Spring Security/j_spring_security_check 未找到 404 [英] Spring Security /j_spring_security_check Not Found 404
问题描述
这是我的 WebAppInitializer:
Here is my WebAppInitializer:
@Configuration
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] { AppConfig.class, WebSecurityConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[] { WebConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
这是我的安全配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/signup", "/about").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").defaultSuccessUrl("/home").failureUrl("/error").permitAll()
.and().httpBasic();
// @formatter:on
}
}
这是我的 login.html(来自 thymeleaf 的示例 html):
And this is my login.html (example html from thymeleaf):
<form th:action="@{/j_spring_security_check}" method="post">
<label for="j_username">Username</label>:
<input type="text" id="j_username" name="j_username" /> <br />
<label for="j_password">Password</label>:
<input type="password" id="j_password" name="j_password" /> <br />
<input type="submit" value="Log in" />
</form>
当我点击登录时,出现此错误:
When i click on login, this error appears:
HTTP ERROR 404
Problem accessing /j_spring_security_check. Reason:
Not Found
我怎样才能摆脱这个错误?我用谷歌搜索了很多,但还没有成功.(是的,我不使用任何 xml.)
How can i get rid of this error? I googled a lot, but no success yet. (Yes I do not use any xml.)
推荐答案
我已经创建了这个,现在可以使用了:
I have created this, and it works now:
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
这会明显地激活 SpringSecurityFilterChain.
This activates the SpringSecurityFilterChain apperently.
由于 CSRF 错误,我还不得不从 @EnableWebSecurity 切换到 @EnableWebMvcSecurity.正如在 spring 文档中所写:
I also had to switch from @EnableWebSecurity to @EnableWebMvcSecurity because of an CSRF error. As in the spring doc is written:
...原因是 Spring Security 是针对 CSRF 的attakcks 并且我们的请求中没有包含 CSRF 令牌.更新我们的使用 @EnableWebMvcSecurity 注释的配置与@EnableWebMvcSecurity 做同样的事情并提供与春天的MVC.除其他外,它将确保我们的 CSRF 令牌是使用 Thymleaf 2.1+ 或 Spring 时自动包含在我们的表单中MVC 标签库...
...The reason is that Spring Security is protecting against CSRF attakcks and there is no CSRF token include in our request. Update our configuration to use the @EnableWebMvcSecurity annotation which will do the same as @EnableWebMvcSecurity and provide integration with Spring MVC. Among other things, it will ensure our CSRF Token is included in our forms automatically when using Thymleaf 2.1+ or Spring MVC taglibs...
也感谢 M. Deinum 的评论.Spring 最近显然将/j_spring_security_check/j_password/j_username 切换为/login/password/username.
Also Thanks M. Deinum for his comment. Spring has recently switched the /j_spring_security_check /j_password /j_username to /login /password /username apparently.
这篇关于Spring Security/j_spring_security_check 未找到 404的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!