Authentication request to /j_spring_security_check

2019-08-12 16:16发布

问题:

With the security configuration below, making a post request to /j_spring_security_check throws a 404 error. Could someone help me point out what I'm doing wrong?

security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <!-- Areas of the application which require no secuirty to visit -->

    <security:http security="none" pattern="/login/**" />
    <security:http security="none" pattern="/css/**" />
    <security:http security="none" pattern="/images/**" />
    <security:http security="none" pattern="/handler/**" />

    <security:http>
        <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
        <security:form-login login-page="/login/"
            default-target-url="/login/successful_login.html"
            always-use-default-target="true" />
            <security:csrf disabled="true"/>
        <security:http-basic />
        <security:logout />
    </security:http>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            ref="protrackAuthenticationProvider" />
    </security:authentication-manager>


    <bean id="protrackAuthenticationProvider"
        class="com.example.security.ProtrackAuthenticationProvider">
    </bean>

    <bean id="authenticationFilter"
        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="filterProcessesUrl" value="/j_spring_security_check" />
    </bean>
</beans>

Web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
              http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0" xmlns="http://java.sun.com/xml/ns/javaee">

    <description>ProtrackEntities</description>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        /WEB-INF/ptentities-spring.xml
        /WEB-INF/ptentities-security.xml
        </param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <listener>
        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
    </listener>
    <!-- Servlets -->
    <servlet>
        <servlet-name>exportHandler</servlet-name>
        <servlet-class>com.myersinfosys.protrack.server.handlers.FileExportHandler</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>exportHandler</servlet-name>
        <url-pattern>/exportHandler</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


    <servlet>
        <servlet-name>gwt-rpc</servlet-name>
        <servlet-class>org.spring4gwt.server.SpringGwtRemoteServiceServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>gwt-rpc</servlet-name>
        <url-pattern>/rpc/*</url-pattern>
    </servlet-mapping>

    <!-- Default page to serve -->
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>
</web-app>

Here is the request error:

Remote Address:127.0.0.1:59322 Request URL:http://127.0.0.1:59322/j_spring_security_check Request Method:POST Status Code:404 Not Found

回答1:

It looks like you are using Spring Security version 4.0

I just upgraded from Spring Security 3.2.3 to 4.0.1 and it looks like the default URLs for the login and logout handlers have changed from /j_spring_security_check to /login and /j_spring_security_logout to /logout respectively.

It also looks like the URL you are using is missing the application context component part of the path, which is usually the name of your web application. It should look more like:

http://127.0.0.1:59322/YourWebapp/j_spring_security_check 

or for later Spring Security versions:

http://127.0.0.1:59322/YourWebapp/login