在此Web应用程序中一切正常。浏览器被阻止缓存页面。登录和注销也可以。注销后,我能够成功地将用户重定向到登录页面。
Web应用程序控件的流程可以通过此简单流程图说明。
> loginForm> a> b> c> registerForm>配置文件
这些是应用程序中的基本6页。
loginForm.jsp:
<body onload='document.f.username.focus();'>
<h3>Login with Username & Password</h3>
<form name='f' method="post">
<table>
<tr>
<td>User:</td>
<td><input type="text" name="username" value='' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2"><input name='submit' type="submit" value="Login" /></td>
</tr>
<tr>
<td><input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}">
</td></tr>
</table>
</form>
</body>
a.jsp:
<h1>Your Profile - a</h1>
<form method="post">
<table>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
b.jsp:
<h1>Your Profile - b</h1>
<form method="post">
<table>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
c.jsp:
<h1>Your Profile - c</h1>
<form method="post">
<table>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
registerForm.jsp:
<form method="post">
<table>
<tr>
<td>First Name:</td>
<td><input type="text" name="firstName" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lastName" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type="text" name="userName" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
profile.jsp:还包含注销链接。
<h1><a href="#" onclick="javascript:logoutForm.submit();">logout</a></h1>
<c:url var="logoutUrl" value="/logout" />
<form action="${logoutUrl}" method="post" id="logoutForm">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
</form>
<table>
<tr>
<td>First Name:</td>
<td><c:out value="${spitter.firstName}" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><c:out value="${spitter.lastName}" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><c:out value="${spitter.userName}" /></td>
</tr>
</table>
LoginController.java
@Controller
public class LoginController {
@RequestMapping(value = "/loginPage", method = RequestMethod.GET)
public String showLoginForm() {
System.out.println("Inside GET loginPage");
return "loginForm";
}
@RequestMapping(value = "/loginPage", method = RequestMethod.POST)
public String processLoginForm() {
System.out.println("Inside POST loginPage");
return "redirect:/spitter/a";
}
}
当我通过键入请求loginForm.jsp时,将调用第一个方法
当我单击loginForm.jsp上的Submit按钮时,它应该导致调用LoginController.java中存在的第二个方法。但是,这永远不会发生。为什么?。我有时看到将其重定向到profile.jsp,或者有时将浏览器栏中的URL反映为
这是HTTP状态404-/ web /
其他控制器:
SpittrController.java:
@Controller
@RequestMapping(value = "/spitter")
public class SpittrController {
@RequestMapping(value = "/a", method = RequestMethod.GET)
public String a() {
return "a";
}
@RequestMapping(value = "/a", method = RequestMethod.POST)
public String processA() {
return "redirect:/spitter/b";
}
@RequestMapping(value = "/b", method = RequestMethod.GET)
public String b() {
return "b";
}
@RequestMapping(value = "/b", method = RequestMethod.POST)
public String processB() {
return "redirect:/spitter/c";
}
@RequestMapping(value = "/c", method = RequestMethod.GET)
public String c() {
return "c";
}
@RequestMapping(value = "/c", method = RequestMethod.POST)
public String processC() {
return "redirect:/spitter/register";
}
@RequestMapping(value = "/register", method = RequestMethod.GET)
public String showRegistrationForm() {
return "registerForm";
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String processingRegistration(@Valid Spitter spitter, Errors errors) {
if (errors.hasErrors()) {
return "registerForm";
}
spittleRepository.save(spitter);
return "redirect:/spitter/" + spitter.getUserName();
}
@RequestMapping(value = "/{username}", method = RequestMethod.GET)
public String showSpitterProfile(@PathVariable("username") String username,
Model model) {
Spitter spitter = spittleRepository.findByUsername(username);
if (spitter != null) {
model.addAttribute(spitter);
}
return "profile";
}
}
Java配置以启用Spring MVC Web安全性:
@Configuration
@EnableWebSecurity
public class SecurityConfig
extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/loginPage").and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/spitter/a").authenticated()
.antMatchers(HttpMethod.POST, "/spitter/a").authenticated()
.antMatchers(HttpMethod.GET, "/spitter/b").authenticated()
.antMatchers(HttpMethod.POST, "/spitter/b").authenticated()
.antMatchers(HttpMethod.GET, "/spitter/c").authenticated()
.antMatchers(HttpMethod.POST, "/spitter/c").authenticated()
.antMatchers(HttpMethod.GET, "/spitter/register").authenticated()
.antMatchers(HttpMethod.POST, "/spitter/register").authenticated()
.antMatchers(HttpMethod.GET, "/spitter/**").authenticated()
.and().logout().logoutSuccessUrl("/loginPage");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER").and().withUser("admin").password("password")
.roles("USER", "ADMIN");
}
}
应用程序的Eclipse结构:
您应该添加http.formLogin().loginPage("/loginPage").defaultSuccessUrl("/spitter/a").and().
Web安全配置。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句