一、环境:
spring-security 4.0
spring 4.1
二、问题描述:
今天在配置springsecurity时,无论登录密码是否正确均跳转至登录首页,原始配置如下
<http auto-config="true">
<intercept-url pattern="/" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/home.do"
access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin**"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/dba**"
access="hasRole('ROLE_ADMIN') and hasRole('ROLE_DBA')" />
<form-login login-page="/login.do"
username-parameter="ssoId" password-parameter="password"
authentication-success-handler-ref="customSuccessHandler"
authentication-failure-url="/login.do" />
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="yiibai" password="123456" authorities="ROLE_USER" />
<user name="admin" password="123456" authorities="ROLE_ADMIN" />
<user name="dba" password="123456"
authorities="ROLE_ADMIN,ROLE_DBA" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="customSuccessHandler"
class="com.pegatroncorp.springsecurity.configuration.CustomSuccessHandler" />
而且在上述配置中,也无法进入我配置的customSuccessHandler的实体中,后经过排查,发现springsecurity确实运行并进行了拦截,但是无论密码是否正确,其依然只会跳回login.jsp,而且不进入我配置的customSuccessHandler中。
最终发现是缺少了login-processing-url="/login.do",加上这句就可以了
以下为正确的配置xml
<http auto-config="true">
<intercept-url pattern="/" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/home.do"
access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin**"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/dba**"
access="hasRole('ROLE_ADMIN') and hasRole('ROLE_DBA')" />
<!-- 在form-login中添加login-processing-url="/login.do" -->
<form-login login-page="/login.do"
login-processing-url="/login.do"
username-parameter="ssoId" password-parameter="password"
authentication-success-handler-ref="customSuccessHandler"
authentication-failure-url="/login.do" />
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="yiibai" password="123456" authorities="ROLE_USER" />
<user name="admin" password="123456" authorities="ROLE_ADMIN" />
<user name="dba" password="123456"
authorities="ROLE_ADMIN,ROLE_DBA" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="customSuccessHandler"
class="com.pegatroncorp.springsecurity.configuration.CustomSuccessHandler" />