Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/selenium/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring Security 5始终302_Java_Spring_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring Security 5始终302

Java Spring Security 5始终302

java spring spring-boot spring-security

Java Spring Security 5始终302,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,我试图测试使用标准Spring安全api保护的web api,但是每当我登录到应用程序时,/test.html api总是返回302重定向。 用户名:admin/ 密码:admin 包com.example.demo; 导入org.springframework.boot.SpringApplication; 导入org.springframework.boot.autoconfigure.springboot应用程序; 导入org.springframework.web.bind.annot

我试图测试使用标准Spring安全api保护的web api,但是每当我登录到应用程序时,/test.html api总是返回302重定向。 用户名:admin/ 密码:admin

包com.example.demo; 导入org.springframework.boot.SpringApplication; 导入org.springframework.boot.autoconfigure.springboot应用程序; 导入org.springframework.web.bind.annotation.RequestMapping; 导入org.springframework.web.bind.annotation.RestController; @RestController @SpringBoot应用程序 公共类演示应用程序{ 公共静态void main(字符串[]args){ run(DemoApplication.class,args); } @请求映射(“/hello”) 公共字符串hello(){ 回复“你好”; } }
包com.example.demo; 导入org.springframework.context.annotation.Bean; 导入org.springframework.context.annotation.Configuration; 导入org.springframework.security.config.annotation.web.builders.HttpSecurity; 导入org.springframework.security.config.annotation.web.configuration.websecurityConfigureAdapter; 导入org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 导入org.springframework.security.crypto.password.PasswordEncoder; @配置 @启用Web安全性 公共类BrowserSecurityConfig扩展了WebSecurity配置适配器{ @豆子 公共密码编码器PasswordEncoder(){ 返回新的BCryptPasswordEncoder(); } @凌驾 受保护的无效配置(HttpSecurity http)引发异常{ http.formLogin() .loginPage(“/test.html”).permitAll() .loginProcessingUrl(“/user/login”) .及() .授权请求() .antMatchers(“/test.html”).permitAll() .anyRequest() .authenticated(); } }
包com.example.demo; 导入org.springframework.security.core.authority.AuthorityUtils; 导入org.springframework.security.core.userdetails.User; 导入org.springframework.security.core.userdetails.userdetails; 导入org.springframework.security.core.userdetails.userdetails服务; 导入org.springframework.security.core.userdetails.UsernameNotFoundException; 导入org.springframework.stereotype.Component; @组成部分 公共类UserDetailsServiceImpl实现UserDetailsService{ @凌驾 public UserDetails loadUserByUsername(字符串s)引发UsernameNotFoundException{ 返回新用户(“管理员”, “$2a$10$VS7VEYVAGYVLXXPP94O7BCMZCF2HGUMH2VA6XDVCJ2MK8UFZRI”, AuthorityUtils.commaSeparatedStringToAuthorityList(“admin”); } }

完成

跨站点请求伪造

@凌驾 受保护的无效配置(HttpSecurity http)引发异常{ http.formLogin() .loginPage(“/test.html”).permitAll() .loginProcessingUrl(“/user/login”) .及() .授权请求() .antMatchers(“/test.html”).permitAll() .anyRequest() .authenticated() .及()+ .csrf()+ .disable()+ }
您需要在
.hasAnyRole
之后放置,然后放置用户的角色 放置这些之后,需要放置
.anyRequest().authenticated()
这就是全部

重定向(302)的位置吗?您没有登录。因此,您将被重定向到登录页面(
/test.html
)。 package com.example.demo; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @RestController @SpringBootApplication public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } @RequestMapping("/hello") public String hello() { return "hello"; } } package com.example.demo; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration @EnableWebSecurity public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() .loginPage("/test.html").permitAll() .loginProcessingUrl("/user/login") .and() .authorizeRequests() .antMatchers("/test.html").permitAll() .anyRequest() .authenticated(); } } package com.example.demo; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; @Component public class UserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { return new User("admin", "$2a$10$vs7veyVUaqeGyVlxXpp94O7BcmzcF2HGUmH2va6XDVCj2mK8uFzRi", AuthorityUtils.commaSeparatedStringToAuthorityList("admin")); } } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() .loginPage("/test.html").permitAll() .loginProcessingUrl("/user/login") .and() .authorizeRequests() .antMatchers("/test.html").permitAll() .anyRequest() .authenticated() .and() + .csrf() + .disable(); + }