为什么我的自定义登录页面没有显示Spring Security 4？ [英] Why doesn't my custom login page show with Spring Security 4?

问题描述

我可以使用Spring Security 3.2.4的自定义登录页面，但在使用4.0.0迁移下面的代码后，我看到了一个通用的登录表单而不是我的自定义登录页面：

I am able to use a custom login page with Spring Security 3.2.4, but after migrating with the code below using 4.0.0, I see a generic login form instead of my custom one:

  <beans:bean id="authSuccessHandler" class="com.company.web.RoleBasedAuthenticationSuccessHandler" />

  <http disable-url-rewriting="false" use-expressions="true">
    <form-login login-page="/login"
        username-parameter="j_username"
        password-parameter="j_password"
        login-processing-url="/j_spring_security_check"
        authentication-failure-url="/login?login_error=true"
        authentication-success-handler-ref="authSuccessHandler"/>
    <!-- SOME INTERCEPT-URLs (redacted) -->
    <intercept-url pattern="/login" access="permitAll"/>
    <remember-me 
         remember-me-parameter="_spring_security_remember_me"
         remember-me-cookie="SPRING_SECURITY_REMEMBER_ME_COOKIE"/>
    <logout 
         logout-url="/j_spring_security_logout" 
         logout-success-url="/index" />
  </http>

我还尝试在各种Spring类上启用调试日志记录。我在我的自定义authSuccessHandler上设置它，但我没有看到它的任何输出。在SO或Google上搜索也没有运气。

I also tried enabling debug logging on the various Spring classes. I set it on my custom authSuccessHandler, but I don't see any output from it. No luck with searching on SO or Google either.

这个配置有什么不兼容的吗？

Is there anything incompatible about this configuration?

更新：

我也使用Apache Tiles：

I'm also using Apache Tiles as so:

  <definition name="login" extends="scrollableLayout">
    <put-attribute name="header" value="/WEB-INF/jsp/heading_blue.jsp"/>
    <put-attribute name="body" value="/WEB-INF/jsp/login.jsp"/>
  </definition>

使用以下内容：

  <mvc:view-controller path="/login" />  

推荐答案

Spring Security 3.x使用 spring_security_login 作为默认登录URL（ source ：官方文档）。这可以设置为自定义值< security：form-login login-page =/ login> 并映射到控制器以呈现自定义页面。

Spring Security 3.x used spring_security_login as the default login URL (source: official documentation). This could be set to a custom value as <security:form-login login-page="/login"> and mapped to a controller to render a custom page.

Spring Security 4.x已放弃 spring_security_login 并切换到登录作为默认登录URL（ source ：官方Spring Security 4.x迁移指南）。因此，URL login 现在转到默认的Spring Security基础结构，该基础结构显示默认的自动生成的登录页面。

Spring Security 4.x has abandoned spring_security_login and switched to login as the default login URL (source: official Spring Security 4.x migration guide). Therefore, the URL login now goes to the default Spring Security infrastructure, that displays the default, auto-generated login page.

如果您使用JSP作为视图渲染技术，那么补救措施很简单。只需将登录页面重命名为 login.jsp ，将其放在页面层次结构的根文件夹中，Spring Security将自动将其提取。如果您不使用JSP，则必须使用不同的登录页面值（可能 signin 而不是登录，然后也改变你的控制器映射。

The remedy is simple if you are using JSP as the view rendering technology. Simply rename your login page to login.jsp, drop it in the root folder of the page hierarchy and Spring Security will pick it up automatically. If you are not using JSP, you will have to use a different login-page value (perhaps signin instead of login and then change your controller mapping as well.

请注意，默认的注销URL在4.x中也发生了变化。如果您有为注销URL编写的任何自定义逻辑，请务必同时查看。

Note that the default logout URL has also changed in 4.x. If you have any custom logic written for the logout URL, do make sure to review that as well.

请查看官方迁移指南，因为很多内容已经发生变化在4.x。

Do review the official migration guide as a lot of things have changed in 4.x.

这篇关于为什么我的自定义登录页面没有显示Spring Security 4？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！