1. 首页
  2. 问答
  3. 无法理解的自定义登录页面请求

无法理解的自定义登录页面请求

2013-01-17 51 views
0

四郎的行为,我使用Apache四郎,以确保我的Spring MVC应用程序。这是我的配置:无法理解的自定义登录页面请求

<!-- Shiro --> 
<bean id = "hibernateRealm" class = "com.bidapp.presentation.shiro.HibernateRealm" /> 

<bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 
    <property name = "realm" ref = "hibernateRealm" /> 
</bean> 

<bean id = "lifecycleBeanPostProcessor" class = "org.apache.shiro.spring.LifecycleBeanPostProcessor" /> 

<bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
    <property name = "securityManager" ref = "securityManager" /> 
</bean> 
<!-- Shiro -->

在web.xml中(除其他事项外)

<filter> 
    <filter-name>shiroFilter</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    <init-param> 
     <param-name>targetFilterLifecycle</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>shiroFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

我的登录页面是context/account/login。当我尝试提交表单,我得到消息The request sent by the client was syntactically incorrect(). 400 HTTP错误代码,以下为四郎

记录 
365348 [http-bio-8080-exec-5] TRACE o.a.s.w.s.OncePerRequestFilter - Filter 'shiroFilter' not yet executed. Executing now. 
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - Context already contains a SecurityManager instance. Returning. 
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No identity (PrincipalCollection) found in the context. Looking for a remembered identity. 
365349 [http-bio-8080-exec-5] TRACE o.a.shiro.web.servlet.SimpleCookie - No 'rememberMe' cookie value 
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No remembered identity found. Returning original context. 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false 
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] to thread [http-bio-8080-exec-5] 
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [http-bio-8080-exec-5] 
365349 [http-bio-8080-exec-5] TRACE o.a.s.w.servlet.AbstractShiroFilter - No FilterChain configured for the current request. Using the default. 
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - get() - in thread [http-bio-8080-exec-5] 
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Retrieved value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] bound to thread [http-bio-8080-exec-5] 
365351 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false

真正奇怪的是,我可以点击back然后forward在我的浏览器,带我到正确的认证的网页。我试过调试,我的Controller甚至都没有被调用。但是怎么可能,如果点击backforward带我到正确的网页?

我没有在我的web.xml中其他任何过滤器,不使用任何Shiro的默认筛选器,不会故意反正。

这是怎么回事?

不,它让我在Eclipse的靛蓝发展任何区别。这是应该调用的代码,但不是(在调试模式下)。

@RequestMapping(value = "/account/login", method = RequestMethod.POST, params = "login") 
    public String login(@RequestParam("username") String username, 
      @RequestParam("password") String password, 
      @RequestParam("remember") boolean rememberMe, 
      Model model) { 
     Subject currentUser = SecurityUtils.getSubject(); 

     if (!currentUser.isAuthenticated()) { 

      UsernamePasswordToken token = new UsernamePasswordToken(username, password); 
      token.setRememberMe(rememberMe); 
      currentUser.login(token); 

      return "redirect:/account/profile"; 
     } 

     return "home"; 

    }

来源

2013-01-17 Sotirios Delimanolis

回答

0

所以我仍然无法解释前进和后退按钮行为,但这不是Shiro问题。问题出在记住我的复选框。在登录的处理方法,我有@RequestParam("remember") boolean rememberMe但它应该是@RequestParam(value = "remember", required = false) boolean rememberMerequired意味着你不需要它。默认情况下,Spring让我们能够真正的,所以它会说,这是调用正确的方法,但它不能调用它,因为它不具备它所需要的信息,从而400

来源

2013-01-20 00:52:51

1

如果您没有在Shiro的配置中定义任何过滤器,Shiro将允许通过任何请求。换句话说,就是因为你有一个认证的页面,Shiro不知道要不要保护它。你必须告诉Shiro保护那个页面。例如:

[main] 
#tell Shiro where to redirect to if login is required: 
authc.loginUrl = /account/login 

[urls] 
# ensure the following pages require authentication (the loginUrl will be 
# allowed however): 
/account/** = authc

至于400错误,四郎不发出这样的错误响应 - 它可能是你的容器或弹簧,其发出的错误。

另外,如果你使用四郎1.2或更高版本,不要忘了相关<dispatcher>元素添加到<filter-mapping>

http://shiro.apache.org/web.html#Web-Shiro1.2andlater

来源

2013-01-18 01:12:27

+0

是否把网址下'[ urls]'是否意味着我不需要在每个控制器处理程序方法中每次都使用'Subject.isAuthenticated()'?你能解释一下调度器元素是什么,我不能在文档中找到解释吗? –

+0

而这些都不能解释我得到的行为。我可以访问任何其他页面,但不能登录页面。 –

相关问题

 相关问题