2

我是新来的河马,在河马 cms 网站上工作。我正在创建一个带有弹簧安全性的登录页面。为此,我创建了以下文件并为 spring 和 spring 安全性进行了配置。

这是我的 Login.jsp。

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
    color: #ff0000;
    background-color: #ffEEEE;
    border: 3px solid #ff0000;
    padding: 8px;
    margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
    <h3>Login with Username and Password (Custom Page)</h3>

    <c:if test="${not empty error}">
        <div class="errorblock">
            Your login attempt was not successful, try again.<br /> Caused :
            ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
        </div>
    </c:if>

    <form name='f' action="/j_spring_security_check"
        method='POST'>

        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='j_username' value=''>
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type='password' name='j_password' />
                </td>
            </tr>
            <tr>
                <td colspan='2'><input name="submit" type="submit"
                    value="submit" />
                </td>
            </tr>
            <tr>
                <td colspan='2'><input name="reset" type="reset" />
                </td>
            </tr>
        </table>

    </form>
</body>
</html>

配置文件。

1)Web.xml配置

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_ID" version="2.4"
        xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
        http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

        <display-name>Spring MVC Application</display-name>

        <!-- Spring MVC -->
        <servlet>
            <servlet-name>mvc-dispatcher</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>mvc-dispatcher</servlet-name>
            <url-pattern>/</url-pattern>
        </servlet-mapping>

        <listener>
            <listener class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/mvc-dispatcher-servlet.xml,
                /WEB-INF/spring-database.xml,
                /WEB-INF/spring-security.xml
            </param-value>
        </context-param>

        <!-- Spring Security -->
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>

        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

    </web-app>

2) mvc-dispatcher-servlet.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="
            http://www.springframework.org/schema/beans    
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.0.xsd">

        <context:component-scan base-package="com.example.common.controller" />

        <bean
            class="org.springframework.web.servlet.view.InternalResourceViewResolver">
            <property name="prefix">
                <value>/WEB-INF/pages/</value>
            </property>
            <property name="suffix">
                <value>.jsp</value>
            </property>
        </bean>

        <bean id="messageSource"
            class="org.springframework.context.support.ResourceBundleMessageSource">
            <property name="basenames">
                <list>
                    <value>mymessages</value>
                </list>
            </property>
        </bean>

    </beans>

3) 弹簧数据库.xml

    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

        <bean id="dataSource"
            class="org.springframework.jdbc.datasource.DriverManagerDataSource">
            <property name="driverClassName" value="com.mysql.jdbc.Driver" />
            <property name="url" value="jdbc:mysql://localhost:3306/vnp_db" />
            <property name="username" value="root" />
            <property name="password" value="admin" />
        </bean>

    </beans>

4) spring-security.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

        <http auto-config="true">
            <intercept-url pattern="/welcome*" access="ROLE_USER" />
            <form-login login-page="/login" default-target-url="/welcome"
                authentication-failure-url="/loginfailed"  login-processing-url="/j_spring_security_check"/>
            <logout logout-success-url="/logout" />
        </http>

        <authentication-manager>
            <authentication-provider>
              <jdbc-user-service data-source-ref="dataSource"

                    users-by-username-query="
                        select email,password, enabled
                        from users where email=?"

                    authorities-by-username-query="
                        select u.email, ur.authority from users u, authorities ur
                        where u.email = ur.email and u.email =?  "
                />
            </authentication-provider>
        </authentication-manager>

    </beans:beans>

和控制器文件

该模块还包含使用弹簧的注册部分,部分工作正常。在登录页面上,我填写正确的用户名和密码,然后单击“登录”按钮。该网址转到“ http://testcebs.com:8080/site/j_spring_security_check ”并重定向到 PAGE NOT FOUND 而不是成功和失败。单击“登录”按钮后未启动身份验证过程。我无法理解为什么它不起作用。然而,相同的代码和配置在 Eclipse 中作为 Spring 应用程序运行良好。

4

1 回答 1

-1

你已经在这里这里得到了回答,请不要交叉发布

答案:

如果 j_spring_security_check URL 不是 HST 驱动的一部分,请确保将其添加到 hst:hosts 排除项中,否则 HST 认为它需要处理 URL。

您还需要将 SpringSecurityValve 插入到现有管道中。您可以使用 hippo-spring-sec 插件进行更清洁的 spring 安全集成;http://hst-springsec.forge.onehippo.org/

于 2013-07-16T15:36:07.270 回答