Я создал пользовательскую страницу входа для входа в систему, изучая весеннюю безопасность. Проблема в том, что даже после ввода правильного имени пользователя и пароля я перенаправляюсь в/app/login. Ниже перечислены те файлы-контентаВсегда переадресовывается в/login
весна-security.xml
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/app/login" access="permitAll" />
<security:intercept-url pattern="/app/**" access="hasRole('ROLE_USER')" />
<security:form-login login-page="/app/login" default-target-url="/app/base/" authentication-failure-url="/app/login" />
<security:logout logout-success-url="/app/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="pallav" password="jha" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
Варианты баночек пружинными безопасности является 4.0.2. Исключение здесь
23:42:06.705 [qtp1879081419-27] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) ~[spring-security-core-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) ~[spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) [spring-security-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) [spring-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1486) [jetty-servlet-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:503) [jetty-servlet-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:138) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:564) [jetty-security-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1096) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:432) [jetty-servlet-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1030) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:201) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.Server.handle(Server.java:445) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:268) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229) [jetty-server-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358) [jetty-io-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601) [jetty-util-9.0.5.v20130815.jar:9.0.5.v20130815]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532) [jetty-util-9.0.5.v20130815.jar:9.0.5.v20130815]
at java.lang.Thread.run(Thread.java:744) [na:1.7.0_45]AnonymousAuthenticationFilter
23:42:06.716 [qtp1879081419-27] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'POST /app/j_spring_security_check/' doesn't match 'GET /**
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.w.s.HttpSessionRequestCache - Request not saved as configured RequestMatcher did not match
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/event-webapp/app/login'
23:42:06.717 [qtp1879081419-27] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
23:42:06.718 [qtp1879081419-27] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
23:42:06.726 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
23:42:06.727 [qtp1879081419-28] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
23:42:06.727 [qtp1879081419-28] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.eclipse.jetty.server.session.HashedSession:1p266gxxvnmafr[email protected] A new one will be created.
23:42:06.727 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
23:42:06.727 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
23:42:06.727 [qtp1879081419-28] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]6f152daa
23:42:06.728 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
23:42:06.728 [qtp1879081419-28] DEBUG o.s.security.web.FilterChainProxy - /app/login at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
используемая по умолчанию, целевой URL = «/ приложение/база /» должна быть по умолчанию, целевой URL = «/ приложение/база». однако проверка подлинности также может быть неудачной, что может быть причиной того, что страница остается в/login, должна сообщить вам в выводе консоли/журнала, если проверка подлинности не удалась? – smoggers
Нет, аутентификация не терпит неудачу. Я также изменил URL-адрес для целевого URL-адреса по умолчанию, но такая же проблема появляется –
, но если это помогает, так это то, как я устанавливаю настройку разрешения URL-адреса (1), мой файл security.xml выглядит следующим образом: (2) У меня есть отображение, представленное в моем контроллере.java вот так: \t @RequestMapping ("/ customloginform") \t public String showLoginPage() { \t \t return "customloginform"; \t} –
smoggers