今天分享一个使用Spring security的一个坑。。。
废话不说,上代码:
<!-- 登录页面login.html --><formid="login-form"action="/login.do">
用户名:<inputtype="text"name="username"/><br>
密码:<inputtype="password"name="password"/><br><inputtype="submit"value="登录"/></form>为了方便说明,登录页面的代码我没有加上css、js。
<!--security的配置:自定义登录表单信息--><security:form-loginlogin-page="/login.html"username-parameter="username"password-parameter="password"login-processing-url="/login.do"default-target-url="/index.html"always-use-default-target="true"authentication-failure-url="/login.html"/>其中,login-processing-url="/login.do"是点击登录按钮时,访问的url。
重点来了!!!
我点了登录按钮后。页面直接404 NOT FOUND。。。。控制台打印的完整日志如下:
2020-03-2211:01:23,501 DEBUG DefaultListableBeanFactory.doGetBean():254- Returning cached instance of singleton bean'environment'2020-03-2211:01:23,503 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/js/**'2020-03-2211:01:23,503 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/plugins/**'2020-03-2211:01:23,503 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/css/**'2020-03-2211:01:23,503 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/img/**'2020-03-2211:01:23,503 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/login.html'2020-03-2211:01:23,503 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/index.html'2020-03-2211:01:23,503 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position1 of12 in additional filter chain; firing Filter:'SecurityContextPersistenceFilter'2020-03-2211:01:23,503 DEBUG HttpSessionSecurityContextRepository.readSecurityContextFromSession():186- HttpSession returned null objectfor SPRING_SECURITY_CONTEXT2020-03-2211:01:23,503 DEBUG HttpSessionSecurityContextRepository.loadContext():116- No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@572ca96a. Anewone will be created.2020-03-2211:01:23,504 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position2 of12 in additional filter chain; firing Filter:'WebAsyncManagerIntegrationFilter'2020-03-2211:01:23,504 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position3 of12 in additional filter chain; firing Filter:'HeaderWriterFilter'2020-03-2211:01:23,504 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position4 of12 in additional filter chain; firing Filter:'LogoutFilter'2020-03-2211:01:23,504 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/logout.do'2020-03-2211:01:23,504 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position5 of12 in additional filter chain; firing Filter:'UsernamePasswordAuthenticationFilter'2020-03-2211:01:23,504 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/login.do'2020-03-2211:01:23,504 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position6 of12 in additional filter chain; firing Filter:'BasicAuthenticationFilter'2020-03-2211:01:23,504 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position7 of12 in additional filter chain; firing Filter:'RequestCacheAwareFilter'2020-03-2211:01:23,505 DEBUG DefaultSavedRequest.propertyEquals():364- pathInfo: both null(property equals)2020-03-2211:01:23,505 DEBUG DefaultSavedRequest.propertyEquals():364- queryString: both null(property equals)2020-03-2211:01:23,505 DEBUG DefaultSavedRequest.propertyEquals():388- requestURI: arg1=/pages/report-info.html; arg2=/member/login.do(property not equals)2020-03-2211:01:23,505 DEBUG HttpSessionRequestCache.getMatchingRequest():98- saved request doesn't match2020-03-2211:01:23,505 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position8 of12 in additional filter chain; firing Filter:'SecurityContextHolderAwareRequestFilter'2020-03-2211:01:23,505 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position9 of12 in additional filter chain; firing Filter:'AnonymousAuthenticationFilter'2020-03-2211:01:23,505 DEBUG AnonymousAuthenticationFilter.doFilter():100- Populated SecurityContextHolder with anonymous token:'org.springframework.security.authentication.AnonymousAuthenticationToken@c03c45e3: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 61A162389B7A17D1EE3E5348C77C7FB5; Granted Authorities: ROLE_ANONYMOUS'2020-03-2211:01:23,505 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position10 of12 in additional filter chain; firing Filter:'SessionManagementFilter'2020-03-2211:01:23,505 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position11 of12 