0

我们已经将我们的软件从 spring boot 1.5.7 迁移到 spring boot 2。我们通过在 pom.xml 中包含 joinfaces-parent 来使用 JSF。

在启动时,一切正常,但登录调用不起作用:

Request method 'POST' not supported

可能是 Spring Security 问题?CSRF 已被禁用。

这是我们的 SecurityConfig 文件:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    ...
    @Override
    protected void configure(HttpSecurity http) {
        try {

            http.csrf().disable().authorizeRequests()
                    .antMatchers("/javax.faces.resource/**", Page.LOGIN.getUrlForSecurityContext())
                    .permitAll()
                    .and()

                    ........

                    // *** login configuration
                    .formLogin()
                    .loginPage(Page.LOGIN.getUrlForSecurityContext()).permitAll()
                    .failureUrl(Page.LOGIN.getUrlForSecurityContext() + "?error=true")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .successHandler(authenticationSuccessHandler)
                    .and()

             ...........

            // @formatter:on
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    .......

}

登录请求没有到达我们的后端。我发现这个错误是由dispatcher.forward从 xhtml 调用的函数生成的。这里的功能:

public void login() throws ServletException, IOException {
    final ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();

    final RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()).getRequestDispatcher("/login");

    dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse());

    FacesContext.getCurrentInstance().responseComplete();
}

当错误消息发生时,这里有更多日志:

[io.undertow.servlet] (default task-3) Initializing Spring FrameworkServlet 'dispatcherServlet'
16:02:20,926 INFO  [org.springframework.web.servlet.DispatcherServlet] (default task-3) FrameworkServlet 'dispatcherServlet': initialization started
16:02:20,938 INFO  [org.springframework.web.servlet.DispatcherServlet] (default task-3) FrameworkServlet 'dispatcherServlet': initialization completed in 12 ms
16:02:20,949 WARN  [org.springframework.web.servlet.PageNotFound] (default task-3) Request method 'POST' not supported
16:02:20,973 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] (default task-3) Cannot forward to error page for request [/login] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false

谢谢指教!

4

1 回答 1

0

Spring Security 配置对我来说看起来不错。您的登录控制器有问题。我想您的login方法是响应来自客户端的 POST 请求而调用的。然后它尝试转发这个 POST 以呈现登录页面,最后抛出异常。显然它应该是 GET 请求而不是 POST。

于 2018-08-10T09:56:10.910 回答