Fatal编程技术网
  • angular/
  • Angular 用于在spring security中登录的spring控制器

Angular 用于在spring security中登录的spring控制器

angular spring-security

Angular 用于在spring security中登录的spring控制器,angular,spring-security,Angular,Spring Security,我试图在一个angular SringBoot应用程序中使用Spring security实现表单身份验证。 我在网上找到了这个例子: 安全配置的代码 @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/login") .permitAll()

我试图在一个angular SringBoot应用程序中使用Spring security实现表单身份验证。 我在网上找到了这个例子:

安全配置的代码

   @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/login")
            .permitAll()
        .antMatchers("/**")
            .hasAnyRole("ADMIN", "USER")
        .and()
            .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/home")
            .failureUrl("/login?error=true")
            .permitAll()
.and()
    .logout()
    .logoutSuccessUrl("/login?logout=true")
    .invalidateHttpSession(true)
    .permitAll()
.and()
    .csrf()
    .disable();
控制器的代码

@Controller
public class LoginController 
{
    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String loginPage(@RequestParam(value = "error", required = false) String error, 
                            @RequestParam(value = "logout", required = false) String logout,
                            Model model) {
        String errorMessge = null;
        if(error != null) {
            errorMessge = "Username or Password is incorrect !!";
        }
        if(logout != null) {
            errorMessge = "You have been successfully logged out !!";
        }
        model.addAttribute("errorMessge", errorMessge);
        return "login";
    }

    @RequestMapping(value="/logout", method = RequestMethod.GET)
    public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (auth != null){    
            new SecurityContextLogoutHandler().logout(request, response, auth);
        }
        return "redirect:/login?logout=true";
    }
}
在我的例子中,我想实现一个登录控制器,它是一个POST请求,userDTO作为@RequestBody:响应userDTO对象

@RestController
@RequestMapping({"/api/user"})
public class UserController {

    @Autowired
    private UserService userService;

    @RequestMapping(value = "/login",
    method = RequestMethod.POST)
    public @ResponseBody UserDTO login(@RequestBody UserDTO userDTO){
        String message = userService.checkIfUserExistsAndGoodCredential(userDTO);
        if (message.isEmpty()) {
            userDTO = userService.findByEmailAndPassword(userDTO.getEmail(), userDTO.getPassword());
            userDTO.setPassword("");
        } else {
            userDTO.setMessage(message);
        }
        return userDTO;
    }
如何正确实施它?

不,您不想这样做。这基本上是绕过了Spring安全性。而是在Spring security中扩展或修改默认用户名/密码过滤器。谢谢M Deinum。这很有帮助