Spring Security自定义表单登录不使用自定义登录处理ngurl,返回404
我的项目使用SpringBoot1.5.6,目标是有两个独立的登录表单,一个用于标准用户,一个用于管理员 我的问题是Spring忽略了管理员和用户区域的Spring Security自定义表单登录不使用自定义登录处理ngurl,返回404,spring,spring-mvc,spring-boot,spring-security,Spring,Spring Mvc,Spring Boot,Spring Security,我的项目使用SpringBoot1.5.6,目标是有两个独立的登录表单,一个用于标准用户,一个用于管理员 我的问题是Spring忽略了管理员和用户区域的loginProcessingUrl的配置参数。 似乎从来没有为POST请求注册过处理程序 以下配置是本教程的改编版本: 网站安全配置 @Configuration @EnableWebSecurity public class WebSecurityConfig { @Autowired private UserDetail
loginProcessingUrl
的配置参数。
似乎从来没有为POST请求注册过处理程序
以下配置是本教程的改编版本:
网站安全配置
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Configuration
@Order(1)
public static class AdminSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
DaoAuthenticationProvider daoAuthenticationProvider;
public AdminSecurityConfigurationAdapter() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/admin/*")
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/loginAdmin")
.loginProcessingUrl("/doAdminLogin")
.failureUrl("/loginAdmin?error=loginError")
.defaultSuccessUrl("/admin/dashboard")
//TODO implement logout pages
.and()
.logout()
.logoutUrl("/admin_logout")
.logoutSuccessUrl("/protectedLinks")
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling()
.accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class UserSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
DaoAuthenticationProvider daoAuthenticationProvider;
public UserSecurityConfigurationAdapter() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider);
}
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/user/*")
.authorizeRequests()
.anyRequest()
.hasRole("USER")
.and()
.formLogin()
.loginPage("/loginUser")
.loginProcessingUrl("/doUserLogin")
.failureUrl("/loginUser?error=loginError")
.defaultSuccessUrl("/user/start")
//TODO configure logout
.and()
.logout()
.logoutUrl("/user_logout")
.logoutSuccessUrl("/protectedLinks")
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling()
.accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(encoder());
return authProvider;
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder(11);
}
o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade@3da35d95
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/doAdminLogin'; against '/admin/*'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/doAdminLogin'; against '/user/*'
o.s.security.web.FilterChainProxy : /doAdminLogin has no matching filters
o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/doAdminLogin]
s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /doAdminLogin
s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/doAdminLogin]
o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/doAdminLogin] are [/**]
o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/doAdminLogin] are {}
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/doAdminLogin] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@1bdb3e41]]] and 1 interceptor
o.s.web.cors.DefaultCorsProcessor : Skip CORS processing: request is from same origin
o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
o.s.web.servlet.DispatcherServlet : Successfully completed request
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/admin || /admin/dashboard]}" onto public java.lang.String org.app.controller.web.DashboardController.dashboard(java.lang.String,org.springframework.ui.Model)
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/loginUser]}" onto public java.lang.String org.app.controller.web.LoginController.loginUser()
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/loginAdmin]}" onto public java.lang.String org.app.controller.web.LoginController.loginAdmin()
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/user/rsvp]}" onto public java.lang.String org.app.controller.web.RsvpController.dashboard(java.lang.String,org.springframework.ui.Model)
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
以下是loginAdmin.html的相关部分:
以下是启动日志中有关RequestMappingHandler的部分:
启动日志
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Configuration
@Order(1)
public static class AdminSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
DaoAuthenticationProvider daoAuthenticationProvider;
public AdminSecurityConfigurationAdapter() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/admin/*")
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/loginAdmin")
.loginProcessingUrl("/doAdminLogin")
.failureUrl("/loginAdmin?error=loginError")
.defaultSuccessUrl("/admin/dashboard")
//TODO implement logout pages
.and()
.logout()
.logoutUrl("/admin_logout")
.logoutSuccessUrl("/protectedLinks")
