spring mvc 5 j_spring_安全检查404页面错误

p5fdfcr1  于 2021-10-10  发布在  Java
关注(0)|答案(1)|浏览(270)

web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0"> 
<display-name>StanWeb</display-name>
<description>StanWeb</description>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping> 

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml, /WEB-INF/spring-security.xml</param-value> 
</context-param>

<servlet>
<servlet-name>MiscChallen</servlet-name>
<servlet-class>com.StanWeb.rpt.MiscChallen</servlet-class>
</servlet>

<servlet>
<servlet-name>AgingRpt</servlet-name>
<servlet-class>com.StanWeb.rpt.AgingRpt</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>SOAccounts</servlet-name> 
<url-pattern>/SOAccounts</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>AlertsView</servlet-name>
<url-pattern>/AlertsView</url-pattern>
</servlet-mapping>

<error-page>
<error-code>404</error-code>
<location>/pages/commonerror.jsp</location>
</error-page>

<error-page>
<error-code>403</error-code>
<location>/pages/commonerror.jsp</location>
</error-page>

<error-page>
<exception-type>java.lang.Exception</exception-type> 
<location>/pages/commonerror.jsp</location>
</error-page>

<listener>
<listener-class>com.StanWeb.filter.CustomHttpSessionListener</listener-class> 
</listener>

<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

<listener>
<listener-class>com.StanWeb.web.CleanUpSessionListener</listener-class>
</listener>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name> 
<url-pattern>/</url-pattern>
</filter-mapping>

<session-config>
<session-timeout>30</session-timeout>
</session-config>

<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

</web-app>

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security.xsd">

<http pattern="/resource/**" security="none" />
<http entry-point-ref="loginUrlAuthenticationEntryPoint" use-expressions="true"> 
<intercept-url pattern="/web/**" access="permitAll" />
<intercept-url pattern="/j_spring security_check" access="isAnonymous()" /> 
<intercept-url pattern="/web/j_spring security_check" access="isAnonymous()" /> 
<intercept-url pattern="/**" access="hasAnyRole('USER_ADMINISTRATION', 'IT_SUPPORT')" />
<logout success-handler-ref="CustomLogoutHandler" invalidate-session="true" delete-cookies="JSESSIONID" />
<access-denied-handler error-page="/web/Index.html" /> 

<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> 
<custom-filter position="FORM_LOGIN_FILTER" ref="AuthFilter"/> 
<custom-filter position="LAST" ref="appFilter" />
<session-management session-authentication strategy-ref="sas" invalid-session-url="/web/SessionExpired.html" /> 
</http>

    <authentication-manager alias="authenticationManager"> 
    <authentication-provider ref="CustomAuthenticationProvider"/>
    </authentication-manager>

    <beans:bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>
    <beans:bean id="CustomLogoutHandler" class="com.StanWeb.auth.CustomLogoutHandler"/>
    <beans:bean id="CustomAuthenticationProvider" class="com.StanWeb.auth.CustomAuthenticationProvider"/>
    <beans:bean id="customAuthenticationSuccessHandler" class="com.StanWeb.auth.CustomAuthenticationSuccessHandler"/> 
    <beans:bean id="appFilter" class="com.StanWeb.ui.filter.ApplicationFilter"/>
    <beans:bean id="customAuthenticationFailureHandler" class="com.StanWeb.auth.CustomAuthenticationFailureHandler"/>

    <beans:bean id="redirectSessionInformationExpiredStrategy" class="org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy">
       <beans:constructor-arg name="invalidSessionUrl" value="/web/Index.html" />
    </beans:bean>

    <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 
    <beans:constructor-arg name="sessionInformationExpiredStrategy" ref="redirectSessionInformationExpiredStrategy" />
    </beans:bean>

    <beans:bean id="AuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="sessionAuthenticationStrategy" ref="sas" /> 
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="authenticationFailureHandler" ref="customAuthenticationFailureHandler"/> 
    <beans:property name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler"/>
    <beans:property name="usernameParameter" value="username"/>
    <beans:property name="passwordParameter" value="password"/>
    </beans:bean>

<beans:bean id="sas" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<beans:constructor-arg>
    <beans:list>

        <beans:bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
        <beans:constructor-arg ref="sessionRegistry"/>
        <beans:property name="maximumSessions" value="1" /> 
        <beans:property name="exceptionIfMaximumExceeded" value="false" />
        </beans:bean> 

