spring security 问题
弄了一个简单的spring security程序但是不好使,也不抱异常,就是登录不上去,总是跳回登录页面。不知道为什么,望高手给看看,谢谢。
spring secutity 配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd">
<!-- authenticationManager -->
<bean id="driverManagerDataSource" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost:3306/roadrantz"></property>
<property name="username" value="root"></property>
<property name="password" value=""></property>
</bean>
<bean id="authenticationManager" ref="concurrentSessionController"></property>
</bean>
<bean id="daoAuthenticationProvider" ref="driverManagerDataSource"></property>
<property name="usersByUsernameQuery">
<value>
SELECT email as username, password,'true'
FROM Motorist
WHERE email=?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
SELECT email as username, privilege as authority
FROM Motorist_Privileges mp, Motorist m
WHERE mp.motorist_id = m.id
AND m.email=?
</value>
</property>
</bean>
<!-- -->
<bean id="accessDecisionManager" ref="authenticationManager"></property>
<property name="filterProcessesUrl" value="/login"></property>
<property name="defaultTargetUrl" value="/error.jsp?error=1"></property>
<property name="authenticationFailureUrl" value="/index.jsp?error_code=1"></property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint" value="false"></property>
<property name="loginFormUrl" value="/index.jsp"></property>
</bean>
<bean id="exceptionTranslationFilter" ref="authenticationProcessingFilterEntryPoint"></property>
<property name="accessDeniedHandler" ref="accessDeniedHandler"></property>
</bean>
<bean id="accessDeniedHandler" value="/error.jsp"></property>
</bean>
<bean id="filterSecurityInterceptor" ref="accessDecisionManager"></property>
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login=ROLE_connect
/success.jsp=ROLE_connect
</value>
</property>
</bean>
<bean id="channelProcessingFilter" ref="channelDecisionManager"></property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" ref="sessionRegistry" />
<property name="expiredUrl" value="/home.htm" />
</bean>
<bean id="concurrentSessionController"
value="1" />
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean id="sessionRegistry"
/>
</beans>
登录页面
<form method="POST" action="login">
<b>Username: </b><input type="text" name="j_username" value="as@qq.com"><br>
<b>Password: </b><input type="password" name="j_password" value="zzz"><br>
<input type="submit" value="Login">
</form>
登录的servlet
package partTwo.chapter6.securingSpring;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class Login extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
this.doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
String username=req.getParameter("j_username");
String password=req.getParameter("j_password");
System.out.println(username+password);
req.getRequestDispatcher("/success.jsp").forward(req, resp);
}
}
