Java 无法使用外部数据库的基于批注的Spring security配置登录_Java_Spring_Hibernate_Maven_Spring Security

Java 无法使用外部数据库的基于批注的Spring security配置登录

java spring hibernate maven spring-security

Java 无法使用外部数据库的基于批注的Spring security配置登录,java,spring,hibernate,maven,spring-security,Java,Spring,Hibernate,Maven,Spring Security,我正在按照这些链接配置spring security。我的问题是spring security的默认登录页未在我的应用程序中呈现，即我可以点击所有url。我是否遗漏了以下内容是我的配置 WebSecurityConfigurerAdapterimplementation- @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowir

我正在按照这些链接配置spring security。我的问题是spring security的默认登录页未在我的应用程序中呈现，即我可以点击所有url。我是否遗漏了以下内容是我的配置

WebSecurityConfigurerAdapter

implementation-

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private DataSource dataSource;

    @Autowired
    private CustomUserDetailsService customUserDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder registry) throws Exception {
        registry.userDetailsService(customUserDetailsService);
    }

      @Override
      public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
      }

      @Override
      protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
        .authorizeRequests()
            .antMatchers("/login","/login/form**","/register","/logout").permitAll()
            .antMatchers("/admin","/admin/**").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login/form")
            .loginProcessingUrl("/login")
            .failureUrl("/login/form?error")
            .permitAll();
      }
}

userdetails服务

implementation

@Component
public class CustomUserDetailsService implements UserDetailsService
{
    @Autowired
    private UserService userService;

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        User user = userService.findUserByEmail(userName);
        if(user == null){
            throw new UsernameNotFoundException("UserName "+userName+" not found");
        }
        return new SecurityUser(user);
    }
}

用户

实现-

public class SecurityUser extends User implements UserDetails
{

    private static final long serialVersionUID = 1L;
    public SecurityUser(User user) {
        if(user != null)
        {
            this.setId(user.getId());
            this.setName(user.getName());
            this.setEmail(user.getEmail());
            this.setPassword(user.getPassword());
            this.setDob(user.getDob());
            this.setRoles(user.getRoles());
        }       
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {

        Collection<GrantedAuthority> authorities = new ArrayList<>();
        List<Role> userRoles = this.getRoles();

        if(userRoles != null)
        {
            for (Role role : userRoles) {
                SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role.getRoleName());
                authorities.add(authority);
            }
        }
        return authorities;
    }

    @Override
    public String getPassword() {
        return super.getPassword();
    }

    @Override
    public String getUsername() {
        return super.getEmail();
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }   
}

此外，我尝试了我的自定义登录页面，即使这不是渲染-

<form:form id="loginForm" method="post" action="${appUrl}/controller/login"
                    modelAttribute="user" class="register" role="form">
                    <div class="form-group">
                        <div class="">
                            <input type="text" id="username" name="username"
                                class="form-control register-input" placeholder="UserName" />
                        </div>
                    </div>
                    <div class="form-group">
                        <div class="">
                            <input type="password" id="password" name="password"
                                class="form-control register-input" placeholder="Password" />
                        </div>
                    </div>
                    <input type="hidden" name="${_csrf.parameterName}"  value="${_csrf.token}" />
                    <div class="form-group">
                        <div class="col-sm-offset-3">
                            <input type="submit" class="btn btn-primary" value="Login">
                        </div>
                    </div>
                </form:form>

如果您想使用默认的spring登录页面，您不需要放置：

.formLogin()
        .loginPage("/login/form")  <--- this line is not needed for default spring login
        .loginProcessingUrl("/login")
        .failureUrl("/login/form?error")
        .permitAll(); <--- and this no need too

通过使用tag

form

，您需要包括

modeldattribute=”“

，并在控制器中以

@modeldattribute（“foo”）用户的身份调用它

，您应该注意，tag

form

在

中没有使用

name

，而是使用

路径

但是，您也可以使用不带标记的范式

form

，如果您正在使用它，则无需包含

modeldattribute=“”

，并将其用作范式

如果您的spring安全性没有触发，或者您仍然可以单击任意位置，这是因为

SpringWebAppInitializer

没有加载您的安全配置，并且它不知道配置是否存在。我建议您查找

WebApplicationInitializer

.formLogin()
        .loginPage("/login/form")  <--- this line is not needed for default spring login
        .loginProcessingUrl("/login")
        .failureUrl("/login/form?error")
        .permitAll(); <--- and this no need too

<form:form modelAttribute="foo" method="post" ...
<form:input type="text" id="username" path="username" ....