首页 新闻 搜索 专区 学院

SSM+spring-scurity登录时停在登录页面等不进去

0
悬赏园豆:5 [待解决问题]

下面是打印日志:

DEBUG 02-16 21:15:07,519 /doLogin at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,520 /doLogin at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,520 HttpSession returned null object for SPRING_SECURITY_CONTEXT (HttpSessionSecurityContextRepository.java:186)
DEBUG 02-16 21:15:07,521 No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@3191ede6. A new one will be created. (HttpSessionSecurityContextRepository.java:116)
DEBUG 02-16 21:15:07,521 /doLogin at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,521 /doLogin at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,522 Trying to match using Ant [pattern='/logout', GET] (OrRequestMatcher.java:65)
DEBUG 02-16 21:15:07,523 Request 'POST /doLogin' doesn't match 'GET /logout (AntPathRequestMatcher.java:156)
DEBUG 02-16 21:15:07,525 Trying to match using Ant [pattern='/logout', POST] (OrRequestMatcher.java:65)
DEBUG 02-16 21:15:07,526 Checking match of request : '/doLogin'; against '/logout' (AntPathRequestMatcher.java:176)
DEBUG 02-16 21:15:07,527 Trying to match using Ant [pattern='/logout', PUT] (OrRequestMatcher.java:65)
DEBUG 02-16 21:15:07,528 Request 'POST /doLogin' doesn't match 'PUT /logout (AntPathRequestMatcher.java:156)
DEBUG 02-16 21:15:07,528 Trying to match using Ant [pattern='/logout', DELETE] (OrRequestMatcher.java:65)
DEBUG 02-16 21:15:07,528 Request 'POST /doLogin' doesn't match 'DELETE /logout (AntPathRequestMatcher.java:156)
DEBUG 02-16 21:15:07,528 No matches found (OrRequestMatcher.java:72)
DEBUG 02-16 21:15:07,528 /doLogin at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,528 Checking match of request : '/doLogin'; against '/login' (AntPathRequestMatcher.java:176)
DEBUG 02-16 21:15:07,529 /doLogin at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,529 pathInfo: both null (property equals) (DefaultSavedRequest.java:356)
DEBUG 02-16 21:15:07,529 queryString: both null (property equals) (DefaultSavedRequest.java:356)
DEBUG 02-16 21:15:07,529 requestURI: arg1=/lims/doLogin; arg2=/lims/doLogin (property equals) (DefaultSavedRequest.java:373)
DEBUG 02-16 21:15:07,529 saved request doesn't match (HttpSessionRequestCache.java:98)
DEBUG 02-16 21:15:07,531 /doLogin at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,531 /doLogin at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,531 /doLogin at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,531 Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90514580: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3BCF365E86B3994AA46320E9A5127BD5; Granted Authorities: ROLE_ANONYMOUS' (AnonymousAuthenticationFilter.java:100)
DEBUG 02-16 21:15:07,531 /doLogin at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,531 /doLogin at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,532 /doLogin at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' (FilterChainProxy.java:325)
DEBUG 02-16 21:15:07,532 Checking match of request : '/doLogin'; against '/WEB-INF/views/' (AntPathRequestMatcher.java:176)
DEBUG 02-16 21:15:07,532 Checking match of request : '/doLogin'; against '/static/
' (AntPathRequestMatcher.java:176)
DEBUG 02-16 21:15:07,532 Checking match of request : '/doLogin'; against '/login.jsp' (AntPathRequestMatcher.java:176)
DEBUG 02-16 21:15:07,533 Secure object: FilterInvocation: URL: /doLogin; Attributes: [authenticated] (AbstractSecurityInterceptor.java:219)
DEBUG 02-16 21:15:07,533 Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90514580: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3BCF365E86B3994AA46320E9A5127BD5; Granted Authorities: ROLE_ANONYMOUS (AbstractSecurityInterceptor.java:348)
DEBUG 02-16 21:15:07,533 Voter: org.springframework.security.web.access.expression.WebExpressionVoter@30cad859, returned: -1 (AffirmativeBased.java:66)
DEBUG 02-16 21:15:07,535 Access is denied (user is anonymous); redirecting to authentication entry point (ExceptionTranslationFilter.java:173)
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)

spring-scurity我用的是配置类:

@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableWebSecurity
public class AppWebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
UserDetailsService userDetailsService;

//认证相关
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}

//授权相关
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()
    .antMatchers("/WEB-INF/views/**","/static/**","/login.jsp").permitAll()
    .anyRequest().authenticated();
    
    http.formLogin().loginPage("/login.jsp") //指定自定义登录页
                    .usernameParameter("id")  //默认参数名:username
                    .passwordParameter("password")  //默认参数名:password
                    .loginProcessingUrl("/login")  // 默认请求映射名称: /login
                    .defaultSuccessUrl("/main");
    
    //5.授权注销功能
    http.logout().logoutUrl("/logout")//默认注销映射名称:/logout
                .logoutSuccessUrl("/login.jsp"); 

    http.exceptionHandling().accessDeniedHandler(new AccessDeniedHandler() {
        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException accessDeniedException) throws IOException, ServletException {
            //X-Requested-With: XMLHttpRequest
            String XRequestedWith = request.getHeader("X-Requested-With");
            if("XMLHttpRequest".equals(XRequestedWith)) { /
                response.getWriter().print("403");
            }else { 
                request.setAttribute("message", accessDeniedException.getMessage());
                request.getRequestDispatcher("/WEB-INF/views/error.jsp").forward(request, response);
            }               
        }
    });
    
    
    http.rememberMe();
    

    http.csrf().disable();
    
}
圐圙ii的主页 圐圙ii | 初学一级 | 园豆:197
提问于:2020-02-16 21:21
< >
分享
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册