1

我正在尝试使用 Spring Security 为我的网站(使用 JSF 2 创建)提供自定义登录。当我使用默认登录表单时,网站运行良好。但是,当我尝试使用我自己的自定义登录表单时,我总是被定向到我的 authentication-failure-url,即使我输入了正确的用户名/密码。有谁知道这是为什么或我该如何解决?我的代码如下。

安全配置.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security-3.1.xsd">

 <sec:http auto-config="true" use-expressions="true">
    <sec:intercept-url pattern="/login.jsf" access="isAnonymous()" />
    <sec:intercept-url pattern="/pages/secure/**" access="hasRole('ROLE_USER')" />
    <sec:intercept-url pattern="/pages/home/**" access="hasRole('ROLE_USER')" />
    <sec:intercept-url pattern="/pages/unsecure/**" access="permitAll"/>
    <sec:form-login login-page="/login.jsf" default-target-url="/pages/home/home.jsf"
                    authentication-failure-url="/fail.jsf"/>
</sec:http>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider>
        <sec:user-service>
            <sec:user authorities="ROLE_USER" name="admin" password="admin" />
        </sec:user-service>
    </sec:authentication-provider>
</sec:authentication-manager> 
</beans:beans>

登录.xhtml

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:f="http://java.sun.com/jsf/core"      
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:p="http://primefaces.org/ui"
      xmlns:ui="http://java.sun.com/jsf/facelets">
<h:head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<title>Login</title>
<h:outputStylesheet name="css/styles.css" />
<h:outputScript name="jquery/jquery-plugins.js" library="primefaces" />
</h:head>
<h:body>
<div class="login">
    <form method="POST" action="j_spring_security_check">
        <h:inputText name="j_username" id="username"></h:inputText>
        <p:watermark for="username" value="Username" />
        <br />  
        <h:inputSecret name="j_password" id="password">
        </h:inputSecret>
        <p:watermark for="password" value="Password" />
        <br />
        <h:commandButton name="submit" type="submit" value="Submit"></h:commandButton>
    </form>
</div>
</h:body>
</html>
4

2 回答 2

4

你看过生成的 HTML 输出吗?在浏览器中右键单击页面,执行查看源代码以查看它。

name属性

<h:inputText name="j_username" id="username"></h:inputText>
<h:inputSecret name="j_password" id="password"></h:inputSecret>

根本没有生成!相反,客户端 ID 代表元素的name.

相应地修复它:

<h:inputText id="j_username" />
<p:watermark for="j_username" value="Username" />
<h:inputSecret id="j_password" />
<p:watermark for="j_password" value="Password" />

你当然也可以只使用普通的普通 HTML:

<input type="text" name="j_username" placeholder="Username" />
<input type="password" name="j_password" placeholder="Password" />
于 2013-06-25T12:26:43.260 回答
0

尝试将以下设置为表单的操作。

action="#{request.contextPath}/j_spring_security_check"

于 2013-06-25T06:55:07.597 回答