Java Spring Security 3.2和Spring MVC 4.0.1.0版本
我在使用gradle配置SpringWeb应用程序时遇到一些问题。 格拉德尔: 我有SecurityConfiguration.java类包含:Java Spring Security 3.2和Spring MVC 4.0.1.0版本,java,spring,spring-mvc,intellij-idea,spring-security,Java,Spring,Spring Mvc,Intellij Idea,Spring Security,我在使用gradle配置SpringWeb应用程序时遇到一些问题。 格拉德尔: 我有SecurityConfiguration.java类包含: package asd; import asd.UserDetailsServiceAdapter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org
package asd;
import asd.UserDetailsServiceAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
import org.springframework.web.servlet.support.RequestDataValueProcessor;
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackageClasses = UserDetailsServiceAdapter.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public RequestDataValueProcessor requestDataValueProcessor() {
return new CsrfRequestDataValueProcessor();
}
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**", "/signup").permitAll()
.anyRequest().authenticated().and()
.formLogin().and()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
// @formatter:on
@Autowired
public void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
}
我正在使用Intellij IDEA 13终极版。
当我试图编译我的应用程序时,我遇到以下错误:
java: cannot find symbol
symbol: method loginPage(java.lang.String)
location: class org.springframework.security.config.annotation.web.builders.HttpSecurity
我重现了这个问题,更改配置的顺序使编译工作正常:
http
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/resources/**", "/signup").permitAll()
.anyRequest().authenticated();
另请参见http://code>HttpSecurity的,它有许多示例。我建议您将其更改为更合适的,如下所示:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**"); // Ignore static resources
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login/**", "/login").permitAll()
.antMatchers("/**").authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.failureUrl("/loginfailed").permitAll()
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
}
当我去configure方法的超类实现时,它似乎有一个类似于我的错误。and()不是额外的。编译错误已消失。但它在浏览器中说“这个网页有一个重定向循环”。我不明白;我查看了很多spring security的示例,例如Rob Winch,但在我的环境中,我在这个示例中遇到了相同的错误。请尝试将permitAll()添加到formLogin(),这通常发生在登录页面本身受到保护的情况下,我已更新了我的帖子感谢您的帮助。这解决了我的问题。但我不明白为什么同一版本的示例之间会有差异。无论如何..相同的问题仍在继续。这是编译时错误。我认为这是由库依赖性引起的,但我不明白为什么。
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**"); // Ignore static resources
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login/**", "/login").permitAll()
.antMatchers("/**").authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.failureUrl("/loginfailed").permitAll()
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
}