/css/bootstrap.min.css; Attributes: [hasRole('ROLE_EMPLOYEE')]
22:42:33.015 [tomcat-http--29] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: BDB553F099DA8716E7F821D89E5E51E8; Granted Authorities: ROLE_ANONYMOUS
22:42:33.015 [tomcat-http--29] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7f10fd8, returned: -1
22:42:33.016 [tomcat-http--29] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied

最佳答案

在 Spring Security 4 中,参数名称从 j_username 更改为和 j_passwordusernamepassword , 分别。因此重命名您的 html 输入变量。

http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-xml.html#m3to4-xmlnamespace-form-login

请不要禁用 CSRF 保护! :) 将此添加到您的表单中:

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

或者使用spring的<form:form>表格

关于java - 启用 Spring Security 4 的 Spring MVC,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33904480/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com