在http元素中使用特定的网址格式时,不会调用j_spring_security_check [英] j_spring_security_check not invoke when use specific url pattern in http element
问题描述
我正在尝试使用Spring Security实现两个安全领域.我正在使用Spring Security 3.1.4 RELEASE和Spring 3.2.0 RELEASE.在我的Web应用程序中,有两个用户,他们应该分别进行身份验证.因此,我尝试使用多个 http 元素来过滤网址格式并重定向到相应的登录页面.
I'm trying to implement two security realms using spring security. I am using Spring security 3.1.4 RELEASE and Spring 3.2.0 RELEASE. In my web application there are two users and they should be authenticate separately. Therefore I tried to use multiple http elements to filter url pattern and redirect to corresponding login page.
这是我的Spring-security.xml.
Here is my Spring-security.xml.
<beans:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd" xmlns:beans="http://www.springframework.org/schema/beans">
<security:http pattern="/admin/**" auto-config="true" use-expressions="true">
<security:form-login login-page="/admin/login" default-target-url="/admin/dashboard"
authentication-failure-url="/admin/loginfailed"/>
<security:logout logout-success-url="/admin/logout"/>
<security:intercept-url pattern="/admin/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/admin/login" access="permitAll"/>
<security:intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')"/>
</security:http>
<security:http pattern="/customer/**" auto-config="true" use-expressions="true">
<security:form-login login-page="/customer/login" default-target-url="/customer/reports"
authentication-failure-url="/customer/loginfailed"/>
<security:logout logout-success-url="/customer/logout"/>
<security:intercept-url pattern="/customer/j_spring_security_check" access="permitAll"/>
<security:intercept-url pattern="/customer/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/customer/login" access="permitAll"/>
<security:intercept-url pattern="/customer/*" access="hasRole('ROLE_ADMIN')"/>
</security:http>
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<beans:property name="jndiName">
<beans:value>java:/myDS</beans:value>
</beans:property>
</beans:bean>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT login_name AS username, password, 1 AS enabled
FROM tbl_user WHERE login_name=?"
authorities-by-username-query="SELECT login_name , CASE role_id WHEN 2 THEN 'ROLE_USER' WHEN 1 THEN 'ROLE_ADMIN'ELSE '' END AS authority
FROM tbl_user WHERE login_name=?"
/>
</security:authentication-provider>
</security:authentication-manager>
</beans:beans>
这是我的web.xml
Here is my web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是我的login.jsp
Here is my login.jsp
enter code here
<c:url value="/j_spring_security_check" var="url" />
<form c role="form" action="${url}" method='POST'>
<div>
<label>Email</label>
<div >
<input type="email" name="j_username" id="inputEmail3"
placeholder="Email">
</div>
</div>
<div >
<labe>Password</label>
<div>
<input type="password" name="j_password" id="inputPassword3"
placeholder="Password">
</div>
</div>
<div class="form-group">
<div>
<button type="submit">Sign in</button>
</div>
</div>
</form>
当我删除http元素中的url模式时,它是完美的作品.实际上,我无法同时删除这两种网址格式.我尝试通过删除"/customer/**"来进行客户登录.但是,如果存在网址格式,则会发生j_spring_security_check 404错误消息.
When I remove the url patterns in the http elements, it's perfectly works. Actually I can't remove both url patterns. I tried by removing "/customer/**" and it works for customer login. But when url pattern is present, j_spring_security_check 404 not fount error occurred.
根据spring安全文档,我们可以添加具有不同url模式的多个http元素.
According to the spring security documentation, we can add multiple http elements with different url patterns.
请帮助我找到解决方案.
Please help me to find a solution for this.
推荐答案
您可以根据需要添加任意多个http元素,但是还必须相应地更改登录URL.当前,您尚未进行任何更改,将默认的/j_spring_security_check
保留在原位.而您想要/admin/j_spring_security_check
和/customer/j_spring_security_check
.
You can add as many http elements as you want, BUT you will also have to change the login-url accordingly. Currently you haven't changed anything leaving the default /j_spring_security_check
in place. Whereas you want a /admin/j_spring_security_check
and /customer/j_spring_security_check
.
要启用此功能,您将需要在<form-login />
元素上配置login-processing-url
,就像您指定了login-page
属性一样.对每个http
元素执行此操作.
To enable this you will need to configure the login-processing-url
on the <form-login />
element, just like you specified the login-page
attributes. Do this for each http
element.
<security:form-login login-page="/admin/login" login-processing-url="/admin/j_spring_security_check" default-target-url="/admin/dashboard" authentication-failure-url="/admin/loginfailed" />
这篇关于在http元素中使用特定的网址格式时,不会调用j_spring_security_check的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!