1. 首页
  2. 问答
  3. 春季安全登录处理url抛出405请求方法POST不支持

春季安全登录处理url抛出405请求方法POST不支持

2014-01-07 109 views
2

我正在春季安全3.1.3春季3.2.0项目工作。我使用spring security为我的安全性配置了两个入口点。这个想法是有一个像企业用户应该登录的/ enterprise_login这样的url,以及普通用户登录其中的其他网址,例如/ login。在我的安全配置,我的下一个代码春季安全登录处理url抛出405请求方法POST不支持

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" /> 

<security:http pattern="/enterprise/**" auto-config="false" use-expressions="true" authentication-manager-ref="autenticationManagerUserEnterprise"> 
    <security:intercept-url pattern="/enterprise/**" access="hasRole('ROLE_ENTERPRISE')" /> 
    <security:intercept-url pattern="/enterprise_login" access="isAnonymous()" /> 
    <security:form-login login-page="/enterprise_login" default-target-url="/" authentication-failure-url="/empresas_login_error" login-processing-url="/enterprise_login_process" /> 
    <security:logout logout-success-url="/" delete-cookies="JSESSIONID"/> 
    <security:remember-me user-service-ref="enterpriseAuthenticationProvider"/> 
    <security:session-management invalid-session-url="/"> 
     <security:concurrency-control max-sessions="2" error-if-maximum-exceeded="true" /> 
    </security:session-management> 
</security:http> 

<security:http pattern="/**" auto-config="false" use-expressions="true" authentication-manager-ref="autenticationManagerUser"> 
    <security:intercept-url pattern="/**" access="permitAll" /> 
    <security:form-login login-page="/login" default-target-url="/" authentication-failure-url="/login_error" /> 
    <security:logout logout-success-url="/" delete-cookies="JSESSIONID"/> 
    <security:remember-me user-service-ref="UserAuthenticationProvider"/> 
    <security:session-management invalid-session-url="/"> 
     <security:concurrency-control max-sessions="2" error-if-maximum-exceeded="true" /> 
    </security:session-management> 
</security:http> 

<security:authentication-manager id="autenticationManagerUserEnterprise"> 
    <security:authentication-provider user-service-ref="enterpriseAuthenticationProvider"> 
     <security:password-encoder hash="plaintext"></security:password-encoder> 
    </security:authentication-provider> 
</security:authentication-manager> 

<security:authentication-manager id="autenticationManagerUser"> 
    <security:authentication-provider user-service-ref="UserAuthenticationProvider"> 
     <security:password-encoder hash="plaintext"></security:password-encoder> 
    </security:authentication-provider> 
</security:authentication-manager> 

<bean id="enterpriseAuthenticationProvider" class="com.test.security.enterpriseAuthenticationProvider"></bean> 
<bean id="UserAuthenticationProvider" class="com.test.security.UserDetailsServiceImp"></bean>

然后,当我去/ enterprise_login形式提交登录数据,我收到了“HTTP 405 - 请求方法‘POST’不支持”通过在Tomcat中倒掉网址/ enterprise_login_process(配置作为登录处理-上的网址我不能找出问题的所在,任何帮助非常感谢

PD:我的web.xml文件看起来像:

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
     http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 

<display-name>AT-2</display-name> 

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/spring-config.xml 
    </param-value> 
</context-param> 

<context-param> 
    <param-name>webAppRootKey</param-name> 
    <param-value>tutorial.root</param-value> 
</context-param> 

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 

<listener> 
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> 
</listener> 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<servlet> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>/WEB-INF/spring-config.xml</param-value> 
    </init-param> 
    <load-on-startup>0</load-on-startup> 
</servlet> 

<servlet-mapping> 
    <servlet-name>mvc-dispatcher</servlet-name> 
    <url-pattern>/</url-pattern> 
</servlet-mapping> 

<welcome-file-list> 
    <welcome-file>index.jsp</welcome-file> 
</welcome-file-list>

来源

2014-01-07 dacuna

+0

你能分享你的登录表吗? – coder

回答

3

问题是,第一个配置当前只匹配以“/ enterprise /”开头的URL,并且处理认证的URL配置为“/ enterprise_login_process”。这意味着向“/ enterprise_login_process”提交POST将提交给第二个不尝试验证“/ enterprise_login_process”的配置。

要解决此问题,您需要确保http @模式和登录处理url对齐。例如:

<security:http pattern="/enterprise/**" 
     auto-config="false" 
     use-expressions="true" 
     authentication-manager-ref="autenticationManagerUserEnterprise"> 
    <security:intercept-url pattern="/enterprise/login" 
      access="isAnonymous()" /> 
    <security:intercept-url pattern="/**" 
      access="hasRole('ROLE_ENTERPRISE')" /> 
    <security:form-login login-page="/enterprise/login" 
      default-target-url="/" 
      authentication-failure-url="/enterprise/login?error" 
      login-processing-url="/enterprise/login_process" /> 
    <security:logout logout-success-url="/" 
      delete-cookies="JSESSIONID"/> 
    <security:remember-me 
      user-service-ref="enterpriseAuthenticationProvider"/> 
    <security:session-management invalid-session-url="/"> 
     <security:concurrency-control max-sessions="2" 
       error-if-maximum-exceeded="true" /> 
    </security:session-management> 
</security:http>

您会观察到我修改了代码以确保块中的所有URL都以“/ enterprise /”开头。这也意味着您将需要确保您的企业登录表更新为POST到“/ enterprise/login_process”。

来源

2014-01-07 14:08:32

+0

感谢作品像一个魅力,我没有注意到我的登录处理url在http @ pattern的模式之外,愚蠢的错误。谢谢! – dacuna

相关问题

 相关问题