1
我试图为一个spring项目构建一个非常基本的直接认证。基本的Spring安全配置困难
我遇到的问题是,应用程序不断发送我到“登录失败”页面,虽然我宣布了2个基本帐户(管理员和用户)。
我的应用程序的security.xml:
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login/denied" />
<logout logout-url="/resources/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/home/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/*Details/*" access="hasRole('ROLE_USER')" />
</http>
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<!-- SHA-256 values can be produced using 'echo -n your_desired_password | sha256sum' (using normal *nix environments) -->
<authentication-provider>
<password-encoder hash="sha-256" />
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
我非常基本的登录表单:
<form action="/${app_name}/resources/j_spring_security_check" method="POST">
<label for="j_username">Username</label>
<input id="j_username" name="j_username" type="text" /><br/>
<label for="j_password">Password</label>
<input id="j_password" name="j_password" type="password" /><br/>
<input type="submit" value="Login" />
</form>
对于现在的控制器是有只解决了登录的网址,登录/拒绝等
我刚刚开始使用Spring和Roo,所以这可能只是我忽略的一些事情。
感谢任何花时间回答的人。