        <beans:bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"> 
        </beans:bean>

        <beans:bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
        <beans:constructor-arg ref="sessionRegistry"/>
        </beans:beans>
    </beans:list>
</beans:constructor-arg>
</beans:beans>

    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

    <beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
    <beans:constructor-arg name="loginFormUrl" value="/web/Index.html" />
    </beans:bean>
</beans:beans>

dispatcher-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:p="http://www.springframework.org/schema/p" 
xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop" 
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang" xmlns:tx="http://www.springframework.org/schema/tx" 
xmlns:util="http://www.springframework.org/schema/util" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" 
xmlns:task="http://www.springframework.org/schema/task" xmlns:cache="http://www.springframework.org/schema/cache" xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jee 
http://www.springframework.org/schema/jee/spring-jee.xsd http://www.springframework.org/schema/lang 
http://www.springframework.org/schema/lang/spring-lang.xsd http://www.springframework.org/schema/tx 
http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/task 
http://www.springframework.org/schema/task/spring-task.xsd http://www.springframework.org/schema/cache 
http://www.springframework.org/schema/cache/spring-cache.xsd">

<mvc: annotation-driven /> 

<context: annotation-config /> 
<context:component-scan base-package="com.StanWeb.ui" />
<context:component-scan base-package="com.StanWeb.auth" />
<context:component-scan base-package="com.StanWeb.utils" />

<cache:annotation-driven key-generator="enhancedDefaultKeyGenerator" />
<beans:bean id="enhanced DefaultKeyGenerator" class="com.StanWeb.cache.interceptor.EnhancedDefaultKeyGenerator" />
<beans:bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager" p:cacheManager-ref="ehcache" />
<beans:bean id="ehcache" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" p:configLocation="classpath:ehcache.xml" p:shared="true" />

<beans:bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" /> 
<property name="prefix" value="/pages/" />
<property name="suffix" value=".jsp" /> 
</beans:bean>

<resources mapping="/resource/***location="/resources/" />

<!-- Database connection --> 
<beans:bean id="StanWebjdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate"> 
<property name="dataSource" ref="dataSource" />
</beans:bean>

<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> 
<property name="jndiName">
<value>jdbc/webds</value>
</property>
</beans:bean>

<beans:bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager" scope="singleton"> 
<property name="dataSource" ref="dataSource" />
</beans:bean>

<tx:annotation-driven transaction-manager="transactionManager" />

<beans:bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> 
<property name="maxUploadSize" value="100000000" />
</beans:bean>

<task:executor id="Executor" pool-size="1" /> 
<task:scheduler id="Scheduler" pool-size="1" /> 
<task:annotation-driven executor="Executor" scheduler="Scheduler" />
</beans>

spring-security.xml(用于测试)

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security.xsd">

<http entry-point-ref-"loginUrlAuthenticationEntryPoint" use-expressions="true">
<intercept-url pattern="/login access="isAnonymous() />
<Intercept-url pattern="/**access="isAuthenticated()" />

    <form-login 
    login-page="/login"
    login-processing-url="/login" 
    default-target-url="/homepage.jsp"
    authentication-failure-url="/Index?error"
    username-parameter="username"
    password-parameter="password"/>
    <logout logout-success-url="/Index.html?logout" />

    <csrf disabled="true" />
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider>
        <user-service>
            <user name="user" password="password" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

<beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthentication">
<beans:constructor-arg name="loginFormUrl" value="/web/Index.html" />
</beans:bean>

我已将我的应用程序从spring mvc 3升级到5,并使用tomcat版本9。在提供凭据后,该页面被卡在j_spring_security_check上。即使在不正确的凭证中,页面仍停留在j_spring_安全检查处。例子http://localhost:8080/stanweb/j_spring_security_check. 我注意到开发工具中的404状态。在控制台日志中未找到错误。请帮忙。

2w3kk1z5

2w3kk1z51#

在spring 4中,路径/j_spring_security_check已更改为/login,并在usernamepasswordauthenticationfilter中处理
你可以在这里找到它的来源:https://github.com/spring-projects/spring-security/blob/master/web/src/main/java/org/springframework/security/web/authentication/usernamepasswordauthenticationfilter.java

相关问题