这个想法很简单,如果我的登录失败,用户将被重定向到/loginerror,但不能正常工作

LoginController

 @RequestMapping(value = "/login", method = RequestMethod.GET)
        public String login(Model model) {
            return "login";
        }

        @RequestMapping(value = "/loginerror", method = RequestMethod.GET)
        public String loginFailed(Model model) {
            model.addAttribute("error", "true");
            return "login";
        }

        @RequestMapping(value = "/logout", method = RequestMethod.GET)
        public String logout(Model model) {
            return "login";
        }


login.jsp

<c:if test="${not empty error}">
                            <div class="alert alert-danger">
                                <spring:message
                                    code="AbstractUserDetailsAuthenticationProvider.badCredentials" />
                                <br />
                            </div>
                        </c:if>
                        <form action="<c:url value= "/j_spring_security_check"></c:url>"
                            method="post">
                            <fieldset>
                                <div class="form-group">
                                    <input class="form-control" placeholder="User Name"
                                        name='j_username' type="text">
                                </div>
                                <div class="form-group">
                                    <input class="form-control" placeholder="Password"
                                        name='j_password' type="password" value="">
                                </div>
                                <input class="btn btn-lg btn-success btn-block" type="submit"
                                    value="Login">
                            </fieldset>
                        </form>
                    </div>


security-context.xml

<security:http auto-config="true">
    <security:intercept-url pattern="/all/add"
        access="hasRole('ROLE_ADMIN')" />
    <security:form-login login-page="/login"
        default-target-url="/all/add" authentication-failure-url="/loginerror" />
    <security:logout logout-success-url="/logout" />
    <security:csrf disabled="true" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="admin" authorities="ROLE_ADMIN"
                password="admin" />
        </security:user-service>
    </security:authentication-provider>

</security:authentication-manager>


我想做的是在用户登录失败时将用户重定向到登录页面,但是每次我都收到在URL localhost......../j_spring_security_check上找不到的错误404页面

编辑

弹簧错误消息是AbstractUserDetailsAuthenticationProvider.badCredentials=The user-name or password you entered is incorrect.

将debug语句放入/loginerror方法后,我知道甚至没有调用此方法

如果网址错误怎么截取?

web.xml

<servlet>
        <servlet-name>dispatcherServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcherServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/security-context.xml</param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

最佳答案

您使用的Spring版本不支持
<form action="<c:url value= "/j_spring_security_check"></c:url>" method="post">
使用/ login作为网址
<form action="<c:url value= "/login"></c:url>" method="post">
自从您问到此链接后,就清楚地说明了差异Why doesn't my custom login page show with Spring Security 4?

10-07 19:44
查看更多