在spring security中自定义登录界面,配置如下:
<http auto-config="true"> <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?message=" default-target-url="/index.jsp" /> </http>
报错信息:
java.lang.IllegalArgumentException: Failed to evaluate expression 'IS_AUTHENTICATED_ANONYMOUSLY' at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:14) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:36) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18) at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62) at org.springframework.security.config.http.DefaultFilterChainValidator.checkLoginPageIsntProtected(DefaultFilterChainValidator.java:191) at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:36) at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:167) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1612) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1549) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:304) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:700) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:381) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:293) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1572) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1562) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Field or property 'IS_AUTHENTICATED_ANONYMOUSLY' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:217) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:85) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:78) at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:113) at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:105) at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11) ... 29 more
解决方法:
<http auto-config="true"> <intercept-url pattern="/**/*.js" access="hasRole('ROLE_ANONYMOUS')" /> <intercept-url pattern="/**/*.css" access="hasRole('ROLE_ANONYMOUS')" /> <intercept-url pattern="/**/*.png" access="hasRole('ROLE_ANONYMOUS')" /> <intercept-url pattern="/**/*.jpg" access="hasRole('ROLE_ANONYMOUS')" /> <intercept-url pattern="/login.jsp" access="hasRole('ROLE_ANONYMOUS')" /> <intercept-url pattern="/configAction/getConfig.action" access="hasRole('ROLE_ANONYMOUS')" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?message=" default-target-url="/index.jsp" /> </http>
配置中用hasRole('ROLE_ANONYMOUS')就可以了,当然你还要允许能匿名访问css,js,图片等资源,也要能访问login.jsp要不然,会出现定向循环错误。