Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
72 views
in Technique[技术] by (71.8m points)

java - spring mvc security doesn't work at all even on the first step

I already created a spring mvc project which has 2 controllers, some DAO, DTO and jsp files. I deleted @RequestMapping(value = "/login", method = RequestMethod.GET) on my controller to check that spring security works well.

However, it does NOT work at all and always shows the 404 error. If the error code is 403 then I can fix my setting of context-security.xml. But I have no idea what I've missed.

Anyway, I just set pom.xml to inject dependency like this. (my spring framework is 3.1.1 so spring security version is also 3.1.1)

        <java-version>1.6</java-version>
        <org.springframework-version>3.1.1.RELEASE</org.springframework-version>
        <org.aspectj-version>1.6.10</org.aspectj-version>
        <org.slf4j-version>1.6.6</org.slf4j-version>
    </properties>
    <dependencies>
    
        <!-- Spring-Security -->
        <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>3.1.1.RELEASE</version>
        </dependency>
        
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${org.springframework-version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${org.springframework-version}</version>
        </dependency>
         
        <!-- Spring-Security-Taglibs -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>${org.springframework-version}</version>
        </dependency>

And I created context-security.xml in appservlet folder.

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security.xsd">
        
        <http auto-config="true" use-expressions="true">
            <intercept-url pattern="/**" access="ROLE_USER" />
  
        </http>
        
        <authentication-manager>
            <authentication-provider>
                <user-service>
                    <user name="user" password="1234" authorities="ROLE_USER"/>
                    <user name="guest" password="guest" authorities="ROLE_GUEST"/>
                </user-service>
            </authentication-provider>
        </authentication-manager>
    
</beans:beans>

And I add some codes to web.xml

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/root-context.xml
                    /WEB-INF/spring/context-security.xml
        </param-value>
    </context-param>
    <!-- Spring Security Filter -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
 
    <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

I checked some examples. They can see spring security login page without additional class which has configuaraion annotation or EnableWebsecurity whatever. But mine hasn't been working for 3 hours.

Plus, I generated a new mvc project and copied the three XML code. Only homeController and home.jsp. Therefore, I can see the exact same error from the project. The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

And I removed <intercept-url pattern="/**" access="ROLE_USER" /> ==> failed ==> failed ==> failed ==> holo is my project name. anway failed

But it hasn't work at all. Is there any error of these XML? Or not why is not working at all?

question from:https://stackoverflow.com/questions/65625981/spring-mvc-security-doesnt-work-at-all-even-on-the-first-step

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...