2
我想学习弹簧安全,所以我已经下载了一些示例项目,然后我试图实现该解决方案到我的项目。但是当我尝试提交登录表单时,我总是获取在applicationContext-security.xml中定义的403页面。但我期望的是'authentication-failure-url'用于无效的用户名/密码,或'default-target-url'用于正确的用户名/密码,而不是'access-denied-handler'/ forbidden(我的403页面)。我会非常感激,如果有经验的人能够帮助我。 应用的security.xml弹簧安全登录总是得到访问被拒绝
<security:http security="none" pattern="/public/**"/>
<security:http security="none" pattern="/login*"/>
<security:http security="none" pattern="/maxSessionError*"/>
<security:http security="none" pattern="/forbidden*"/>
<security:http use-expressions="true">
<security:intercept-url pattern="/**" access="isAuthenticated()"/>
<security:form-login login-page="/login"
default-target-url="/home"
authentication-failure-url="/login"
authentication-success-handler-ref="loginSuccessHandler"
/>
<security:logout invalidate-session="true" delete-cookies="true" success-handler-ref="logoutSuccessHandler" />
<security:access-denied-handler error-page="/forbidden"/>
<security:session-management session-fixation-protection="newSession" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/maxSessionError" />
</security:session-management>
<security:custom-filter ref="xunxiSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
</security:http>
的login.jsp
<form action="<%=request.getContextPath()%>/j_spring_security_check" method="post" class="login-form" id="login-form" >
<label>Username</label>
<input type="text" placeholder="username" name="j_username"/>
<label>Password</label>
<input type="password" placeholder="password" name="j_password"/>
<label>
<input type="checkbox" name="_spring_security_remember_me" /> Remember me </label>
<button type="submit" >
Login
</button>
</div>
</form>
您使用的是哪个版本的Spring Security? – holmis83
sping 4.2.2弹簧安全4.0.2 –