4

嗨,我正在尝试在我的应用程序上配置 spring 安全性。但是一旦我输入用户名和密码并提交表单,我就会收到错误

HTTP Status 404 - /j_spring_security_check The requested resource is not available.

在此处输入图像描述

以下是我的配置文件:

web.xml

<filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>   

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext.xml,/WEB-INF/taskTracker-app.xml,/WEB-INF/taskTracker-servlet.xml,/WEB-INF/taskTracker-security.xml</param-value>
</context-param>

<servlet>
    <servlet-name>taskTracker</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>taskTracker</servlet-name>
    <url-pattern>*.html</url-pattern>
</servlet-mapping>

taskTracker-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
 http://www.springframework.org/schema/aop 
 http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
 http://www.springframework.org/schema/tx
 http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
 http://www.directwebremoting.org/schema/spring-dwr
 http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd">

    <bean id="TaskTrackerLoginController"
        class="org.springframework.web.servlet.mvc.ParameterizableViewController">
        <property name="viewName">
            <value>/taskTracker/sign-in</value>
        </property>
    </bean>

    <bean id="TaskTrackerErrorController"
        class="org.springframework.web.servlet.mvc.ParameterizableViewController">
        <property name="viewName">
            <value>/taskTracker/error</value>
        </property>
    </bean>

    <bean id="WelcomeController" class="com.tracker.web.controllers.WelcomeController">
        <property name="BusinessLogic">
            <ref bean="BusinessLogic" />
        </property>
        <property name="viewName">
            <value>/taskTracker/welcome</value>
        </property>
    </bean>

    <bean id="nonSecurePageMappings"
        class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
        <property name="mappings">
            <props>
                <prop key="/taskTracker/sign-in.html">TaskTrackerLoginController</prop>
                <prop key="/taskTracker/error.html">TaskTrackerErrorController</prop>
            </props>
        </property>
    </bean>
    <bean id="PageMappings"
        class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
        <property name="mappings">
            <props>

                <prop key="/taskTracker/welcome.html">WelcomeController</prop>

            </props>
        </property>
    </bean>

    <bean id="viewResolver"
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass">
            <value>org.springframework.web.servlet.view.JstlView</value>
        </property>
        <property name="prefix">
            <value>/WEB-INF/jsp/</value>
        </property>
        <property name="suffix">
            <value>.jsp</value>
        </property>
    </bean>
</beans>

taskTracker-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <bean id="SecurityService" class="com.tracker.web.security.SecurityService">
        <property name="BusinessLogic">
            <ref bean="BusinessLogic" />
        </property>
    </bean>

    <security:http access-denied-page="/taskTracker/tracker/error.html" auto-config="false">
        <security:session-management invalid-session-url="/taskTracker/sign-in.html">
        </security:session-management>
        <security:form-login login-page="/taskTracker/sign-in.html" default-target-url="/taskTracker/welcome.html"
            always-use-default-target="false" authentication-failure-url="/taskTracker/sign-in.html?error=1" />
        <security:logout invalidate-session="true" logout-success-url="/taskTracker/sign-in.html" />
        <security:intercept-url pattern="/taskTracker/sign-in.html*" filters="none" />
        <security:intercept-url pattern="/taskTracker/welcome.html*" />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider user-service-ref="SecurityService" />
    </security:authentication-manager>

</beans>

taskTracker-app.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
 http://www.springframework.org/schema/aop 
 http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
 http://www.springframework.org/schema/tx
 http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
 http://www.directwebremoting.org/schema/spring-dwr
 http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd">

    <bean id="userDao" class="com.tracker.data.dao.jdbc.UserJdbcDao">
        <property name="dataSource">
            <ref bean="dataSource" />
        </property>
    </bean>

    <bean id="BusinessLogic" class="com.tracker.business.logic.TrackerBusinessLogicImpl">
        <property name="userLogic">
            <ref bean="userLogic" />
        </property>
    </bean>

    <bean id="userLogic" class="com.tracker.business.logic.user.UserLogic">
        <property name="userDao">
            <ref bean="userDao" />
        </property>
    </bean>
</beans>

安全服务.java

package com.tracker.web.security;

import org.apache.log4j.Logger;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.tracker.business.logic.TrackerBusinessLogic;
import com.tracker.business.model.User;

public class SecurityService implements UserDetailsService {
    private final static Logger log = Logger.getLogger(SecurityService.class);
    private TrackerBusinessLogic trackerBusinessLogic;

    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException, DataAccessException {

        String errMsg = "User with username: " + username;

        User user = trackerBusinessLogic.loadUser(username);
        if(user!=null) {
            // user has been loaded
        } else {
            log.error("User with username: " + username + " not found");
        }
        return user;
    }

    public TrackerBusinessLogic getBusinessLogic() {
        return trackerBusinessLogic;
    }

    public void setBusinessLogic(TrackerBusinessLogic trackerBusinessLogic) {
        this.trackerBusinessLogic = trackerBusinessLogic;
    }
}

登录.jsp

<html lang="en-US">
<head>
    <title>Login</title>
</head>
<body>
<div class="login">
    <h1>Task Tracker Login</h1>
    <form action="/j_spring_security_check" method="post">
        <input type="text" name="j_username" value="" placeholder="Username" required="required" />
        <input type="password" name="j_password" placeholder="Password" required="required" />
        <input type="hidden" name="referrer" value="${param.referrer}" />
        <input type="submit" value="Let me in." class="btn btn-primary btn-block btn-large">
    </form>
</div>
</body> 
</html>

请帮我解决我在这里缺少的东西。谢谢你。

4

3 回答 3

8

在您的sign-in.jsp中,您需要更改URL您提交登录请求的目标,您可以如下实现:

<c:url value="/j_spring_security_check" var="loginUrl" />

并在您的表单操作中使用它:

<form action="${loginUrl}" method="post">

login-processing-url属性默认为/j_spring_security_check, 并指定登录表单(应包括usernameand password)应使用 HTTP post 提交到的 URL。

于 2013-10-07T14:22:36.570 回答
2

我在 /j_spring_security_check 之前添加 ${request.contextPath} 时修复了该错误

于 2014-01-30T10:38:19.680 回答
2

与此特定问题无关(但与“j_spring_security_check 404”问题有关)。认为它可能会帮助任何尝试使用 spring 4 解决相同问题的人,即使所有设置都正确。

从 Spring 4 开始,spring 默认启用 csrf,所以首先检查 csrf 是否禁用,如果这解决了“j_spring_security_check 404”问题。

<http>
    <!-- ... -->
    <csrf disabled="true"/>
</http>

这只是为了测试,如果它确实有效,则再次启用它,因为现在禁用 csrf 对于 web-app 来说不是一个好主意。所以删除它

<csrf disabled="true" />

行('coz crsf 默认启用),并在您的身份验证输入表单中添加一个 csrf 令牌字段:

<form action="${loginUrl}" method="post">
    <input ... />
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>

或者

<form action="${loginUrl}?${_csrf.parameterName}=${_csrf.token}" method="post"> .... </form>
于 2016-06-01T22:28:07.377 回答