Security 未调用Spring安全自定义登录表单
我试图将SpringMVCWeb应用程序配置为使用自定义登录表单,以便使用注释进行身份验证。我的问题是,自定义登录表单从未打开,但我总是得到标准的spring安全登录表单 我已经定义了以下Security 未调用Spring安全自定义登录表单,security,spring-mvc,login,spring-security,configuration,Security,Spring Mvc,Login,Spring Security,Configuration,我试图将SpringMVCWeb应用程序配置为使用自定义登录表单,以便使用注释进行身份验证。我的问题是,自定义登录表单从未打开,但我总是得到标准的spring安全登录表单 我已经定义了以下SecurityConfiguration类: package com.test.spring.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.
SecurityConfiguration
类:
package com.test.spring.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@EnableWebSecurity
public class SecurityConfiguration {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/home")
.usernameParameter("user_login")
.passwordParameter("user_password")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.permitAll()
.and()
.csrf()
.and()
.sessionManagement()
.invalidSessionUrl("/login?time=1")
.maximumSessions(10);
}
}
package com.test.spring.config;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
和SecurityWebApplicationInitializer
class:
package com.test.spring.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@EnableWebSecurity
public class SecurityConfiguration {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/home")
.usernameParameter("user_login")
.passwordParameter("user_password")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.permitAll()
.and()
.csrf()
.and()
.sessionManagement()
.invalidSessionUrl("/login?time=1")
.maximumSessions(10);
}
}
package com.test.spring.config;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
此外,我还创建了自定义登录表单作为login.html
,因此我假设配置将加载我的login.html
文件,而不是标准的spring安全登录表单
无论我做什么,我都会得到标准的登录表单:
我还配置了我的控制器:
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
return "login";
}
看起来我的安全配置根本没有加载
问题在哪里?终于解决了 解决方案非常简单。我的安全配置根本没有加载,因为
SecurityConfiguration
类必须扩展websecurityConfigureAdapter
之后,配置被加载,一切都按预期工作
因此,取而代之的是
public class SecurityConfiguration
应该有
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
只是为了测试您在访问/spring/login.htmlFollow时拥有的功能,可能是您丢失了控制器的URL/spring/login.html配置重定向回/spring/login和标准登录formI也遵循了spring安全指南,但这无助于解决我的问题…仍在试图找出什么是错误的您做了这个注册表。addViewController(“/login”).setViewName(“login”);