春季安全性更改spring

本文介绍了春季安全性更改spring_security_login表单的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在使用Spring Security，我想知道如何更改默认登录表单

i am using spring security and i am wondering how to change the default login form

我发现我需要指向新表格的位置.我想保留具有所有登录异常显示的现有默认表单的现有功能.所以我必须先知道如何复制它.

i have found out that i need to point to my new form location. i want to keep the existing functions of the existing default form that has all the login exception display. so i must know how to reproduce it first.

在我的研究中，我偶然发现了它

in my research i come across with it

www .codercorp/blog/spring/security-spring/spring-security-login-logout-form.html

感谢他提供的代码

<%@ taglib prefix='c' uri='java.sun/jstl/core_rt' %> <%@ page import="org.springframework.security.ui.AbstractProcessingFilter" %> <%@ page import="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" %> <%@ page import="org.springframework.security.AuthenticationException" %> <html> <head> <title>Login</title> </head> <body> <h1>Login</h1> <c:if test="${not empty param.login_error}"> <font color="red"> Your login attempt was not successful, try again.<br/><br/> Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>. </font> </c:if> <form name="f" action="<c:url value='j_spring_security_check'/>" method="POST"> <table> <tr><td>User:</td><td><input type='text' name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr> <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr> <tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr> <tr><td colspan='2'><input name="submit" type="submit"></td></tr> <tr><td colspan='2'><input name="reset" type="reset"></td></tr> </table> </form> </body> </html>

但是对于Spring Security 3，该代码似乎无法正常工作.有些库已过时，我将它们一一替换.我将它们更改为以下

but the code seems not working well for spring security 3. some libraries where outdated and i replaced them one by one. i change them to this below

<%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %> <%@ page import="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" %> <%@ page import="org.springframework.security.core.AuthenticationException" %>

，但仍拒绝报告登录错误.我还应该尝试什么?

but it is still refuse to report login errors. what else should i try ?

推荐答案

使用自定义登录页面时，Spring Security不会自动指定由于登录错误而显示的登录页面.您应该手动执行此操作，通常是向authentication-failure-url添加一个参数，您的代码需要一个名为login_error的参数:

When you use a custom login page, Spring Security doesn't automatically specify that your login page was displayed as a result of login error. You should do it manually, usually by adding a parameter to authentication-failure-url, your code expects a parameter named login_error:

<form-login login-page="/login.htm" authentication-failure-url = "/login.htm?login_error=1" />