一、環境:
spring-security 4.0
spring 4.1
二、問題描述:
今天在配置springsecurity時,無論登錄密碼是否正確均跳轉至登錄首頁,原始配置如下
<http auto-config="true">
<intercept-url pattern="/" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/home.do"
access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin**"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/dba**"
access="hasRole('ROLE_ADMIN') and hasRole('ROLE_DBA')" />
<form-login login-page="/login.do"
username-parameter="ssoId" password-parameter="password"
authentication-success-handler-ref="customSuccessHandler"
authentication-failure-url="/login.do" />
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="yiibai" password="123456" authorities="ROLE_USER" />
<user name="admin" password="123456" authorities="ROLE_ADMIN" />
<user name="dba" password="123456"
authorities="ROLE_ADMIN,ROLE_DBA" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="customSuccessHandler"
class="com.pegatroncorp.springsecurity.configuration.CustomSuccessHandler" />
而且在上述配置中,也無法進入我配置的customSuccessHandler的實體中,後經過排查,發現springsecurity確實運行並進行了攔截,但是無論密碼是否正確,其依然只會跳回login.jsp,而且不進入我配置的customSuccessHandler中。
最終發現是缺少了login-processing-url="/login.do",加上這句就可以了
以下爲正確的配置xml
<http auto-config="true">
<intercept-url pattern="/" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/home.do"
access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin**"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/dba**"
access="hasRole('ROLE_ADMIN') and hasRole('ROLE_DBA')" />
<!-- 在form-login中添加login-processing-url="/login.do" -->
<form-login login-page="/login.do"
login-processing-url="/login.do"
username-parameter="ssoId" password-parameter="password"
authentication-success-handler-ref="customSuccessHandler"
authentication-failure-url="/login.do" />
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="yiibai" password="123456" authorities="ROLE_USER" />
<user name="admin" password="123456" authorities="ROLE_ADMIN" />
<user name="dba" password="123456"
authorities="ROLE_ADMIN,ROLE_DBA" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="customSuccessHandler"
class="com.pegatroncorp.springsecurity.configuration.CustomSuccessHandler" />