Java spring引导和spring安全自定义登录页和控制器
我想通过自定义控制器和登录页面对登录和注销进行更多控制 我的SecurityConfiguration代码当前如下所示:Java spring引导和spring安全自定义登录页和控制器,java,forms,spring-boot,spring-security,http-post,Java,Forms,Spring Boot,Spring Security,Http Post,我想通过自定义控制器和登录页面对登录和注销进行更多控制 我的SecurityConfiguration代码当前如下所示: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired private Sp
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private SpringDataJpaUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(this.userDetailsService)
.passwordEncoder(Manager.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/built/**", "/main.css", "/login.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/loginSecure")
.defaultSuccessUrl("/index", true)
.permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.csrf().disable()
.logout()
.permitAll();
}
}
我的控制器中的登录配置:
@RequestMapping(value = "/login")
public String login() {
return "login";
}
@RequestMapping(value="/loginSecure", method = RequestMethod.POST)
public String login(@RequestAttribute("username") String userName, @RequestAttribute("password") String password) {
//does the authentication
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
userName,
password
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
return "index";
}
我的控制器中的我的loginSecure映射:
@RequestMapping(value = "/login")
public String login() {
return "login";
}
@RequestMapping(value="/loginSecure", method = RequestMethod.POST)
public String login(@RequestAttribute("username") String userName, @RequestAttribute("password") String password) {
//does the authentication
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
userName,
password
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
return "index";
}
My login.html:
<form class="login100-form validate-form" action="/loginSecure" method="post">
<span class="login100-form-title p-b-26">
Welcome
</span>
<span class="login100-form-title p-b-48">
<i class="zmdi zmdi-font"></i>
</span>
<div class="wrap-input100 validate-input" data-validate = "Valid email is: a@b.c">
<input class="input100" type="text" id="username" name="username"/>
<span class="focus-input100" data-placeholder="Email/Username"></span>
</div>
<div class="wrap-input100 validate-input" data-validate="Enter password">
<span class="btn-show-pass">
<i class="zmdi zmdi-eye"></i>
</span>
<input class="input100" type="password" id="password" name="password"/>
<span class="focus-input100" data-placeholder="Password"></span>
</div>
<div class="container-login100-form-btn">
<div class="wrap-login100-form-btn">
<div class="login100-form-bgbtn"></div>
<button class="login100-form-btn">
Login
</button>
</div>
</div>
</form>
欢迎
登录
当我提交表单时,在chrome开发工具中它作为loginSecure提交?使用url编码,但它只是再次重定向回login.html。
编辑:从login.html中删除了额外表单,并添加了csfr()。禁用securityConfiguration。将loginProcessUrl添加到httpSecurity,并修复了它。以上代码有效 从您编写的内容来看,我想问题在于,单击“登录”后,您的应用程序会遇到两个请求 我认为问题在于你的登录页面有两个表单,一个表单在另一个表单中。因此,当您单击“登录”时,两个表单都会发送它们的请求。您可以在Chrome开发者工具中验证这一点
正如您在这里看到的,HTML不允许嵌套表单如果您创建自定义登录HTML和自定义身份验证程序,则需要将其添加到HttpSecurity config->.loginProcessingUrl(“/loginSecure”)
这里有一个很好的例子->是的,这是一个错误!我使用了一个现有的模板,查看了代码,认为还有其他表单,但看不到,也没有搜索。需要退后一步。谢谢你的现场!