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling()
.accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class UserSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
DaoAuthenticationProvider daoAuthenticationProvider;
public UserSecurityConfigurationAdapter() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider);
}
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/user/*")
.authorizeRequests()
.anyRequest()
.hasRole("USER")
.and()
.formLogin()
.loginPage("/loginUser")
.loginProcessingUrl("/doUserLogin")
.failureUrl("/loginUser?error=loginError")
.defaultSuccessUrl("/user/start")
//TODO configure logout
.and()
.logout()
.logoutUrl("/user_logout")
.logoutSuccessUrl("/protectedLinks")
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling()
.accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(encoder());
return authProvider;
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder(11);
}
o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade@3da35d95
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/doAdminLogin'; against '/admin/*'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/doAdminLogin'; against '/user/*'
o.s.security.web.FilterChainProxy : /doAdminLogin has no matching filters
o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/doAdminLogin]
s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /doAdminLogin
s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/doAdminLogin]
o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/doAdminLogin] are [/**]
o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/doAdminLogin] are {}
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/doAdminLogin] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@1bdb3e41]]] and 1 interceptor
o.s.web.cors.DefaultCorsProcessor : Skip CORS processing: request is from same origin
o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
o.s.web.servlet.DispatcherServlet : Successfully completed request
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/admin || /admin/dashboard]}" onto public java.lang.String org.app.controller.web.DashboardController.dashboard(java.lang.String,org.springframework.ui.Model)
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/loginUser]}" onto public java.lang.String org.app.controller.web.LoginController.loginUser()
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/loginAdmin]}" onto public java.lang.String org.app.controller.web.LoginController.loginAdmin()
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/user/rsvp]}" onto public java.lang.String org.app.controller.web.RsvpController.dashboard(java.lang.String,org.springframework.ui.Model)
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
s.w.s.m.m.a.RequestMappingHandlerMapping:将“{[/admin | |/admin/dashboard]}”映射到公共java.lang.String org.app.controller.web.DashboardController.dashboard(java.lang.String,org.springframework.ui.Model)
s、 w.s.m.m.a.RequestMappingHandlerMapping:将“{[/loginUser]}”映射到公共java.lang.String org.app.controller.web.LoginController.loginUser()上
s、 w.s.m.m.a.RequestMappingHandlerMapping:将“{[/loginAdmin]}”映射到公共java.lang.String org.app.controller.web.LoginController.loginAdmin()上
s、 w.s.m.m.a.RequestMappingHandlerMapping:将“{[/user/rsvp]}”映射到公共java.lang.String org.app.controller.web.RsvpController.dashboard(java.lang.String,org.springframework.ui.Model)
s、 w.s.m.m.a.RequestMappingHandlerMapping:将“{[/error]}”映射到public org.springframework.http.ResponseEntity org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
s、 w.s.m.m.a.RequestMappingHandlerMapping:将“{[/error],products=[text/html]}”映射到public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
o、 s.w.s.handler.SimpleUrlHandlerMapping:将URL路径[/webjars/**]映射到[class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]类型的处理程序上
o、 s.w.s.handler.SimpleUrlHandlerMapping:将URL路径[/**]映射到[class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]类型的处理程序上
o、 s.w.s.handler.SimpleUrlHandlerMapping:将URL路径[/**/favicon.ico]映射到[class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]类型的处理程序上
在我看来,loginProcessingUrl配置参数丢失了
任何帮助都将不胜感激
根据baeldung教程,它是antMatchers
定义:
用户:http.antMatcher(“/user*”)和loginUrlloginProcessingUrl(“/user\u login”)
在本例中,antMatcher与loginProcessingUrl定义匹配
新实施具有以下定义:
.antMatcher(“/user/*”)和loginUrlloginProcessingUrl(“/doUserLogin”)
在这种情况下,antMatcher与loginProcessingUrl定义不匹配
可能的解决方案(在此选项中,登录表单必须根据与Matcher定义匹配的新loginProcessUrl更改post方法)
更改loginProcessUrl以匹配anMatcher(“/users/*)
。loginProcessUrl(“/user/login”)
最后转到“管理”部分
希望此信息对您有所帮助。解决方案1对我不起作用,不确定这样链接蚂蚁匹配器是否有效?然后它只匹配第二个。无论如何,建议的解决方案2对我来说非常有效!