defaultTarget must start with '/' or with 'http(s)'


defaultTarget must start with '/' or with 'http(s)'

我尝试使用 spring 安全性实现基于持久令牌的身份验证和记住我的功能,其中所有配置都是基于注释的。问题是,当我尝试运行我的应用程序时,服务器抛出IllegalArgumentException. 异常:Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception


代码

@Configuration
@EnableWebSecurity
public class WebAppSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("tom").password("123").roles("ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // String数组,列出需要放行的资源的路径
        String[] permitUrls = {"/index.jsp","/bootstrap/**",
                "/crowd/**","/css/**","/fonts/**","/img/**",
                "/jquery/**","/layer/**","/script/**","/ztree/**","/admin/do/login.html"};
        http
                .authorizeRequests()                     // 表示对请求进行授权
                .antMatchers(permitUrls)                 // 传入的ant风格的url
                .permitAll()                             // 允许上面的所有请求,不需要认证
                .anyRequest()                             // 设置其他未设置的全部请求
                .authenticated()                          // 表示需要认证
                .and()
                .formLogin()                               // 开启表单的身份验证
                .loginPage("/admin/do/login.html")            // 登录页设置
                .loginProcessingUrl("security/do/login.html")   // 验证请求的地址
                .defaultSuccessUrl("admin/to/main.html")        // 验证成功后的地址
                .usernameParameter("userAcct")      // 帐号的请求参数名
                .passwordParameter("userPswd")      // 密码的请求参数名

        ;
    }
}

错误的信息

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)'
    ....
        ....
        ....
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)'
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:650)
    ... 71 common frames omitted
Caused by: java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)'
    at org.springframework.util.Assert.isTrue(Assert.java:121)
    at 
...
...
...
...

处理方案

.loginProcessingUrl("/security/do/login.html")   // 验证请求的地址
.defaultSuccessUrl("/admin/to/main.html")        // 验证成功后的地址

必须以“http”、“https”或“/”开头

原因

通过使用/,url 相对于 servlet 的根。因此,如果您的 servlet 根是https://1111.com/api,则 /logout 将指向https://1111.com/api/logout

声明:纯情阿丁|版权所有,违者必究|如未注明,均为原创|本网站采用BY-NC-SA协议进行授权

转载:转载请注明原文链接 - defaultTarget must start with '/' or with 'http(s)'


阿丁在Coding,等你成为我的朋友!