1
在我的web应用程序中发生的最奇怪的事情。下面是web.xml中的<security-constraint>部分:调用j_security_check后出现404错误
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-secure resources</web-resource-name>
<url-pattern>/js/*</url-pattern>
<url-pattern>/theme/*</url-pattern>
<url-pattern>/login.jsp</url-pattern>
<url-pattern>/logout.faces</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure resources</web-resource-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>/fragments/*</url-pattern>
<url-pattern>/pages/*</url-pattern>
<url-pattern>*.faces</url-pattern>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>AllAuthenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>map</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>AllAuthenticated</role-name>
</security-role>
当用户通过http://<host-name>/<context-path>/访问的应用程序,那么用户被转发到登录页面,登录成功后,一切都很好。但是,如果用户通过http://<host-name>/<context-path>/login.jsp访问应用程序,登录成功后,用户将收到404错误消息,浏览器中的URL为http://<host-name>/<context-path>/j_security_check。
有人知道为什么会发生这种情况,我该如何预防它?
请添加login.jsp – Michael