我是Spring Security
的新手。我正在从链接重新开发应用程序:http://www.mkyong.com/spring-security/spring-security-http-basic-authentication-example/.我使用了最新的依赖项,我可以简单地进行身份验证(Simple HTTP Basic Auth),但是当我尝试注销时,单击注销按钮后,我无处可去,并且还记录了以下内容。我如何解决这个问题?
正在调用URL:http://localhost:8080/spring-安全http basic auth/j\u spring\u security\u注销
日志显示没有找到映射,但为什么?
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@84010cb9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@84010cb9: Principal: org.springframework.security.core.userdetails.User@c01cbded: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /logout
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /login
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'mkyong'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@84010cb9: Principal: org.springframework.security.core.userdetails.User@c01cbded: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/j_spring_security_logout'; against '/welcome*'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout reached end of additional filter chain; proceeding with original chain
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/spring-security-http-basic-auth/j_spring_security_logout]
2016-08-11 21:07:09 WARN o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/spring-security-http-basic-auth/j_spring_security_logout] in DispatcherServlet with name 'mvc-dispatcher'
2016-08-11 21:07:09 DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@54855a73
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
2016-08-11 21:07:09 DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-08-11 21:07:09 DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Spring安全。xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" />
<form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<http-basic />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
LoginController。Java语言
@Controller
public class LoginController {
@RequestMapping(value="/welcome", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal ) {
String name = principal.getName();
model.addAttribute("username", name);
model.addAttribute("message", "Spring Security Custom Form example");
return "hello";
}
@RequestMapping(value="/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login";
}
@RequestMapping(value="/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
return "login";
}
}
pom。xml
<properties>
<java.version>1.8</java.version>
<spring.version>4.3.0.RELEASE</spring.version>
<spring.security.version>4.1.1.RELEASE</spring.security.version>
<logback.version>1.1.7</logback.version>
<jcl-over-slf4j.version>1.7.21</jcl-over-slf4j.version>
</properties>
<dependencies>
<!-- Spring 3 dependencies -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- logging, slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${jcl-over-slf4j.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<!-- jstl -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- Servlet and JSP -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
</dependency>
</dependencies>
<build>
<finalName>spring-security-http-basic-auth</finalName>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
</configuration>
</plugin>
</plugins>
</build>
编辑-:
<http auto-config="true">
<intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" />
<logout logout-url="/j_spring_security_logout"/>
<http-basic />
</http>
谢谢你的帮助。我只需要在下面使用。完成!!
<http auto-config="true">
<intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" />
<http-basic />
</http>
你好jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h3>Message : ${message}</h3>
<h3>Username : ${username}</h3>
<%-- <a href="<c:url value="/j_spring_security_logout" />" > Logout</a> --%>
<a href="<c:url value="/logout" />">Logout</a>
</body>
</html>
该教程使用了旧版本的Spring。
正如Spring 3的迁移文档中所报告的那样。x到4。x(第6.4段):
logout@logout-url属性默认值从“/j_spring_security_logout”更改为“/logout”。如果应用程序显式提供该属性,则迁移不需要任何操作。
尝试根据迁移文档更改应用程序。
问题内容: 从HttpClient 4.3开始,我一直在使用HttpClientBuilder。我正在连接到具有基本身份验证的REST服务。我将凭据设置如下: 但是,这不起作用(我正在使用的REST服务返回401)。怎么了? 问题答案: 从此处的 抢先身份验证 文档中: http://hc.apache.org/httpcomponents-client- ga/tutorial/html/aut
我使用下面的文章在我的laravel项目中创建JWT身份验证。但是现在我不能再使用Basic身份验证了。有没有办法使用基本身份验证?我需要它为我的网络界面。 https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps Route::get('auth/login','Auth\AuthC
我是角的新手。我正在尝试使用基本的身份验证标头向服务器发送GET请求,但它不起作用。这是我的代码, 当我从控制器调用服务时,浏览器的控制台中显示了2个错误, 选项http://xxx.xxx.xxx.xxx/api/getusers XMLHttpRequest无法加载http://xxx.xxx.xxx.xxx/api/getusers.请求的资源上不存在“访问控制允许源”标头。起源http:/
目前我正在开发一个Java工具,它应该可以更新Confluence服务器页面。使用Curl一切都像一个符咒,但是当使用Postman或Java代码(HttpClient Java11)时,我得到了一个 HTTP状态401–未经授权 反应。 在下面的语句中使用curl curl--basic-u user:password-X PUT-H“内容类型:application/json”-d“@test
几天没有任何进展,我需要你的帮助。 使用GWT,我试图与REST服务器通信,服务器位于不同的URL上(需要CORS)<我的配置:服务器spring boot 1.3.3 客户端-GWT 1.7-restygwt 2.0.3 当我在Spring中禁用安全性时,我可以在我的GWT客户端中获取数据。 但是当我启用它时,我总是收到401个请求。REST URL请求直接在Web浏览器中工作(带有其身份验证对
我正在尝试使用OAuth2实现开发一个带有Spring Security性的rest api。但是如何删除基本身份验证呢。我只想向body发送用户名和密码,并在postman上获取令牌。 要删除基本身份验证,并从邮递员的get token中发送body标记中的用户名密码吗 我遇到了一些问题{"错误":"未经授权","error_description":"没有客户端身份验证。尝试添加适当的身份验证