我在我的小項目中採用了spring security。 我有一個問題,當我嘗試使用POST方法提交表單來登錄時,彈簧安全HTTP 405錯誤(POST不支持)被引發。春季安全自定義登錄方法不支持
這是我的代碼如下。
春季安全AppContext:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:mybatis-spring="http://mybatis.org/schema/mybatis-spring"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://mybatis.org/schema/mybatis-spring http://mybatis.org/schema/mybatis-spring-1.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.1.xsd">
<http security="none" pattern="/resources/**" />
<http security="none" pattern="/home/testpage" />
<http security="none" pattern="/user/join-form" />
<http security="none" pattern="/user/join" />
<http security="none" pattern="/user/activate-user" />
<http security="none" pattern="/user/login-form" />
<http security="none" pattern="/user/check-duplication-email" />
<http security="none" pattern="/user/check-duplication-nickname" />
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/home/main" access="permitAll"/>
<form-login
login-page="/user/login-form"
default-target-url="/home/main"
authentication-failure-handler-ref="authenticationFailureHandler"
username-parameter="email"
password-parameter="passwd"
login-processing-url="/user/login"
/>
<csrf/>
<logout
logout-url="/user/logout"
invalidate-session="true"
logout-success-url="/user/login-form"
/>
<session-management>
<concurrency-control max-sessions="1" expired-url="/" />
</session-management>
</http>
<authentication-manager>
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
<beans:beans profile="common">
<beans:bean id="authenticationProvider" class="com.winsplay.whiteboard.web.auth.CustomAuthenticationProvider" >
<beans:property name="userSecurityService" ref="userSecurityService" />
</beans:bean>
<beans:bean id="authenticationFailureHandler" class="com.winsplay.whiteboard.web.auth.CustomAuthenticationFailureHandler" />
<beans:bean id="userSecurityService" class="com.winsplay.whiteboard.web.auth.UserSecurityServiceImpl" />
<mybatis-spring:scan base-package="com.winsplay.whiteboard.web.auth" annotation="org.springframework.stereotype.Repository"/>
</beans:beans>
</beans:beans>
JSP登錄表單:
<c:if test="${anonymous}">
<div id="login-popup">
<p class="info">login</p>
<hr />
<form:form action="${pageContext.request.contextPath}/user/login" method="post">
<sec:csrfInput/>
<p><form:errors /></p>
<table>
<tbody>
<tr>
<td style="text-align:right;"><p class="input-header">email</p></td>
<td>
<input type="email" class="myinput" name="email" placeholder="[email protected]" />
</td>
<td rowspan="2" style="vertical-align:top;">
<input type="image" style="position:relative; top:-10px;" src="${pageContext.request.contextPath}/resources/img/btn_login.JPG" alt="btn_login" title="login" />
</td>
</tr>
<tr >
<td style="text-align:right;"><p class="input-header">password</p></td>
<td>
<input type="password" class="myinput" name="passwd" />
</td>
</tr>
</tbody>
</table>
<div style="text-align:right; margin-right:100px; margin-top:30px;">
<a class="my-btn" href="${pageContext.request.contextPath}/user/find-password">find password</a>
<a class="my-btn close-lightbox" href="#">close</a>
</div>
</form:form>
<hr />
</div>
</c:if>
如何發送POST方法登錄?
在此先感謝。
< HTTP安全= 「無」 ... >啄是根據您的安全設置,調試
這可能會發生,因爲您需要在login.jsp表單中傳遞CSRF令牌。嘗試在您的表單標記 – smoggers
<秒內添加 與,它不起作用。當我進入我的網站時,我可以很好地檢查csrf token set –
PLAYMAKER