弹簧安全2.0.7和弹簧2.5的登录表单问题

Question

嗨，我想把我的应用程序登录页面。 我的login.jsp是

<form name='f' action="<c:url value='j_spring_security_check' />" 
     method='POST'> 

     <table> 
      <tr> 
       <td>User:</td> 
       <td><input type='text' name='j_username' value=''> 
       </td> 
      </tr> 
      <tr> 
       <td>Password:</td> 
       <td><input type='password' name='j_password' /> 
       </td> 
      </tr> 
      <tr> 
       <td colspan='2'><input name="submit" type="submit" 
        value="submit" /> 
       </td> 
      </tr> 
      <tr> 
       <td colspan='2'><input name="reset" type="reset" /> 
       </td> 
      </tr> 
     </table> 

    </form> 
</body> 
</html> 

登录控制器

@Controller 公共类的LoginController {

@RequestMapping("/user/login.do") 
    public ModelAndView handleLoginForm(HttpServletRequest request) { 
     String errParam = request.getParameter("error"); 
     ModelAndView mv = new ModelAndView("login"); 
     if(errParam != null) { 
      mv.addObject("error", "Benutzer oder Kennwort unzulässig"); 
     } 
     return mv; 
    } 

}

春天secuirty XML

<http auto-config="true"> 
     <intercept-url pattern="/login" 
      access="ROLE_USER" /> 
     <intercept-url pattern="/j_spring_security_check" 
      access="ROLE_USER" /> 
     <form-login login-page="/login" 
      login-processing-url="/j_spring_security_check" default-target-url="/userPage.do" 
      authentication-failure-url="/login?error=1" /> 
     <logout logout-success-url="/login" 
      logout-url="/logout" /> 
    <!-- <intercept-url pattern="/user/userPage.do" access="ROLE_USER" /> 
     <form-login login-page="/user/login.do" default-target-url="/user/userPage.do" 
      authentication-failure-url="/loginfailed" /> 
     <logout logout-success-url="/logout" /> --> 
    </http> 


    <authentication-provider> 
       <user-service id="userDetailsService"> 
         <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> 
         <user name="username" password="password" authorities="ROLE_USER" /> 
         <user name="test" password="test" authorities="ROLE_USER" /> 
       </user-service> 
    </authentication-provider> 

</beans:beans> 

的Spring XML

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> 
<beans> 


    <bean id="userFormValidator" class="com.validator.UserFormValidator"/> 

    <bean id="userProxy" 
     class="org.springframework.aop.framework.ProxyFactoryBean"> 
     <property name="target" ref="userManager" /> 
     <property name="interceptorNames"> 
      <list> 
       <value>transactionInterceptor</value> 
      </list> 
     </property> 
    </bean> 

    <bean id="genderManager" class="com.service.impl.GenderManagerImpl"> 
    </bean> 

    <bean id="userProxyBean" class="org.springframework.aop.framework.ProxyFactoryBean"> 
     <property name="proxyInterfaces"> 
      <value>com.service.UserManager</value> 
     </property> 
     <property name="target"> 
      <ref bean="userManager" /> 
     </property> 
     <property name="interceptorNames"> 
      <list> 
      <value>loggerAdviser</value> 
      </list> 
     </property> 
    </bean> 

    <bean id="genderProxyBean" class="org.springframework.aop.framework.ProxyFactoryBean"> 
     <property name="proxyInterfaces"> 
      <value>com.service.GenderManager</value> 
     </property> 
     <property name="target"> 
      <ref bean="genderManager" /> 
     </property> 
     <property name="interceptorNames"> 
      <list> 
      <value>loggerAdviser</value> 
      </list> 
     </property> 
    </bean> 

    <bean id="loggerAdviser" class="org.springframework.aop.support.RegexpMethodPointcutAdvisor"> 
     <property name="advice"> 
     <ref bean="loggingInterceptor"/> 
     </property> 
     <property name="patterns"> 
     <value>.*</value> 
     </property> 
    </bean> 

    <bean id="loggingInterceptor" class="com.log.LoggingInterceptor"/> 

    <bean id="userDetailController" class="com.web.UserDetailController"> 
     <property name="userManager"><ref bean="userProxyBean"/></property> 
    </bean> 

    <bean id="loginController" class="com.web.LoginController"> 

    </bean> 

    <bean id="userController" class="com.web.UserController"> 
     <property name="sessionForm"><value>true</value></property>   
     <property name="commandName"><value>userBean</value></property> 
     <property name="commandClass"><value>com.beans.UserBean</value></property> 
     <property name="validator"><ref bean="userFormValidator"/></property> 
     <property name="formView"><value>userForm</value></property> 
     <property name="successView"><value>userDetail.do</value></property> 
     <property name="userManager"><ref bean="userProxyBean"/></property> 
     <property name="genderManager"><ref bean="genderProxyBean"/></property> 
    </bean> 

    <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> 
     <property name="urlMap"> 
     <map> 
      <entry key="/user/userPage.do"><ref bean="userController"/></entry> 
      <entry key="/user/userDetail.do"><ref bean="userDetailController"/></entry> 
      <entry key="/user/login.do"><ref bean="loginController"/></entry> 
     </map> 
     </property> 
    </bean> 

    <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
     <property name="viewClass"><value>org.springframework.web.servlet.view.JstlView</value></property> 
     <property name="prefix"><value>/WEB-INF/jsp/</value></property> 
     <property name="suffix"><value>.jsp</value></property> 
    </bean> 

</beans> 

的web.xml

<servlet> 
     <servlet-name>context</servlet-name> 
     <servlet-class> 
      org.springframework.web.context.ContextLoaderServlet 
     </servlet-class> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <!-- Spring context loading ends--> 
    <servlet> 
     <servlet-name>user</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>user</servlet-name> 
     <url-pattern>*.do</url-pattern> 
    </servlet-mapping> 

