Java 面临SpringBoot安全模块登录错误
我正在创建具有登录功能的SpringBootBasic应用程序 我的登录功能不起作用,正在生成下面的调试日志Java 面临SpringBoot安全模块登录错误,java,spring,spring-boot,jakarta-ee,spring-security,Java,Spring,Spring Boot,Jakarta Ee,Spring Security,我正在创建具有登录功能的SpringBootBasic应用程序 我的登录功能不起作用,正在生成下面的调试日志 2019-09-26 14:50:01.262 DEBUG 3720 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade@6deb15fd 2019-09-2
2019-09-26 14:50:01.262 DEBUG 3720 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade@6deb15fd
2019-09-26 14:50:01.277 DEBUG 3720 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@6deb15fd
package com.sourabh.app.controller;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.sourabh.app.repository.SpringJava4sDAO;
import com.sourabh.model.Customer;
@RestController
public class MainAppController {
@Autowired
public SpringJava4sDAO dao;
@RequestMapping("/")
public String welcome() {
return "Welcome to Sring boot application";
}
@RequestMapping("/userlogin")
public String userValidation() {
return "User: Successfully logged in!";
}
@RequestMapping("/adminlogin")
public String adminValidation() {
return "Admin: Successfully logged in!";
}
}
package com.sourabh.app.configs;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
// Authentication : set user/password details and mention the role
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance())
.withUser("user").password("pass").roles("USER")
.and()
.withUser("admin").password("pass").roles("USER", "ADMIN");
}
// Authorization : mention which role can access which URL
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/userlogin").hasRole("USER")
.antMatchers("/adminlogin").hasRole("ADMIN")
.and()
.csrf().disable().headers().frameOptions().disable();
}
}
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
`.antMatchers/userlogin.hasRoleUSER,`login应该允许吗?@Jerry06抱歉什么?我是春天的新手,还在学习。你能详细说明一下吗?@SSP Jerry的意思是你在保护你的登录端点。因此,当任何人试图访问/userlogin或/adminlogin时,Spring实际上会检查他们是否已登录。用permitAll替换hasRoleROLE可以解决这个问题。这样,任何人都可以访问登录端点sanged antMatchers/userlogin.hasRoleUSER到antMatchers/userlogin.permitAll。仍然不起作用。@SSP好吧,到底是什么不起作用,你期望发生什么?@SSP我没有注意到。建议在你的配置中使用.httpBasic.formLogin。因为没有注意到。httpBasic我完全专注于身份验证过滤器。删除以前的答案并添加新答案。否。我遵循了这一点。我想一定还有别的错误。所以现在我使用的是spring标准指南。
package com.sourabh.app;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.support.SpringBootServletInitializer;
@SpringBootApplication
public class MainApp extends SpringBootServletInitializer {
public static void main(String[] args) {
SpringApplication.run(MainApp.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(MainApp.class);
}
}