1. 首页
  2. 问答
  3. 春季内存认证不起作用

春季内存认证不起作用

2015-06-23 99 views
2

我是Spring的新手,并试图通过参考文献docs.spring.io/spring-security/site/docs/4.0.1.RELEASE/reference/htmlsingle了解。但我坚持有问题。当我进入春季内存认证不起作用

用户名(BOB)

密码(bobspassword)

认证失败。

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-4.0.xsd"> 
    <http pattern="/css/**" security="none" /> 
    <http pattern="/app/login*" security="none"/> 

    <http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> 
     <form-login login-page="/app/login" default-target-url="/home.htm" 
      authentication-failure-url="/app/login?error" 

      always-use-default-target="true" 
      username-parameter="username" password-parameter="password" /> 
     <logout logout-success-url="/app/login?logout"/> 
     <csrf disabled="true"/> 
    </http> 

    <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="jimi" password="password" authorities="ROLE_USER, ROLE_ADMIN" /> 
       <user name="bob" password="bobspassword" authorities="ROLE_USER" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 

</beans:beans>

下面给出登录页面的源代码。

<%@ page language="java" contentType="text/html; charset=UTF-8" 
    pageEncoding="UTF-8"%> 
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
<title>Insert title here</title> 
</head> 
<body> 

    <c:url value="/login" var="postUrl" /> 
    <form action="${postUrl}" method="post" enctype="multipart/form-data"> 
     <c:if test="${param.error != null}">  
     <p>Invalid username and password.</p> 
     </c:if> 
     <c:if test="${param.logout != null}"> 
     <p>You have been logged out.</p> 
     </c:if> 
     <p> 
      <label for="username">Username</label> 
      <input type="text" 
       id="username" name="username" /> 
     </p> 
     <p> 
      <label for="password">Password</label> <input type="password" 
       id="password" name="password" /> 
     </p> 

     <input type="text" 
     name="${_csrf.parameterName}" 
      value="${_csrf.token}" /> 

     <button type="submit" class="btn">Log in</button> 
    </form> 
</body> 
</html>

我正在使用spring security 4.0.1.RELEASE,CSRF被禁用。

来源

2015-06-23 Sarath Babu

+1

你为什么要将表单提交为'multipart/form-data'而不是一个正常表单? –

+0

你能用'jimi'用户名登录吗? – smoggers

+0

谢谢Denium,因为我做了这个改变,还有一些其他的错误,忘记删除它。现在它正在工作 –

回答

0

改变

<form action="${postUrl}" method="post" enctype="multipart/form-data">

​​

感谢M.Deinum的指点错误。

来源

2015-06-23 11:07:37

相关问题

 相关问题