认证请求/j_spring_security_check 404 错误 [英] Authentication request to /j_spring_security_check 404 Error

问题描述

使用下面的安全配置，向/j_spring_security_check 发出 post 请求会引发 404 错误.有人能帮我指出我做错了什么吗?

With the security configuration below, making a post request to /j_spring_security_check throws a 404 error. Could someone help me point out what I'm doing wrong?

security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <!-- Areas of the application which require no secuirty to visit -->

    <security:http security="none" pattern="/login/**" />
    <security:http security="none" pattern="/css/**" />
    <security:http security="none" pattern="/images/**" />
    <security:http security="none" pattern="/handler/**" />

    <security:http>
        <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
        <security:form-login login-page="/login/"
            default-target-url="/login/successful_login.html"
            always-use-default-target="true" />
            <security:csrf disabled="true"/>
        <security:http-basic />
        <security:logout />
    </security:http>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            ref="protrackAuthenticationProvider" />
    </security:authentication-manager>


    <bean id="protrackAuthenticationProvider"
        class="com.example.security.ProtrackAuthenticationProvider">
    </bean>

    <bean id="authenticationFilter"
        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="filterProcessesUrl" value="/j_spring_security_check" />
    </bean>
</beans>

Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
              http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0" xmlns="http://java.sun.com/xml/ns/javaee">

    <description>ProtrackEntities</description>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        /WEB-INF/ptentities-spring.xml
        /WEB-INF/ptentities-security.xml
        </param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <listener>
        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
    </listener>
    <!-- Servlets -->
    <servlet>
        <servlet-name>exportHandler</servlet-name>
        <servlet-class>com.myersinfosys.protrack.server.handlers.FileExportHandler</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>exportHandler</servlet-name>
        <url-pattern>/exportHandler</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


    <servlet>
        <servlet-name>gwt-rpc</servlet-name>
        <servlet-class>org.spring4gwt.server.SpringGwtRemoteServiceServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>gwt-rpc</servlet-name>
        <url-pattern>/rpc/*</url-pattern>
    </servlet-mapping>

    <!-- Default page to serve -->
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>
</web-app>

这是请求错误:

远程地址:127.0.0.1:59322 请求网址:http://127.0.0.1:59322/j_spring_security_check 请求方式:POST状态码:404 未找到

Remote Address:127.0.0.1:59322 Request URL:http://127.0.0.1:59322/j_spring_security_check Request Method:POST Status Code:404 Not Found

推荐答案

看起来您使用的是 Spring Security 4.0 版

It looks like you are using Spring Security version 4.0

我刚刚从 Spring Security 3.2.3 升级到 4.0.1，看起来登录和注销处理程序的默认 URL 已从 /j_spring_security_check 更改为 /login 和 /j_spring_security_logout 分别为 /logout.

I just upgraded from Spring Security 3.2.3 to 4.0.1 and it looks like the default URLs for the login and logout handlers have changed from /j_spring_security_check to /login and /j_spring_security_logout to /logout respectively.

看起来您使用的 URL 缺少路径的应用程序上下文组件部分，这通常是您的 Web 应用程序的名称.它应该看起来更像:

It also looks like the URL you are using is missing the application context component part of the path, which is usually the name of your web application. It should look more like:

http://127.0.0.1:59322/YourWebapp/j_spring_security_check 

或更高的 Spring Security 版本:

or for later Spring Security versions:

http://127.0.0.1:59322/YourWebapp/login

这篇关于认证请求/j_spring_security_check 404 错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！