cbinn 2019-07-29 22:09 采纳率: 0%
浏览 1201

spring-security 配置<security:form-login>不起作用

其他的标签配置都有效就这个标签无效导致了一直无法拿到自己设置的自定义username参数,请问这是什么问题
<?xml version="1.0" encoding="UTF-8"?>
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

<security:http security="none" pattern="/css/**" />
<security:http security="none" pattern="/js/**" />
<security:http security="none" pattern="/images/**" />
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/login*" />
<security:http security="none" pattern="/login/sendSms" />
<security:http security="none" pattern="/captchaServlet"/>
<security:http security="none" pattern="/activecode*"/>
<security:http security="none" pattern="/sendEmail*"/>
<security:http security="none" pattern="/register*" />
<security:http security="none" pattern="/check/**" />
<security:http security="none" pattern="/accessDenied"/>
 <security:http security="none" pattern="/page/reply"/>
<security:http security="none" pattern="/page/pages"/>

<security:http auto-config="false" access-decision-manager-ref="accessDecisionManager"
                use-expressions="true" entry-point-ref="loginEntryPoint">
    <security:headers>
        <security:frame-options disabled="true"></security:frame-options>
    </security:headers>
    <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=1"
                         login-processing-url="/login/doLogin" password-parameter="password"
                         default-target-url="/personal/list"
                         username-parameter="email" />

    <security:access-denied-handler ref="accessDeniedHandler" />
   <!-- 禁用csrf-->
    <security:csrf disabled="true"/>
    <security:intercept-url pattern="/" access="permitAll"/>
    <security:intercept-url pattern="/index**" access="permitAll"/>
    <security:intercept-url pattern="/login/sendSms" access="permitAll"/>
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>

    <!-- session失效url session策略-->
    <security:session-management invalid-session-url="/index.jsp"  session-authentication-strategy-ref="sessionStrategy">
    </security:session-management>

    <!-- spring-security提供的过滤器 以及我们自定义的过滤器 authenticationFilter-->
    <security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
    <security:custom-filter before="FORM_LOGIN_FILTER" ref="authenticationFilter"/>
    <security:custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER"/>
</security:http>
<bean id="accessDeniedHandler"
            class="com.dream.sercurity.Account.MyAccessDeniedHandler">
    <property name="errorPage" value="/accessDenied.jsp" />
</bean>

<bean id="loginEntryPoint"
      class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <!-- 用户未登录访问保护资源后弹到默认登录页的url -->
    <constructor-arg value="/login.jsp?error=login"/>
</bean>
<!-- 启用表达式 为了后面的投票器做准备 -->
<bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"
      id="expressionHandler"/>
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter"
      id="expressionVoter">
    <property name="expressionHandler" ref="expressionHandler"/>
</bean>

<!-- 认证管理器,使用自定义的accountService,并对密码采用md5加密 -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider user-service-ref="accountService">
        <security:password-encoder hash="md5">
            <security:salt-source user-property="email"></security:salt-source>
        </security:password-encoder>
    </security:authentication-provider>
</security:authentication-manager>

<bean id="authenticationFilter" class="com.dream.sercurity.Account.AccountAuthenticationFilter">
    <property name="filterProcessesUrl" value="/login/doLogin"></property>
    <property name="authenticationManager" ref="authenticationManager"></property>
    <property name="sessionAuthenticationStrategy" ref="sessionStrategy"></property>
    <property name="authenticationSuccessHandler">
        <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
            <property name="defaultTargetUrl" value="/personal/list"></property>
        </bean>
    </property>
    <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="/login.jsp?error=fail"></property>
        </bean>
    </property>
</bean>

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <!-- 处理退出的虚拟url -->
    <property name="filterProcessesUrl" value="/loginout" />
    <!-- 退出处理成功后的默认显示url -->
    <constructor-arg index="0" value="/login.jsp?logout" />
    <constructor-arg index="1">
        <!-- 退出成功后的handler列表 -->
        <array>
            <bean id="securityContextLogoutHandler"
                  class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
        </array>
    </constructor-arg>
</bean>

<!-- ConcurrentSessionFilter过滤器配置(主要设置账户session过期路径) -->
<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
    <constructor-arg ref="sessionRegistry"></constructor-arg>
    <constructor-arg value="/login?error=expired"></constructor-arg>
</bean>


<bean id="sessionStrategy" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
    <constructor-arg>
        <list>

            <bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
                <property name="maximumSessions" value="1"></property>
                <property name="exceptionIfMaximumExceeded" value="false"></property>
                <constructor-arg ref="sessionRegistry"/>
            </bean>
            <bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"/>
            <bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
                <constructor-arg ref="sessionRegistry"/>
            </bean>
        </list>

    </constructor-arg>
</bean>
<bean id="sessionRegistry" scope="singleton" class="org.springframework.security.core.session.SessionRegistryImpl"></bean>
<bean id="accountService" class="com.dream.sercurity.Account.AccountDetailsService"/>

<!-- An access decision voter that reads ROLE_* configuration settings -->
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
<bean id="authenticatedVoter"
      class="org.springframework.security.access.vote.AuthenticatedVoter"/>

<bean id="accessDecisionManager"
      class="org.springframework.security.access.vote.AffirmativeBased">
    <constructor-arg>
        <list>
            <ref bean="roleVoter"/>
            <ref bean="authenticatedVoter"/>
            <ref bean="expressionVoter"/>
        </list>
    </constructor-arg>
</bean>


  • 写回答

1条回答

  • zqbnqsdsmd 2019-07-30 10:21
    关注
    评论

报告相同问题?

悬赏问题

  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)