spring security 3,做数据库验证,启动没有问题,但每次点登录按钮的时候,不论输入正确或错误的用户名密码,都直接跳到错误页面,debug跟踪后发现,在InvocationSecurityMetadataSourceService中的getAttributes(Object object)方法传入的object的url值就是验证失败页面的url,感觉就是没有权限,被拦截了,请教各位,我的配置有什么问题吗?下面是代码
login.jsp
[code="jsp"]
用户名 | |
密码 |
[/code]
security.xml
[code="xml"]
<!-- pattern="/**" access="ROLE_USER" /> -->
authentication-failure-url="/jsp/error.jsp" default-target-url="/jsp/index.jsp" />
error-if-maximum-exceeded="true" />
<custom-filter ref="pawnFilter" before="FILTER_SECURITY_INTERCEPTOR" />
</http>
<beans:bean id="pawnFilter"
class="com.sywzsh.security.PawnFilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="pawnAccessDecisionManagerService" />
<beans:property name="securityMetadataSource" ref="pawnSecurityDataSourceService" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService">
</authentication-provider>
</authentication-manager>
<!-- 查询用户信息 -->
<beans:bean id="userDetailsService" class="com.sywzsh.security.PawnUsersDetailsService" />
<!-- 决策访问器,判断是否有权限访问某个资源 -->
<beans:bean id="pawnAccessDecisionManagerService"
class="com.sywzsh.security.PawnAccessDecisionManagerService" />
<!-- 资源数据定义,资源与角色相关联,一个资源可被哪些角色访问 -->
<beans:bean id="pawnSecurityDataSourceService" init-method="loadResourceDefine"
class="com.sywzsh.security.PawnInvocationSecurityMetadataSourceService">
</beans:bean>
[/code]
过滤器等代码与网上教程一致,如http://andy-ghg.iteye.com/blog/1081622 ,http://blog.csdn.net/remote_roamer/archive/2010/07/05/5713777.aspx 代码大同小异,不知道有哪位兄台遇到过这种情况。