in additional filter chain; firing Filter:'ExceptionTranslationFilter'2020-03-2211:01:23,505 DEBUG FilterChainProxy.doFilter():328-/member/login.do at position12 of12 in additional filter chain; firing Filter:'FilterSecurityInterceptor'2020-03-2211:01:23,505 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/pages/health-inquiry.html'2020-03-2211:01:23,506 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/pages/order-inquiry.html'2020-03-2211:01:23,506 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/member/login.do'; against'/pages/report-info.html'2020-03-2211:01:23,506 DEBUG FilterSecurityInterceptor.beforeInvocation():210- Public object- authentication not attempted2020-03-2211:01:23,506 DEBUG FilterChainProxy.doFilter():313-/member/login.do reached end of additional filter chain; proceeding with original chain2020-03-2211:01:23,506 DEBUG DispatcherServlet.doService():891- DispatcherServlet with name'spring-mvc' processing POST requestfor[/member/login.do]2020-03-2211:01:23,506 DEBUG RequestMappingHandlerMapping.getHandlerInternal():312- Looking up handler methodfor path/member/login.do2020-03-2211:01:23,507 DEBUG RequestMappingHandlerMapping.getHandlerInternal():319- Returning handler method[public cn.skywalker.entity.Result cn.skywalker.controller.MemberController.login(javax.servlet.http.HttpServletResponse,java.util.Map)]2020-03-2211:01:23,507 DEBUG DefaultListableBeanFactory.doGetBean():254- Returning cached instance of singleton bean'memberController'2020-03-2211:01:23,507 DEBUG DefaultCorsProcessor.processRequest():77- Skip CORS processing: request is from same origin2020-03-2211:01:23,508 DEBUG RequestResponseBodyMethodProcessor.readWithMessageConverters():201- Read[interfacejava.util.Map] as"application/json;charset=UTF-8" with[com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter@5f78e2c2]2020-03-2211:01:23,508 DEBUG AnnotationUtils.handleIntrospectionFailure():1889- Failed to meta-introspect annotationinterfaceorg.springframework.web.bind.annotation.RequestBody: java.lang.NullPointerException2020-03-2211:01:23,880 DEBUG DecodeHandler.decode():58-[DUBBO] Decode decodeable message com.alibaba.dubbo.rpc.protocol.dubbo.DecodeableRpcResult, dubbo version:2.6.0, current host:169.254.245.2392020-03-2211:01:24,196 DEBUG DecodeHandler.decode():58-[DUBBO] Decode decodeable message com.alibaba.dubbo.rpc.protocol.dubbo.DecodeableRpcResult, dubbo version:2.6.0, current host:169.254.245.2392020-03-2211:01:24,314 DEBUG HstsHeaderWriter.writeHeaders():129- Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@245f5db22020-03-2211:01:24,314 DEBUG HttpSessionSecurityContextRepository.saveContext():352- SecurityContext is empty or contents are anonymous- context will not be stored in HttpSession.2020-03-2211:01:24,314 DEBUG RequestResponseBodyMethodProcessor.writeWithMessageConverters():277- Written[cn.skywalker.entity.Result@60d5cc42] as"application/json" using[com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter@5f78e2c2]2020-03-2211:01:24,315 DEBUG DispatcherServlet.processDispatchResult():1076- Null ModelAndView returned to DispatcherServlet with name'spring-mvc': assuming HandlerAdapter completed request handling2020-03-2211:01:24,315 DEBUG DispatcherServlet.processRequest():1000- Successfully completed request2020-03-2211:01:24,315 DEBUG ExceptionTranslationFilter.doFilter():121- Chain processed normally2020-03-2211:01:24,315 DEBUG SecurityContextPersistenceFilter.doFilter():119- SecurityContextHolder now cleared, as request processing completed2020-03-2211:01:24,329 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/login.do'; against'/js/**'2020-03-2211:01:24,329 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/login.do'; against'/plugins/**'2020-03-2211:01:24,329 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/login.do'; against'/css/**'2020-03-2211:01:24,329 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/login.do'; against'/img/**'2020-03-2211:01:24,329 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/login.do'; against'/login.html'2020-03-2211:01:24,329 DEBUG AntPathRequestMatcher.matches():157- Checking match of request:'/login.do'; against'/index.html'2020-03-2211:01:24,330 DEBUG FilterChainProxy.doFilter():328-/login.do?username=15516533934&password=954355 at position1 of