我正在尝试学习Spring安全性,所以我已经下载了一些示例项目,然后我尝试将该解决方案实现到我的项目中.但是当我尝试提交登录表单时,我总是得到403页面,这是在applicationContext-security中定义的.XML.但我预计无效用户名/密码的'authentication-failure-url'或正确用户名/密码的'default-target-url'而不是'access-denied-handler'/ forbidden(我的403页).如果有经验丰富的人可以帮助我,我会非常感激.应用程序的security.xml
<security:http security="none" pattern="/public/**"/>
<security:http security="none" pattern="/login*"/>
<security:http security="none" pattern="/maxSessionError*"/>
<security:http security="none" pattern="/forbidden*"/>
<security:http use-expressions="true">
<security:intercept-url pattern="/**" access="isAuthenticated()"/>
<security:form-login login-page="/login"
default-target-url="/home"
authentication-failure-url="/login"
authentication-success-handler-ref="loginSuccessHandler"
/>
<security:logout invalidate-session="true" delete-cookies="true" success-handler-ref="logoutSuccessHandler" />
<security:access-denied-handler error-page="/forbidden"/>
<security:session-management session-fixation-protection="newSession" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/maxSessionError" />
</security:session-management>
<security:custom-filter ref="xunxiSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
</security:http>
login.jsp的
<form action="<%=request.getContextPath()%>/j_spring_security_check" method="post" class="login-form" id="login-form" >
<label>Username</label>
<input type="text" placeholder="username" name="j_username"/>
<label>Password</label>
<input type="password" placeholder="password" name="j_password"/>
<label>
<input type="checkbox" name="_spring_security_remember_me" /> Remember me </label>
<button type="submit" >
Login
</button>
</div>
</form>
| 归档时间: |
|
| 查看次数: |
2635 次 |
| 最近记录: |