在http元素中使用特定的网址格式时，不会调用j_spring_security_check [英] j_spring_security_check not invoke when use specific url pattern in http element

问题描述

我正在尝试使用Spring Security实现两个安全领域.我正在使用Spring Security 3.1.4 RELEASE和Spring 3.2.0 RELEASE.在我的Web应用程序中，有两个用户，他们应该分别进行身份验证.因此，我尝试使用多个 http 元素来过滤网址格式并重定向到相应的登录页面.

I'm trying to implement two security realms using spring security. I am using Spring security 3.1.4 RELEASE and Spring 3.2.0 RELEASE. In my web application there are two users and they should be authenticate separately. Therefore I tried to use multiple http elements to filter url pattern and redirect to corresponding login page.

这是我的Spring-security.xml.

Here is my Spring-security.xml.

<beans:beans xmlns="http://www.springframework.org/schema/beans"
         xmlns:security="http://www.springframework.org/schema/security"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd" xmlns:beans="http://www.springframework.org/schema/beans">

 <security:http pattern="/admin/**" auto-config="true" use-expressions="true">
    <security:form-login login-page="/admin/login" default-target-url="/admin/dashboard"
                         authentication-failure-url="/admin/loginfailed"/>
    <security:logout logout-success-url="/admin/logout"/>

    <security:intercept-url pattern="/admin/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/admin/login" access="permitAll"/>

    <security:intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')"/>

 </security:http>

 <security:http pattern="/customer/**" auto-config="true" use-expressions="true">
    <security:form-login login-page="/customer/login" default-target-url="/customer/reports"
                         authentication-failure-url="/customer/loginfailed"/>
    <security:logout logout-success-url="/customer/logout"/>
    <security:intercept-url pattern="/customer/j_spring_security_check" access="permitAll"/>
    <security:intercept-url pattern="/customer/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/customer/login" access="permitAll"/>

    <security:intercept-url pattern="/customer/*" access="hasRole('ROLE_ADMIN')"/>

</security:http>


<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
    <beans:property name="jndiName">
        <beans:value>java:/myDS</beans:value>
    </beans:property>
</beans:bean>

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource"
                                    users-by-username-query="SELECT login_name AS username, password, 1 AS enabled
                                        FROM tbl_user WHERE login_name=?"
                                    authorities-by-username-query="SELECT login_name , CASE role_id WHEN 2 THEN 'ROLE_USER' WHEN 1 THEN 'ROLE_ADMIN'ELSE '' END AS authority
            FROM tbl_user WHERE login_name=?"

                />
    </security:authentication-provider>
</security:authentication-manager>

</beans:beans>

这是我的web.xml

Here is my web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

这是我的login.jsp

Here is my login.jsp

enter code here
<c:url value="/j_spring_security_check" var="url" />
<form c role="form" action="${url}" method='POST'>
       <div>
           <label>Email</label>

            <div >
               <input type="email"  name="j_username" id="inputEmail3"
                               placeholder="Email">
            </div>
        </div>
        <div >
            <labe>Password</label>

             <div>
                  <input type="password"  name="j_password" id="inputPassword3"
                               placeholder="Password">
             </div>
         </div>

          <div class="form-group">
              <div>
                  <button type="submit">Sign in</button>
              </div>
          </div>
</form>

当我删除http元素中的url模式时，它是完美的作品.实际上，我无法同时删除这两种网址格式.我尝试通过删除"/customer/**"来进行客户登录.但是，如果存在网址格式，则会发生j_spring_security_check 404错误消息.

When I remove the url patterns in the http elements, it's perfectly works. Actually I can't remove both url patterns. I tried by removing "/customer/**" and it works for customer login. But when url pattern is present, j_spring_security_check 404 not fount error occurred.

根据spring安全文档，我们可以添加具有不同url模式的多个http元素.

According to the spring security documentation, we can add multiple http elements with different url patterns.

请帮助我找到解决方案.

Please help me to find a solution for this.

推荐答案

您可以根据需要添加任意多个http元素，但是还必须相应地更改登录URL.当前，您尚未进行任何更改，将默认的/j_spring_security_check保留在原位.而您想要/admin/j_spring_security_check和/customer/j_spring_security_check.

You can add as many http elements as you want, BUT you will also have to change the login-url accordingly. Currently you haven't changed anything leaving the default /j_spring_security_check in place. Whereas you want a /admin/j_spring_security_check and /customer/j_spring_security_check.

要启用此功能，您将需要在<form-login />元素上配置login-processing-url，就像您指定了login-page属性一样.对每个http元素执行此操作.

To enable this you will need to configure the login-processing-url on the <form-login /> element, just like you specified the login-page attributes. Do this for each http element.

<security:form-login login-page="/admin/login" login-processing-url="/admin/j_spring_security_check" default-target-url="/admin/dashboard" authentication-failure-url="/admin/loginfailed" />

这篇关于在http元素中使用特定的网址格式时，不会调用j_spring_security_check的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！