1. дома
  2. Вопрос и ответ
  3. Всегда переадресовывается в/login

Всегда переадресовывается в/login

2015-08-01 20 views
0

Я создал пользовательскую страницу входа для входа в систему, изучая весеннюю безопасность. Проблема в том, что даже после ввода правильного имени пользователя и пароля я перенаправляюсь в/app/login. Ниже перечислены те файлы-контентаВсегда переадресовывается в/login

весна-security.xml

<security:http auto-config="true" use-expressions="true"> 
<security:intercept-url pattern="/app/login" access="permitAll" /> 
<security:intercept-url pattern="/app/**" access="hasRole('ROLE_USER')" /> 
<security:form-login login-page="/app/login" default-target-url="/app/base/" authentication-failure-url="/app/login" /> 
<security:logout logout-success-url="/app/logout" /> 
</security:http> 
<security:authentication-manager> 
<security:authentication-provider> 
    <security:user-service> 
    <security:user name="pallav" password="jha" authorities="ROLE_USER" /> 
    </security:user-service> 
</security:authentication-provider> 
</security:authentication-manager>

Console

Варианты баночек пружинными безопасности является 4.0.2. Исключение здесь

23:42:06.705 [qtp1879081419-27] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point 
org.springframework.security.access.AccessDeniedException: Access is denied 
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) ~[spring-security-core-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) ~[spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] 
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE] 
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE] 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1486) [jetty-servlet-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:503) [jetty-servlet-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:138) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:564) [jetty-security-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1096) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:432) [jetty-servlet-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1030) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:201) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.Server.handle(Server.java:445) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:268) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358) [jetty-io-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601) [jetty-util-9.0.5.v20130815.jar:9.0.5.v20130815] 
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532) [jetty-util-9.0.5.v20130815.jar:9.0.5.v20130815] 
at java.lang.Thread.run(Thread.java:744) [na:1.7.0_45]AnonymousAuthenticationFilter 
23:42:06.716 [qtp1879081419-27] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'POST /app/j_spring_security_check/' doesn't match 'GET /** 
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.w.s.HttpSessionRequestCache - Request not saved as configured RequestMatcher did not match 
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point. 
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/event-webapp/app/login' 
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
23:42:06.718 [qtp1879081419-27] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 
23:42:06.726 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
23:42:06.727 [qtp1879081419-28] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
23:42:06.727 [qtp1879081419-28] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.eclipse.jetty.server.session.HashedSession:1p266gxxvnmafr[email protected] A new one will be created. 
23:42:06.727 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
23:42:06.727 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
23:42:06.727 [qtp1879081419-28] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]6f152daa 
23:42:06.728 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter' 
23:42:06.728 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'

источник

2015-08-01 Obi Wan - PallavJha

+0

используемая по умолчанию, целевой URL = «/ приложение/база /» должна быть по умолчанию, целевой URL = «/ приложение/база». однако проверка подлинности также может быть неудачной, что может быть причиной того, что страница остается в/login, должна сообщить вам в выводе консоли/журнала, если проверка подлинности не удалась? – smoggers

+0

Нет, аутентификация не терпит неудачу. Я также изменил URL-адрес для целевого URL-адреса по умолчанию, но такая же проблема появляется –

+0

, но если это помогает, так это то, как я устанавливаю настройку разрешения URL-адреса (1), мой файл security.xml выглядит следующим образом: (2) У меня есть отображение, представленное в моем контроллере.java вот так: \t @RequestMapping ("/ customloginform") \t public String showLoginPage() { \t \t return "customloginform"; \t} – smoggers

ответ

0

Исключение было связано форма входа, присутствующего в моем проекте. Как я использую пружинную безопасность-4, имена для пользователя, пароля поля ввода ожидаемого является «именем пользователя» и «пароля», в то время как я использовал «j_username» и «j_password».

Кроме того, действие формы входа должно быть context-path + "/ login".

Ниже Войти форма:

<form class="form-horizontal" 
    action='<c:url value='/login' />' method='POST'> 
    <input type="hidden" name="${_csrf.parameterName}" 
     value="${_csrf.token}" /> 
    <fieldset> 

     <div class="form-group"> 
      <label class="col-md-4 control-label" for="textinput">Username</label> 
      <div class="col-md-4"> 
       <input id="textinput" name="username" type="text" 
        class="form-control input-md"> 
      </div> 
     </div> 

     <div class="form-group"> 
      <label class="col-md-4 control-label" for="passwordinput">Password</label> 
      <div class="col-md-4"> 
       <input id="passwordinput" name="password" type="password" 
        class="form-control input-md"> 
      </div> 
     </div> 

     <div class="form-group"> 
      <div class="col-md-offset-7 col-md-3"> 
       <input id="button1" type="submit" value="LogIn" 
        class="btn btn-success" /> 
      </div> 
     </div> 

    </fieldset> 
</form>

источник

2015-08-06 11:09:49

Смежные вопросы

 Смежные вопросы