弄了一个简单的spring security程序但是不好使,也不抱异常,就是登录不上去,总是跳回登录页面。不知道为什么,望高手给看看,谢谢。
spring secutity 配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd">
<!-- authenticationManager -->
<bean id="driverManagerDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost:3306/roadrantz"></property>
<property name="username" value="root"></property>
<property name="password" value=""></property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"></ref>
</list>
</property>
<property name="sessionController" ref="concurrentSessionController"></property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"></property>
</bean>
<bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="driverManagerDataSource"></property>
<property name="usersByUsernameQuery">
<value>
SELECT email as username, password,'true'
FROM Motorist
WHERE email=?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
SELECT email as username, privilege as authority
FROM Motorist_Privileges mp, Motorist m
WHERE mp.motorist_id = m.id
AND m.email=?
</value>
</property>
</bean>
<!-- -->
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<ref bean="roleVote"></ref>
</list>
</property>
</bean>
<bean id="roleVote" class="org.springframework.security.vote.RoleVoter">
</bean>
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=channelProcessingFilter,concurrentSessionFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"></bean>
<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/login"></property>
<property name="defaultTargetUrl" value="/error.jsp?error=1"></property>
<property name="authenticationFailureUrl" value="/index.jsp?error_code=1"></property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="forceHttps" value="false"></property>
<property name="loginFormUrl" value="/index.jsp"></property>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"></property>
<property name="accessDeniedHandler" ref="accessDeniedHandler"></property>
</bean>
<bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/error.jsp"></property>
</bean>
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="accessDecisionManager" ref="accessDecisionManager"></property>
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login=ROLE_connect
/success.jsp=ROLE_connect
</value>
</property>
</bean>
<bean id="channelProcessingFilter" class="org.springframework.security.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"></property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<bean class="org.springframework.security.securechannel.SecureChannelProcessor"></bean>
<bean class="org.springframework.security.securechannel.InsecureChannelProcessor"></bean>
</list>
</property>
</bean>
<bean id="concurrentSessionFilter"
class="org.springframework.security.concurrent.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/home.htm" />
</bean>
<bean id="concurrentSessionController"
class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
<property name="maximumSessions" value="1" />
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.concurrent.SessionRegistryImpl" />
</beans>
登录页面
<form method="POST" action="login">
<b>Username: </b><input type="text" name="j_username" value="as@qq.com"><br>
<b>Password: </b><input type="password" name="j_password" value="zzz"><br>
<input type="submit" value="Login">
</form>
登录的servlet
package partTwo.chapter6.securingSpring;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class Login extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
this.doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
String username=req.getParameter("j_username");
String password=req.getParameter("j_password");
System.out.println(username+password);
req.getRequestDispatcher("/success.jsp").forward(req, resp);
}
}
spring secutity 配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd">
<!-- authenticationManager -->
<bean id="driverManagerDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost:3306/roadrantz"></property>
<property name="username" value="root"></property>
<property name="password" value=""></property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"></ref>
</list>
</property>
<property name="sessionController" ref="concurrentSessionController"></property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"></property>
</bean>
<bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="driverManagerDataSource"></property>
<property name="usersByUsernameQuery">
<value>
SELECT email as username, password,'true'
FROM Motorist
WHERE email=?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
SELECT email as username, privilege as authority
FROM Motorist_Privileges mp, Motorist m
WHERE mp.motorist_id = m.id
AND m.email=?
</value>
</property>
</bean>
<!-- -->
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<ref bean="roleVote"></ref>
</list>
</property>
</bean>
<bean id="roleVote" class="org.springframework.security.vote.RoleVoter">
</bean>
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=channelProcessingFilter,concurrentSessionFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"></bean>
<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/login"></property>
<property name="defaultTargetUrl" value="/error.jsp?error=1"></property>
<property name="authenticationFailureUrl" value="/index.jsp?error_code=1"></property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="forceHttps" value="false"></property>
<property name="loginFormUrl" value="/index.jsp"></property>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"></property>
<property name="accessDeniedHandler" ref="accessDeniedHandler"></property>
</bean>
<bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/error.jsp"></property>
</bean>
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="accessDecisionManager" ref="accessDecisionManager"></property>
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login=ROLE_connect
/success.jsp=ROLE_connect
</value>
</property>
</bean>
<bean id="channelProcessingFilter" class="org.springframework.security.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"></property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<bean class="org.springframework.security.securechannel.SecureChannelProcessor"></bean>
<bean class="org.springframework.security.securechannel.InsecureChannelProcessor"></bean>
</list>
</property>
</bean>
<bean id="concurrentSessionFilter"
class="org.springframework.security.concurrent.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/home.htm" />
</bean>
<bean id="concurrentSessionController"
class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
<property name="maximumSessions" value="1" />
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.concurrent.SessionRegistryImpl" />
</beans>
登录页面
<form method="POST" action="login">
<b>Username: </b><input type="text" name="j_username" value="as@qq.com"><br>
<b>Password: </b><input type="password" name="j_password" value="zzz"><br>
<input type="submit" value="Login">
</form>
登录的servlet
package partTwo.chapter6.securingSpring;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class Login extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
this.doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
String username=req.getParameter("j_username");
String password=req.getParameter("j_password");
System.out.println(username+password);
req.getRequestDispatcher("/success.jsp").forward(req, resp);
}
}
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
