我在我的应用程序中使用spring security。 我希望用户在访问服务器上的任何页面之前先登录,因此我采用重定向方法。 但重定向似乎是无限循环,因为无论我提交页面多少次,它都会将我重定向到登录页面。 我试过调试,请求总是按照我的预期点击GET而不是POST方法。 我正在使用LDAP身份验证使用用户在表单上输入的详细信息。 这是安全上下文xml中的代码。 有人能指出我正确的方向。
<http pattern="/resources/**" security="none" /> <http auto-config="true"> <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/**" access="ROLE_USER" /> <form-login login-page="/login" default-target-url="/dashboard" authentication-failure-url="/loginfailed" /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="bob" password="bobspassword" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager>当我删除<form-login login-page="/login" default-target-url="/dashboard" authentication-failure-url="/loginfailed" />它默认为spring登录页面,但它有效,但我有使用配置xml中的用户凭据而不是LDAP凭据。
编辑**
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <c:set var="contextPath" value="${pageContext.request.contextPath}" /> <link rel="stylesheet" href="${contextPath}/resources/css/styles.css" type="text/css"> <h2 style="text-align:center">Login to continue to Application</h2> <div align="center" class="div"> <form:form method="POST" modelAttribute="login" action="authenticate"> <table> <tr> <td><form:label path="username" class="label">Username:</form:label></td> <td><form:input path="username" class="input"/></td> <td><form:errors path="username" class="error" /></td> </tr> <tr> <td><form:label path="password" class="label">Password:</form:label></td> <td><form:password path="password" class="input"/></td> <td><form:errors path="password" class="error"/></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" value="Login" class="button"/></td> </tr> </table> </form:form> </div>谢谢Sree
I am using spring security in my application. I want the user to be logged in first before accessing any pages on the server, hence i am taking the redirect approach. But the redirect seems to be in an infinite loop cause it redirects me to the login page no matter how many times i submit the page. I tried debugging and the request always hits the GET instead of the POST method as i expected. I am using LDAP authentication using the details entered by the user on the form. Here is the code in the security context xml . Can someone point me in the right direction.
<http pattern="/resources/**" security="none" /> <http auto-config="true"> <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/**" access="ROLE_USER" /> <form-login login-page="/login" default-target-url="/dashboard" authentication-failure-url="/loginfailed" /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="bob" password="bobspassword" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager>When i remove the <form-login login-page="/login" default-target-url="/dashboard" authentication-failure-url="/loginfailed" /> it defaults to spring login page and it works but i have to use the user credentials from the configuration xml as opposed to LDAP credentials.
Edit**
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <c:set var="contextPath" value="${pageContext.request.contextPath}" /> <link rel="stylesheet" href="${contextPath}/resources/css/styles.css" type="text/css"> <h2 style="text-align:center">Login to continue to Application</h2> <div align="center" class="div"> <form:form method="POST" modelAttribute="login" action="authenticate"> <table> <tr> <td><form:label path="username" class="label">Username:</form:label></td> <td><form:input path="username" class="input"/></td> <td><form:errors path="username" class="error" /></td> </tr> <tr> <td><form:label path="password" class="label">Password:</form:label></td> <td><form:password path="password" class="input"/></td> <td><form:errors path="password" class="error"/></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" value="Login" class="button"/></td> </tr> </table> </form:form> </div>thanks Sree
最满意答案
@sri
如你的代码中所提到的,我可以看到你拦截了URL "/login*"
现在任何登录结尾的网址都会被春季安全拦截,之后你必须输入正确的凭据....
现在提供凭据后,您将被重定向到页面/login
现在很清楚,我们的网址再次以登录结束,因此它被春季安全再次拦截......这就是为什么循环继续....
可能解决方案
这可能适合你,只需将下面的代码放在<http pattern="/resources/**" security="none" />标记下面,如下所示:
码:
<http pattern="/resources/**" security="none" /> <http pattern="/Login.html" security="none" />Ok. Finally i got to a working state. Here are the changes i made to the security context xml
<intercept-url pattern="/login/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>the url regex change. And also the action in my login.jsp is now
action="/login/authenticate"and finally the controller request mapping path is updated. Hope this helps anyone who has a similar issue. I am yet to discover if this is the right approach to achieve it but works for now.
-Sree
更多推荐
form,login,xml,电脑培训,计算机培训,IT培训"/> <meta name="description&qu
发布评论