1. ホーム
  2. 質問と答え
  3. Springセキュリティに失敗ログイン

Springセキュリティに失敗ログイン

2016-04-20 59 views
0

私はSpring Securityでログインできません。 常に失敗ページにリダイレクトされます。Springセキュリティに失敗ログイン

LOGS(私はログインを送信し、合格後):

DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication 
DEBUG: org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 
DEBUG: org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.w[email protected]57e1bde8 
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframew[email protected]fec7843d: Principal: [email protected]: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.[email protected]: RemoteIpAddress: 10.10.34.143; SessionId: 04D5F1E3C7B72570F1D4C2F7ADBC136C; Granted Authorities: ROLE_ADMIN, ROLE_USER 
DEBUG: org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler - Redirecting to DefaultSavedRequest Url: http://10.10.34.143:8080/app/j_spring_security_check 
DEBUG: org.springframework.security.web.DefaultRedirectStrategy - Redirecting to 'http://10.10.34.143:8080/app/j_spring_security_check' 
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext stored to HttpSession: '[email protected]c7843d: Authentication: org.springframew[email protected]fec7843d: Principal: [email protected]: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 10.10.34.143; SessionId: 04D5F1E3C7B72570F1D4C2F7ADBC136C; Granted Authorities: ROLE_ADMIN, ROLE_USER' 
DEBUG: org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]c7843d: Authentication: org.springframew[email protected]fec7843d: Principal: [email protected]: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 10.10.34.143; SessionId: 04D5F1E3C7B72570F1D4C2F7ADBC136C; Granted Authorities: ROLE_ADMIN, ROLE_USER' 
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication 
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: Authentication method not supported: GET 
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication 
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handler org.springframework.se[email protected]1405b08 
DEBUG: org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login?error=Invalid%20user%20login%20or%20password 
DEBUG: org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/app/login?error=Invalid%20user%20login%20or%20password' 
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
DEBUG: org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
DEBUG: org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals) 
DEBUG: org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: arg1=null; arg2=error=Invalid%20user%20login%20or%20password (property not equals) 
DEBUG: org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]0: RemoteIpAddress: 10.10.34.143; SessionId: 6C4EAB97775D858B3677DC3CD0A53666; Granted Authorities: ROLE_ANONYMOUS' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login'; against '/resources/**' 
DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login'; against '/login' 
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /login?error=Invalid%20user%20login%20or%20password; Attributes: [permitAll] 
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.sprin[email protected]905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]0: RemoteIpAddress: 10.10.34.143; SessionId: 6C4EAB97775D858B3677DC3CD0A53666; Granted Authorities: ROLE_ANONYMOUS 
DEBUG: org.springframework.security.access.vote.AffirmativeBased - Voter: org.sp[email protected]34223c37, returned: 1 
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful 
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object 
DEBUG: org.springframework.security.web.FilterChainProxy - /login?error=Invalid%20user%20login%20or%20password reached end of additional filter chain; proceeding with original chain

見て、私は正しいj_usernameはj_passwordというを追加していますが、まだページを失敗ログインするリダイレクトされます。

私のsecurity.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation=" 
         http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <http use-expressions="true"> 
     <http-basic /> 
     <form-login login-processing-url="/j_spring_security_check" 
      default-target-url="/homepage" login-page="/login" 
      authentication-failure-url="/login?error=Invalid%20user%20login%20or%20password" /> 

     <logout logout-url="/j_spring_security_logout" 
      logout-success-url="/login" /> 

     <intercept-url pattern="/resources/**" access="permitAll" /> 

     <intercept-url pattern="/login" access="permitAll" /> 
     <intercept-url pattern="/signup" access="permitAll" /> 
     <intercept-url pattern="/homepage" access="isAuthenticated()" /> 
     <intercept-url pattern="/user" access="hasRole('User')" /> 
     <intercept-url pattern="/" access="permitAll" /> 
     <intercept-url pattern="/**" access="hasRole('Admin')" /> 
    </http> 

    <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="user" password="user" authorities="ROLE_USER" /> 
       <user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 
</beans:beans>

EDIT:POSTリクエストをj_spring_security_checkした後、私はj_spring_security_checkするGETリクエストを持っています。どうしてか分かりません。

マイログインページ(index.jspの):

<%@ page language="java" contentType="text/html; charset=UTF-8" 
    pageEncoding="UTF-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<!DOCTYPE html> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
<title>Login</title> 
<style type="text/css"> 
table { 
    margin-top: 10%; 
    padding: 40px; 
    border: 3px solid black; 
    text-align: center; 
    box-shadow: 0 0 5px; 
    border-radius: 50px; 
} 

td { 
    text-align: left 
} 
</style> 
</head> 
<body> 
    <div align="center"> 
     <c:url var="loginUrl" value="/j_spring_security_check" /> 
     <form action="${loginUrl}" method="post"> 
      <table> 
       <tr> 
        <td><label for="login">Login:</label></td> 
        <td><input type="text" name="j_username" id="login" 
         style="width: 100%" required></td> 
       </tr> 
       <tr> 
        <td><label for="password">Password:</label></td> 
        <td><input type="password" name="j_password" id="password" 
         style="width: 100%" required></td> 
       </tr> 
       <tr> 
        <td colspan="2" style="text-align: right;"><input 
         type="submit" value="Sign in"></td> 
       </tr> 
       <tr> 
        <td colspan="2" style="color: red; text-align: left;"> 
          <c:if test="${param.error != null}">   
           <c:out value="${param.error}"/> 
          </c:if> 

       </tr> 

      </table> 
     </form> 
    </div> 
</body> 
</html>

出典

2016-04-20 Nick Nick

+0

はあなたのログインページを表示することができますか? – FreezY

+0

はい、確かです。 (追加) –

+0

ログに「AuthenticationServiceException:認証メソッドがサポートされていません:GET」と表示されます。このフォームを使用していますか? –

答えて

0

あなたはあなたのフォームに隠された要素としてCSRFキーを追加する必要があります

<form action="${loginUrl}" method="post"> 
     <table> 
      <tr> 
       <td><label for="login">Login:</label></td> 
       <td><input type="text" name="j_username" id="login" 
        style="width: 100%" required></td> 
      </tr> 
      <tr> 
       <td><label for="password">Password:</label></td> 
       <td><input type="password" name="j_password" id="password" 
        style="width: 100%" required></td> 
      </tr> 
      <tr> 
       <td colspan="2" style="text-align: right;"><input 
        type="submit" value="Sign in"></td> 
      </tr> 
      <tr> 
       <td colspan="2" style="color: red; text-align: left;"> 
         <c:if test="${param.error != null}">   
          <c:out value="${param.error}"/> 
         </c:if> 

      </tr> 

     </table> 
     <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> 
    </form>

出典

2016-04-20 08:29:49 FreezY

関連する問題

 関連する問題