如果用户还没有登录,这意味着他没有ROLE_USER
,所以Spring Security将不允许访问/login
。
添加use-expressions="true"
to <http>
element和变化拦截线,以这样的:
<http use-expressions="true">
<!-- ... -->
<security:intercept-url pattern="/login*" access="permitAll" />
另外,确保login.jsp的是/WEB-INF/jsp/login.jsp
下。
编辑后评论:
似乎是你有没有春季安全配置好,所以具有此开始:
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/login*" access="permitAll"/>
<intercept-url pattern="/**" access="ROLE_USER" />
<!-- use login-page='/login' assuming you've got
Spring MVC configured to redirect to login.jsp -->
<form-login login-page='/login'/>
</http>
,或者,如果你使用Spring安全3.1:
<http pattern="/login" security="none" />
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
<!-- use login-page='/login' assuming you've got
Spring MVC configured to redirect to login.jsp -->
<form-login login-page='/login'/>
</http>
创建/WEB-INF/jsp/login.jsp
带有示例内容的文件:
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<h3>Login</h3>
<c:if test="${not empty error}">
<div class="errorblock">
Your login attempt was not successful, try again.<br /> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
</table>
</form>
</body>
</html>
更重要的是,请阅读Spring Security,因为这些都是这个框架的基础。
错误看起来像您正在返回不存在的视图名称“登录”(即没有相应的JSP)。这与Spring Security没有任何关系。这完全在您的控制器配置中,并且在Spring Security过滤器链被调用后发生。 –