    <servlet> 
     <servlet-name>dwr-invoker</servlet-name> 
     <servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class> 
     <load-on-startup>2</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>dwr-invoker</servlet-name> 
     <url-pattern>/dwr/*</url-pattern> 
    </servlet-mapping> 

    <taglib> 
     <taglib-uri>/spring</taglib-uri> 
     <taglib-location>/WEB-INF/spring.tld</taglib-location> 
    </taglib> 

    <!-- Spring Security --> 
    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    </web-app> 

现在，当过我打http://localhost:8080/springhibernate/user/login.do 它为我登录页面，但点击时登录它总是给我的错误

所请求的资源（/springhibernate/user/j_spring_security_check）不可用。 页面重定向到http://localhost:8080/springhibernate/user/j_spring_security_check

请帮我解决这个问题，并建议我如何登录功能，可在我的应用程序被implimented我坚持了下来

Answer 1

我在这里是我的工作CONFIGS供大家参考。他们似乎是完全一样的。这些是针对Spring 3.0的。还没有用2.x试过，但认为这可能对你有帮助。

<!-- Spring-security --> 

<http auto-config="false" access-denied-page="/login.jsp?error=Access%20Denied"> 
    <intercept-url pattern="/login.jsp*" filters="none" /> 
    <intercept-url pattern="/manager/**" access="${manager.roles}" /> 
    <form-login login-page="/login.jsp" 
       default-target-url="/welcome.jsp" 
       always-use-default-target="true" 
       authentication-failure-url="/login.jsp?error=true" /> 
    <logout logout-success-url="/login.jsp"/> 
    <anonymous/> 
    </http>  
    <authentication-manager> 
    <authentication-provider> 
     <user-service> 
       <user name="a" password="a" authorities="ROLE_MANAGER" /> 
      </user-service> 
    </authentication-provider> 
</authentication-manager> 


<!--Jsp --> 

<form name="login" action="<c:url value="j_spring_security_check"/>" method="POST"> 
<table width="40%" border="4" align="center" cellpadding="0" cellspacing="0" bordercolor="#E3DBB8"> 
    <tr><td bgcolor="#FFF4C3"><br> 
    <table width="100%" border="0" align="center" cellpadding="10" cellspacing="0" frame="box"> 
    <tr> 

     <td align="right" nowrap><font face="Tahoma" size="+1">User Name:</font></td> 
     <td align="left" width="300"><input id="username" tabindex="1" 
      type="text" name="j_username" maxlength="20" border="1" style="width: 150px"/ ></td> 
    </tr> 
    <tr> 
     <td align="right" nowrap><font face="Tahoma" size="+1">Password:</font></td> 
     <td align="left"><input id="password" tabindex="2" type="password" name="j_password" maxlength="20" style="width: 150px"/></td> 
    </tr>  
    <tr> 
     <td align="right"><input type="submit" tabindex="3" name="login" value=" Login " class="Button" /></td> 
     <td align="left"> 
     <input type="reset" tabindex="3" name="reset" value=" Reset " class="Button" /> 
     </td> 
    </tr> 

    </table><br> 
    </td></tr> 
</table> 
</form > 

<!--Web.xml --> 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

Answer 2

我有几乎相同的设置有独立的登录表单，但在登录操作如下方法获取的叫：

（见编辑）

不太清楚它是如何工作的，但appearently这是neccessairy： http://ocpsoft.com/java/jsf-java/spring-security-what-happens-after-you-log-in/

编辑：

我的表格：

<h:form id="loginForm" prependId="false"> 
     <label for="j_username"><h:outputText value="Username:" /><br /> 
     </label> 
     <h:inputText id="j_username" required="true"> 
     </h:inputText> 

     <br /> 
     <br /> 
     <label for="j_password"><h:outputText value="Password:" /><br /> 
     </label> 
     <h:inputSecret id="j_password" required="true"> 
     </h:inputSecret> 

     <br /> 
     <br /> 
     <label for="_spring_security_remember_me"> <h:outputText 
       value="Remember me" /> </label> 
     <h:selectBooleanCheckbox id="_spring_security_remember_me" /> 
     <br /> 

     <h:commandButton type="submit" id="login" 
      action="#{loginBean.doLogin}" value="Login" /> 

    </h:form> 

登录豆：

@SessionScope 
public class LoginBean implements Serializable 
{ 
    private String j_username;   
    private String j_password;   
    private String _spring_security_remember_me;   

    public String getJ_username() { 
     return j_username; 
    }  
    public void setJ_username(String j_username) { 
     this.j_username = j_username; 
    }  
    public String getJ_password() { 
     return j_password; 
    }  
    public void setJ_password(String j_password) { 
     this.j_password = j_password; 
    }  
    public String get_spring_security_remember_me() { 
     return _spring_security_remember_me; 
    }  
    public void set_spring_security_remember_me(String _spring_security_remember_me) { 
     this._spring_security_remember_me = _spring_security_remember_me; 
    }  

    // This is the action method called when the user clicks the "login" button 
    public String doLogin() throws IOException, ServletException 
    { 
     ExternalContext context = FacesContext.getCurrentInstance().getExternalContext(); 

     RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()) 
       .getRequestDispatcher("/j_spring_security_check"); 

     dispatcher.forward((ServletRequest) context.getRequest(), 
       (ServletResponse) context.getResponse()); 

     FacesContext.getCurrentInstance().responseComplete(); 
     // It's OK to return null here because Faces is just going to exit. 
     return null; 
    } 
}