当前位置: 动力学知识库 > 问答 > 编程问答 >

java - Spring Security Login issue

问题描述:

I am new to Spring Security and have configured Spring Security in my Spring MVC application.

After submission of login page, I am getting the following error

The requested resource (/j_spring_security_check) is not available.

I am not able to understand this behaviour.

Please help.

spring-security.xml

<security:http auto-config="true" use-expressions="true" access-denied-page="/appln/denied">

<security:intercept-url pattern="/appln/login" access="permitAll" />

<security:intercept-url pattern="/appln/index" access="hasRole('ROLE_ADMIN')" />

<security:intercept-url pattern="/appln/run" access="hasRole('ROLE_ADMIN')" />

<security:intercept-url pattern="/appln/common" access="hasRole('ROLE_USER')" />

<security:form-login login-page="/appln/login"

authentication-failure-url="/appln/login?error=true"

default-target-url="/appln/run"

authentication-success-handler-ref="AuthHandlr" />

<security:logout invalidate-session="true"

logout-success-url="/appln/login"

delete-cookies="JSESSIONID" />

</security:http>

Web.xml

<filter>

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<servlet>

<servlet-name>servlet</servlet-name>

<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

<load-on-startup>1</load-on-startup>

</servlet>

<listener>

<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

</listener>

网友答案:

Solved the issue.

In my loginpage.jsp , the action attribute was defined as

action=../../j_spring_security_check

I was playing with the above and changed it to

action = /j_spring_security_check

and it worked without any issues.

Although the issue is solved , can anybody please elaborate on why did the change in the path work.

网友答案:

The form action can be 'j_spring_security_check' or '/j_spring_security_check'.

This is a default in Spring-Security can not be changed.

Similarly the form fields have to be 'j_username' and 'j_password'

分享给朋友:
您可能感兴趣的文章:
随机阅读: