4

どこに何かが欠けているのかわかりません。その点について助けていただければ幸いです。ログイン試行後、「サポートされていない認証方法: GET」というメッセージが表示されます。

ここに私のsecurity-Context.xmlがあります:

 <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
              http://www.springframework.org/schema/security 
              http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <!-- <security:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> -->
    <security:http auto-config="true">
        <security:intercept-url pattern="/login/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/login/doLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/lib/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <security:form-login login-page="/login/login.do" authentication-failure-url="/login/login.do?login_error=true" default-target-url="/test/showTest.do"/>
        <security:logout logout-success-url="/login/login.do" invalidate-session="true" />
        <security:remember-me key="rememberMe"/>
    </security:http>    


    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service data-source-ref="dataSource" 
            users-by-username-query="select EMAIL as email, PASSWORD as password, from ams.user where EMAIL=?"
            authorities-by-username-query="
                select distinct user.EMAIL as email, permission.NAME as authority 
                from ams.user, ams.user_role, ams.role, ams.role_permission, ams.permission
                where user.ID=user_role.USER_ID AND user_role.ROLE_ID=role_permission.ROLE_ID AND role_permission.PERMISSION_ID=permission.ID AND user.EMAIL=?"/>
            <security:password-encoder ref="passwordEncoder" />
        </security:authentication-provider>
    </security:authentication-manager>

    <bean id="passwordEncoder"
        class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
        <constructor-arg value="256" />
    </bean>
</beans>

そして私のLoginController:

@Controller
public class LoginController {

    @RequestMapping(method = RequestMethod.GET)
    public ModelAndView showLogin() {
        ModelAndView mav = new ModelAndView("login/login");

        return mav;
    }

    @RequestMapping(method = RequestMethod.POST)
    public ModelAndView doLogin(@RequestParam("email") String email, 
            @RequestParam("password") String password,
            @RequestParam("remember_me") boolean rememberMe,
            HttpServletRequest request, HttpServletResponse response) {

        ModelAndView mav = new ModelAndView();

        mav.setViewName("redirect:/j_spring_security_check?j_email=" + email + "&j_password=" + password + "&_spring_security_remember_me=" + rememberMe);

        return mav;
    }
}

さらに何か必要な場合は教えてください

4

1 に答える 1

4

ユーザー名とパスワードをクエリ パラメータとして、HTTP GET リクエストをログイン URL に送信しようとしていると思います。これは本質的に安全ではないため (たとえば、ブックマークされる可能性があります)、許可されていません。代わりに HTTP POST を送信する必要があります。

于 2013-02-19T20:04:33.590 に答える