Spring-Security:升级到Spring-Security 4.1后,用户名将被发送为空以进行登录

我正在开发基于Spring-MVC的应用程序,我们使用Spring-Security进行登录,授权。 我们之前使用的是版本3.2.5,升级是4.1.1。 升级后,登录机制会因发送的用户名为空而中断。 我不知道出了什么问题。 你能帮忙的话,我会很高兴。

securityApplicationContext.xml: 

   <!---->  <!--  -->

web.xml: 

  contextConfigLocation /WEB-INF/spring/root-context.xml,/WEB-INF/spring/appServlet/security-applicationContext.xml   2440   org.springframework.web.context.request.RequestContextListener   org.springframework.web.context.ContextLoaderListener   springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy true  contextAttribute org.springframework.web.context.WebApplicationContext.ROOT    springSecurityFilterChain /*

调试日志: 

 DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/resources/**' DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@56af71ce. A new one will be created. DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'ConcurrentSessionFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' DEBUG: org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2a868e9a DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter' DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/j_spring_security_logout' DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/j_spring_security_check' DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication DEBUG: org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider Username is DEBUG: org.springframework.security.authentication.dao.DaoAuthenticationProvider - User '' not found DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@75d32cb4 DEBUG: org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /denied DEBUG: org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/denied'

登录代码: 

 
 
 
 
 <form id="login-form" class="login-page" action="" method="POST"> 
  <input type="email" name="j_username" id="j_username" value="" class="form-control input" placeholder=""> 
 
  <input type="password" name="j_password" id="j_password" class="form-control input" placeholder="">

你能帮忙的话,我会很高兴。 非常感谢。

可能问题是从Spring Security版本4开始。+表单登录的参数名称改变了他们的名字:

  • username而不是j_username
  • password而不是j_password
  • POST到/login URL而不是/j_spring_security_check

因此,您应该在登录表单中重命名参数,或者使用form-login参数覆盖这些参数名称,如下所示:

请查看此资源,它可能对您的迁移有所帮助 – http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to- 4- xml.html#m3to4-XML命名空间-表单登录

securityApplicationContext.xml添加username-parameter="j_username" password-parameter="j_password" ,如下所示:
Interesting Posts

如何使用JDO持久性管理器?

jtable中的动态jcombobox项目

Hazelcast专用节点

Java:在字段OR构造函数中初始化ArrayList?

在Java中删除部分字符串

TableModelListener和多列validation

修改本机查询不能有命名参数绑定?

如何摆脱在基于java的Web服务服务器中请求的资源错误上没有’Access-Control-Allow-Origin’标头

如何使用Java编写的程序可用于其他人?

Java时区 – IST的奇怪行为?