作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我试图弄清楚如何使用 Spring security 3.1 和 struts2 实现一个简单的应用程序。实际上,我想提供一个自定义的 UserDetailsService 实现,并提供我自己的登录页面。
虽然我在这个简单的小应用程序上工作了 10 多天,但我无法让它工作......并且官方文档没有清楚地解释如何做到这一点。
在下面的配置中,如果我使用 Spring security 提供的默认登录页面,则一切正常。当我尝试使用我的时,即使调用 loadUserByUsername 方法并从数据库返回有效的 UserDetails,然后我停留在登录页面上。
在控制台中我收到消息:
WARNING: No configuration found for the specified action: '/myApplication/j_spring_security_check' in namespace: ''. Form action defaulting to 'action' attribute's literal value.
那么也许我有命名空间问题?
这是我的代码
Web.xml
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value> /WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml </param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<welcome-file-list>
<welcome-file>public/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
struts.xml
<?xml version="1.0" encoding="UTF-8" ?>
<package name="public" namespace="/public" extends="struts-default">
<action name="login" class="loginAction">
<result name="success">/secure/welcome.jsp</result>
<result name="input">login.jsp</result>
</action>
<action name="register" class="registerAction">
<result name="success">confirm_register.jsp</result>
<result name="input">register.jsp</result>
</action>
</package>
<package name="secure" namespace="/secure" extends="struts-default">
<action name="add" class="myApplication.action.UserAction" method="add">
<result name="success">welcome.jsp</result>
</action>
<action name="list" class="myApplication.action.UserAction" method="list">
<result name="success">list.jsp</result>
</action>
</package>
applicationContext-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<global-method-security pre-post-annotations="enabled">
<!-- AspectJ pointcut expression that locates our "post" method and applies
security that way <protect-pointcut expression="execution(* bigbank.*Service.post*(..))"
access="ROLE_TELLER"/> -->
</global-method-security>
<http pattern="/resources" security="none" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/public/*" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/secure/*"
access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/denied" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/" access="hasRole('ROLE_USER')" />
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp" />
<access-denied-handler error-page="/denied" />
<logout invalidate-session="true" logout-success-url="/logout/success"
logout-url="/logout" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService" />
</authentication-manager>
登录.jsp
<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ taglib prefix="s" uri="/struts-tags"%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
</head>
<body>
<h1>Identification</h1>
<s:form action="/myApplication/j_spring_security_check" method="post">
<s:actionerror />
<s:textfield label="Username" name="username"/>
<s:textfield label="Password" name="password"/>
<s:submit name="submit" />
</s:form>
</body>
</html>
有什么想法/建议吗?
最佳答案
首先使用<s:form>
正确标记http://struts.apache.org/2.x/docs/url.html或使用 HTML form
标签。基于表单的身份验证的第二个默认 spring-security 用户名和密码字段是 j_username
和j_password
。因此,将您的 JSP 更改为类似的内容,看看是否有效。
<form action="j_spring_security_check" method="post">
<table>
<s:textfield name="j_username" autofocus="autofocus" />
<s:password name="j_password" />
<s:submit/>
</table>
</form>
关于struts2 - Spring security自定义UserDetailsService实现+自定义登录页面,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13182552/
我是一名优秀的程序员,十分优秀!