Spring boot Springboot Web安全配置未重定向到登录页面
我创建了一个小应用程序来学习sprint boot web安全性。这个示例应用程序的灵感主要来自Spring Boot in Action手册中提供的部分说明 我面临的问题是,尽管像下面这样配置了访问权限,但当我打开应用程序时,并没有导航到登录页面。它会直接打开由表示的页面。据我所知,如果应用了spring安全性if.access,那么为了在默认情况下检查访问,spring应该将用户重定向到登录页面。但事实并非如此Spring boot Springboot Web安全配置未重定向到登录页面,spring-boot,Spring Boot,我创建了一个小应用程序来学习sprint boot web安全性。这个示例应用程序的灵感主要来自Spring Boot in Action手册中提供的部分说明 我面临的问题是,尽管像下面这样配置了访问权限,但当我打开应用程序时,并没有导航到登录页面。它会直接打开由表示的页面。据我所知,如果应用了spring安全性if.access,那么为了在默认情况下检查访问,spring应该将用户重定向到登录页面。但事实并非如此 package com.example.readingList; import
package com.example.readingList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private ReaderRepository readerRepository;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.
authorizeRequests()
.antMatchers("/readers").access("hasRole('READER')")
.antMatchers("/login").permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.failureUrl("/login?error=true");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return readerRepository.getOne(username);
}
});
}
}
但如果我将代码改为下面的代码,那么在浏览时我会被重定向到登录页面。第一个构造有什么错误?我是说为什么,访问不起作用
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private ReaderRepository readerRepository;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.
authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.failureUrl("/login?error=true");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return readerRepository.getOne(username);
}
});
}
}
下面是ReaderRepository是如何编写的
package com.example.readingList;
import org.springframework.data.jpa.repository.JpaRepository;
public interface ReaderRepository extends JpaRepository<Reader, String> {
}
ReadingListController类
package com.example.readingList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import java.util.List;
@Controller
public class ReadingListController {
private ReadingListRepository readingListRepository;
@Autowired
public ReadingListController(ReadingListRepository readingListRepository)
{
this.readingListRepository = readingListRepository;
}
@RequestMapping(value="/readers/{reader}", method= RequestMethod.GET)
public String readersBook(@PathVariable("reader") String reader, Model model)
{
List<Book> readingList = readingListRepository.findByReader(reader);
if (readingList.isEmpty() == false) {
model.addAttribute("books", readingList);
}
return "readingList";
}
@RequestMapping(value="/readers/{reader}", method= RequestMethod.POST)
public String addToReadingList(@PathVariable("reader") String reader, Book book)
{
book.setReader(reader);
readingListRepository.save(book);
return "redirect:/readers/{reader}";
}
}
它与AntPathRequestMatcher有关。在第一个示例中,调用.antMatchers/readers.accesshasRole'READER'将与/readers/ishwar不匹配
当然,authorizeRequests.anyRequest.authorized会,这就是为什么会出现不同的行为
请尝试以下操作:
http.antMatchers("/readers/**")
.access("hasRole('READER')")
...
@Configuration
@SpringBootApplication
public class ReadingListApplication implements WebMvcConfigurer
{
public static void main(String[] args) {
SpringApplication.run(ReadingListApplication.class, args);
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
}
package com.example.readingList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import java.util.List;
@Controller
public class ReadingListController {
private ReadingListRepository readingListRepository;
@Autowired
public ReadingListController(ReadingListRepository readingListRepository)
{
this.readingListRepository = readingListRepository;
}
@RequestMapping(value="/readers/{reader}", method= RequestMethod.GET)
public String readersBook(@PathVariable("reader") String reader, Model model)
{
List<Book> readingList = readingListRepository.findByReader(reader);
if (readingList.isEmpty() == false) {
model.addAttribute("books", readingList);
}
return "readingList";
}
@RequestMapping(value="/readers/{reader}", method= RequestMethod.POST)
public String addToReadingList(@PathVariable("reader") String reader, Book book)
{
book.setReader(reader);
readingListRepository.save(book);
return "redirect:/readers/{reader}";
}
}
http.antMatchers("/readers/**")
.access("hasRole('READER')")
...