Java 具有多个登录页面的Spring Security只接受订单1
我有一个SpringBoot应用程序,其中登录页面将位于索引(nav)和登录页面。我做了订单注释配置,但是它只按预期工作订单1(通过切换订单测试,1仅正常工作)对于订单2错误:不支持请求方法“POST”,知道吗Java 具有多个登录页面的Spring Security只接受订单1,java,spring,authentication,spring-security,controller,Java,Spring,Authentication,Spring Security,Controller,我有一个SpringBoot应用程序,其中登录页面将位于索引(nav)和登录页面。我做了订单注释配置,但是它只按预期工作订单1(通过切换订单测试,1仅正常工作)对于订单2错误:不支持请求方法“POST”,知道吗 @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Qualifier("userDetailsServiceImpl")
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Qualifier("userDetailsServiceImpl")
@Autowired
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Configuration
@Order(1)
public static class WebSecurityConfig1 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(new AntPathRequestMatcher("/**"))
.authorizeRequests()
.antMatchers("/resources/**", "/registration", "/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/loginIndex")
.usernameParameter("username")
.passwordParameter("password")
.failureUrl("/loginIndex?error")
.loginProcessingUrl("/loginIndex")
.permitAll()
.and()
.logout()
.permitAll();
}
}
@Configuration
@Order(2)
public static class WebSecurityConfig2 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(new AntPathRequestMatcher("/**"))
.authorizeRequests()
.antMatchers("/resources/**", "/registration","/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.failureUrl("/login?error")
.loginProcessingUrl("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
}
@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return authenticationManager();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
配置中的问题
WebSecurityConfig1
和WebSecurityConfig2
都配置为匹配每个URL。ie新的AntPathRequestMatcher(“/**”
@Order(1)
将始终满足所有请求/user
开头的URL进入登录页面(“/loginIndex”)
,其他所有内容进入登录页面(“/login”)
。您可以通过在WebSecurityConfig1中将新AntPathRequestMatcher(“/**”)替换为(新AntPathRequestMatcher(“/user*”)
)来实现这一点