FilterChainProxy: /j_spring_security_check has no matching filters

问题

I am trying to use Spring security default login mechanism and this is what I have configured in security.xml file

<http pattern="/customer/**" auto-config="true" use-expressions="true" authentication-manager-ref="customerAuthenticationManager">
<intercept-url pattern="/customer" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/*.html" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/*/*.html" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/shop/customer/logon.html*" access="permitAll" />
<intercept-url pattern="/shop/customer/denied.html" access="permitAll"/>
<intercept-url pattern="/shop/customer/j_spring_security_check" access="permitAll"/>

<form-login login-processing-url="/shop/customer/j_spring_security_check" login-page="/shop/home.html"
   authentication-success-handler-ref="webshopAuthenticationSuccessHandler" 
/>
<logout invalidate-session="true" 
            logout-success-url="/customer/home.html" 
            logout-url="/customer/j_spring_security_logout" />
        <access-denied-handler error-page="/customer/denied.html"/>
</http>

This is how I have configured spring security in web.xml

<filter>
 <filter-name>springSecurityFilterChain</filter-name>
 <filter-class>
   org.springframework.web.filter.DelegatingFilterProxy
 </filter-class>
</filter>
<filter-mapping>
 <filter-name>springSecurityFilterChain</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

And this is how I am submitting my form using ajax

 var data = $(this).serializeObject();
            $.ajax({
                'type': "POST",
                'url': "<c:url value="/shop/customer/j_spring_security_check"/>",
                'data': data,
               'success': function(result) {
             }
            });
   return false;
 });

But no authentication is getting triggered and I am getting 404 error, but have seen following information in console

DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/shop/customer/j_spring_security_check'; against '/admin/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/shop/customer/j_spring_security_check'; against '/customer/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/shop/customer/j_spring_security_check'; against '/shop/services/private/**'
DEBUG org.springframework.security.web.FilterChainProxy: /shop/customer/j_spring_security_check has no matching filters
DEBUG org.springframework.web.servlet.DispatcherServlet: DispatcherServlet with name 'appServlet' processing POST request for [/sm-shop/shop/customer/j_spring_security_check]
DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Looking up handler method for path /shop/customer/j_spring_security_check
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/resources/img/loading.gif'; against '/admin/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/resources/img/loading.gif'; against '/customer/**'
DEBUG org.springframework.security.web.util.AntPathRequestMatcher: Checking match of request : '/resources/img/loading.gif'; against '/shop/services/private/**'

....

DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Did not find handler method for [/shop/customer/j_spring_security_check]
WARN org.springframework.web.servlet.PageNotFound: No mapping found for HTTP request with URI [/sm-shop/shop/customer/j_spring_security_check] in DispatcherServlet with name 'appServlet'

any idea?

回答1:

• Are you having multiple http configurations? If not, you do not need to specify <http pattern="/customer/**"...>.
• If you have multiple http configuration sections and using Spring Security 3.1+, from the reference:

  Defining a pattern for the http element controls the requests which will be filtered through the list of filters which it defines.

This means that you should define multiple security filters with the same pattern so that Spring will match them separately. And, if no pattern is defined for http, it defaults to /* which you've defined in your web.xml. So, if you do not have a specific restriction, it may be easier to first test if this work for you with all http configuration in one element and then extend to multiple ones.

• Try to configure from most specific to more general patterns.
• Try to use to use wildcard option towards the end of the configuration.
• And I believe the one with pattern="/customer/*/*.html" should be pattern="/customer/**/*.html". It is missing one *.

So based on what I said:

<http auto-config="true" use-expressions="true" authentication-manager-ref="customerAuthenticationManager">
<intercept-url pattern="/shop/customer/logon.html*" access="permitAll" />
<intercept-url pattern="/shop/customer/denied.html" access="permitAll"/>
<intercept-url pattern="/shop/customer/j_spring_security_check" access="permitAll"/>
<intercept-url pattern="/customer" access="hasRole('AUTH_CUSTOMER')" />
// XXX: bring in also your /admin configuration before the wildcards
<intercept-url pattern="/customer/*.html" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/**/*.html" access="hasRole('AUTH_CUSTOMER')" />
...

Hope this helps.

来源：https://stackoverflow.com/questions/20661872/filterchainproxy-j-spring-security-check-has-no-matching-filters