Java 无法使用外部数据库的基于批注的Spring security配置登录
我正在按照这些链接配置spring security。我的问题是spring security的默认登录页未在我的应用程序中呈现,即我可以点击所有url。我是否遗漏了以下内容是我的配置Java 无法使用外部数据库的基于批注的Spring security配置登录,java,spring,hibernate,maven,spring-security,Java,Spring,Hibernate,Maven,Spring Security,我正在按照这些链接配置spring security。我的问题是spring security的默认登录页未在我的应用程序中呈现,即我可以点击所有url。我是否遗漏了以下内容是我的配置 WebSecurityConfigurerAdapterimplementation- @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowir
WebSecurityConfigurerAdapter
implementation-
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder registry) throws Exception {
registry.userDetailsService(customUserDetailsService);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/login","/login/form**","/register","/logout").permitAll()
.antMatchers("/admin","/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.permitAll();
}
}
userdetails服务
implementation
@Component
public class CustomUserDetailsService implements UserDetailsService
{
@Autowired
private UserService userService;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userService.findUserByEmail(userName);
if(user == null){
throw new UsernameNotFoundException("UserName "+userName+" not found");
}
return new SecurityUser(user);
}
}
用户
实现-
public class SecurityUser extends User implements UserDetails
{
private static final long serialVersionUID = 1L;
public SecurityUser(User user) {
if(user != null)
{
this.setId(user.getId());
this.setName(user.getName());
this.setEmail(user.getEmail());
this.setPassword(user.getPassword());
this.setDob(user.getDob());
this.setRoles(user.getRoles());
}
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Collection<GrantedAuthority> authorities = new ArrayList<>();
List<Role> userRoles = this.getRoles();
if(userRoles != null)
{
for (Role role : userRoles) {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role.getRoleName());
authorities.add(authority);
}
}
return authorities;
}
@Override
public String getPassword() {
return super.getPassword();
}
@Override
public String getUsername() {
return super.getEmail();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
此外,我尝试了我的自定义登录页面,即使这不是渲染-
<form:form id="loginForm" method="post" action="${appUrl}/controller/login"
modelAttribute="user" class="register" role="form">
<div class="form-group">
<div class="">
<input type="text" id="username" name="username"
class="form-control register-input" placeholder="UserName" />
</div>
</div>
<div class="form-group">
<div class="">
<input type="password" id="password" name="password"
class="form-control register-input" placeholder="Password" />
</div>
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<div class="form-group">
<div class="col-sm-offset-3">
<input type="submit" class="btn btn-primary" value="Login">
</div>
</div>
</form:form>
如果您想使用默认的spring登录页面,您不需要放置:
.formLogin()
.loginPage("/login/form") <--- this line is not needed for default spring login
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.permitAll(); <--- and this no need too
通过使用tagform
,您需要包括modeldattribute=”“
,并在控制器中以@modeldattribute(“foo”)用户的身份调用它
,您应该注意,tagform
在
中没有使用name
,而是使用路径
但是,您也可以使用不带标记的范式form
,如果您正在使用它,则无需包含modeldattribute=“”
,并将其用作范式
如果您的spring安全性没有触发,或者您仍然可以单击任意位置,这是因为SpringWebAppInitializer
没有加载您的安全配置,并且它不知道配置是否存在。我建议您查找WebApplicationInitializer
.formLogin()
.loginPage("/login/form") <--- this line is not needed for default spring login
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.permitAll(); <--- and this no need too
<form:form modelAttribute="foo" method="post" ...
<form:input type="text" id="username" path="username" ....