Spring 3安全性j_spring_security_check [英] Spring 3 Security j_spring_security_check

问题描述

我正在努力学习Spring安全性如何工作，所以我下载了一些示例项目，然后我尝试将该解决方案实现到我的项目中。但是当我尝试登录时，我得到 404 错误，在地址栏中我有 http：// localhost：8080 / fit / j_spring_security_check 。我试着在这里查看类似的问题，但我无法意识到，如何将它应用到我的项目中。如果有经验丰富的人可以帮助我，我会非常感激。

I'm trying to learn, how spring security works, so I've downloaded some sample project and then I tried to implement that solution to my project. But when I try to login, I get 404 error and in an address bar I have http://localhost:8080/fit/j_spring_security_check. I tried to look at similar questions here, but I wasn't able to realize, how to apply it to my project. I'd be really thankful, if somebody, who is more experienced, could help me.

我的应用程序结构如下所示：

My app structure looks like this:

applicationContext.xml：

applicationContext.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<context:annotation-config/>

<context:component-scan base-package="cz.cvut.fit"/>

<import resource="classpath:applicationContext-security.xml"/>

</beans>

applicationContext-web.xml：

applicationContext-web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<context:annotation-config/>

<context:component-scan base-package="cz.cvut.fit" />

<mvc:annotation-driven />

<security:global-method-security jsr250-annotations="enabled"
                                 proxy-target-class="true"/>
</beans>

applicationContext-security.xml：

applicationContext-security.xml:

<beans xmlns:security="http://www.springframework.org/schema/security"
   xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
             http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
             http://www.springframework.org/schema/security
             http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http pattern="/css/**" security="none"/>
<security:http pattern="/views/login.jsp*" security="none"/>
<security:http pattern="/views/denied.jsp" security="none"/>

<security:http auto-config="true" access-denied-page="/denied.jsp" servlet-api-provision="false">
    <security:intercept-url pattern="/views/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/views/edit/**" access="ROLE_EDIT"/>
    <security:intercept-url pattern="/views/admin/**" access="ROLE_ADMIN"/>
    <security:intercept-url pattern="/**" access="ROLE_USER"/>
    <security:form-login login-page="/views/login.jsp" authentication-failure-url="/denied.jsp"
                         default-target-url="/home.jsp"/>
    <security:logout/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
            <security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
            <security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

</beans>

推荐答案

您正在尝试根据uri验证uri网页的当前上下文路径。 JSTL标记库可用于确保您可以根据应用程序的上下文轻松生成正确的URL。如果要快速实现，可以使用标记库来完成此操作。为此，您可以将jstl标记库添加到jsp的顶部：

You are trying to validate to a uri based on the current context path of the web page. the JSTL tag lib can be used to ensure you easily generate the correct urls based on the context of the application. You can do this by using a tag library if you want to get it implemented quickly. To do this you can add the jstl tag library to the top of the jsp:

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

然后您可以使用以下内容发布到登录servlet。

Then you can use the following to post to the login servlet.

<form action="<c:url value="/j_spring_security_check"></c:url>" method="post" role="form">

这可确保您始终发布到< your_application_context> / j_spring_security_check。

This ensures you alway post to <your_application_context>/j_spring_security_check.

jstl的参考：
http ：//docs.oracle.com/javaee/5/jstl/1.1/docs/tlddocs/c/url.html

这篇关于Spring 3安全性j_spring_security_check的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！