Java – spring security displays “bad credentials” even before submitting the form

Java

I have the following spring safety code, but it doesn't work When I open the login page and enter the user name / password admin @ myproject COM / secret, the following error message will be displayed After entering the user name / password, add to the address? Error = 1, even if I delete it manually and refresh the page message Nothing is displayed in the console

Your login attempt was not successful due to

Bad credentials.

Spring security XML file

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">



    <beans:import resource='login-service.xml' />
    <http auto-config="true" access-denied-page="/notFound.jsp"
        use-expressions="true">
        <intercept-url pattern="/" access="permitAll" />
        <intercept-url pattern="/member**" access="hasRole('ROLE_MEMBER')" />
        <form-login login-page="/signin" default-target-url="/index"
            authentication-failure-url="/signin?error=1" />

        <logout logout-success-url="/login?logout" />
        <csrf />
    </http>
    <authentication-manager>
        <authentication-provider>
            <user-service> <user name="admin@myproject.com" password="secret" 
                authorities="ROLE_ADMIN"/> 
            <user name="user@yahoo.com" password="secret" authorities="ROLE_USER"/> 
                </user-service> 

        </authentication-provider>
    </authentication-manager>
</beans:beans>

The form contains the following code, even before submitting the form, spring_ Security_ LAST_ Exception does not seem to be empty

<c:if test="${not empty SPRING_Security_LAST_EXCEPTION}">
            <font color="red"> Your login attempt was not successful due
                to <br />
            <br /> <c:out value="${SPRING_Security_LAST_EXCEPTION.message}" />.
            </font>
        </c:if>
            <form id="form-login" role="form" method="post"
                        action="<c:url value='/j_spring_security_check' />"
                        class="relative form form-default">
                        <input type="hidden" name="${_csrf.parameterName}"
                            value="${_csrf.token}" />

I don't know why, but the same code now returns the following error

Your login attempt was not successful due to

Authentication method not supported: GET.

Solution

You need to allow everyone to access your / sign page, even if he is not authenticated

<intercept-url pattern="/signin" access="permitAll" />

I wrote this answer before the first change of the question, when the question was (it was still the title): "spring security displays' bad credentials' before submitting the form."

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>