四郎的行为,我使用Apache四郎,以确保我的Spring MVC应用程序。这是我的配置:无法理解的自定义登录页面请求
<!-- Shiro -->
<bean id = "hibernateRealm" class = "com.bidapp.presentation.shiro.HibernateRealm" />
<bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name = "realm" ref = "hibernateRealm" />
</bean>
<bean id = "lifecycleBeanPostProcessor" class = "org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name = "securityManager" ref = "securityManager" />
</bean>
<!-- Shiro -->
在web.xml中(除其他事项外)
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我的登录页面是context/account/login
。当我尝试提交表单,我得到消息The request sent by the client was syntactically incorrect().
400 HTTP错误代码,以下为四郎
365348 [http-bio-8080-exec-5] TRACE o.a.s.w.s.OncePerRequestFilter - Filter 'shiroFilter' not yet executed. Executing now.
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - Context already contains a SecurityManager instance. Returning.
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No identity (PrincipalCollection) found in the context. Looking for a remembered identity.
365349 [http-bio-8080-exec-5] TRACE o.a.shiro.web.servlet.SimpleCookie - No 'rememberMe' cookie value
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No remembered identity found. Returning original context.
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] to thread [http-bio-8080-exec-5]
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [http-bio-8080-exec-5]
365349 [http-bio-8080-exec-5] TRACE o.a.s.w.servlet.AbstractShiroFilter - No FilterChain configured for the current request. Using the default.
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - get() - in thread [http-bio-8080-exec-5]
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Retrieved value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] bound to thread [http-bio-8080-exec-5]
365351 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
真正奇怪的是,我可以点击back
然后forward
在我的浏览器,带我到正确的认证的网页。我试过调试,我的Controller
甚至都没有被调用。但是怎么可能,如果点击back
和forward
带我到正确的网页?
我没有在我的web.xml中其他任何过滤器,不使用任何Shiro的默认筛选器,不会故意反正。
这是怎么回事?
不,它让我在Eclipse的靛蓝发展任何区别。这是应该调用的代码,但不是(在调试模式下)。
@RequestMapping(value = "/account/login", method = RequestMethod.POST, params = "login")
public String login(@RequestParam("username") String username,
@RequestParam("password") String password,
@RequestParam("remember") boolean rememberMe,
Model model) {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(rememberMe);
currentUser.login(token);
return "redirect:/account/profile";
}
return "home";
}
是否把网址下'[ urls]'是否意味着我不需要在每个控制器处理程序方法中每次都使用'Subject.isAuthenticated()'?你能解释一下调度器元素是什么,我不能在文档中找到解释吗? –
而这些都不能解释我得到的行为。我可以访问任何其他页面,但不能登录页面。 –