Spring4.0的JavaConfiguration+;安全3.2+;j_弹簧_安全检查
创建登录页面Spring4.0的JavaConfiguration+;安全3.2+;j_弹簧_安全检查,spring,spring-mvc,spring-security,spring-java-config,Spring,Spring Mvc,Spring Security,Spring Java Config,创建登录页面 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <!DOCTYPE html> <html> <head> <meta charset="ISO-8859-1"> <title>Test</title> <script src="static/js/jque
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Test</title>
<script src="static/js/jquery-1.10.2.min.js"></script>
<script src="static/js/app-controller.js"></script>
</head>
<body>
<div>Login</div>
<form name="f" action="<c:url value="/j_spring_security_check"/>" method="POST">
<label for="password">Username</label> <input type="text" id="j_username" name="j_username"><br/>
<label for="password">Password</label> <input type="password" id="j_password" name="j_password"><br/>
<input type="submit" value="Validate"> <input name="reset" type="reset">
<input type="hidden" id="${_csrf.parameterName}" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
<hr/>
<c:if test="${param.error != null}">
<div>
Failed to login.
<c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
</c:if>
</div>
</c:if>
<hr/>
<input type="button" value="Echo" id="echo" name="echo" onclick="AppController.echo();">
<div id="echoContainer"></div>
</body>
</html>
@EnableWebMvc
@Configuration
@ComponentScan(basePackages = {
"com.app.controller",
"com.app.service",
"com.app.dao"
})
public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/view/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/page").setViewName("page");
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("static/**").addResourceLocations("static/");
}
}
public class SecurityWebAppInitializer
extends AbstractSecurityWebApplicationInitializer { }
public class Initializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[]{WebSecurityConfigurer.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[]{WebMvcConfigurer.class, DataSourceConfigurer.class};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
}
公共类初始值设定项扩展AbstractAnnotationConfigDispatchers ServletInitializer{
@凌驾
受保护类[]getRootConfigClasses(){
返回新类[]{websecurityconfig.Class};
}
@凌驾
受保护类[]getServletConfigClasses(){
返回新类[]{webmvcconfiguer.Class,datasourceconfigure.Class};
}
@凌驾
受保护的字符串[]getServletMappings(){
返回新字符串[]{”/“};
}
}
@Component
@ComponentScan(basePackages = {"com.app.service"})
public class CustomAuthenticationProvider implements AuthenticationProvider {
private static final Logger LOG = LoggerFactory.getLogger(CustomAuthenticationProvider.class);
@Inject
private AppService service;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//Thread.dumpStack();
String username = authentication.getName();
String password = authentication.getCredentials().toString();
String message = String.format("Username: '%s' Password: '%s'", username, password);
UserBean userBean = service.validate(username, password);
LOG.debug(message);
if (userBean != null) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("USER"));
return new UsernamePasswordAuthenticationToken(userBean, authentication, grantedAuths);
} else {
String error = String.format("Invalid credentials [%s]", message);
throw new BadCredentialsException(error);
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
@组件
@ComponentScan(basePackages={“com.app.service”})
公共类CustomAuthenticationProvider实现AuthenticationProvider{
私有静态最终记录器日志=LoggerFactory.getLogger(CustomAuthenticationProvider.class);
@注入
私人应用软件服务;
@凌驾
公共身份验证(身份验证)引发AuthenticationException{
//Thread.dumpStack();
字符串username=authentication.getName();
字符串密码=authentication.getCredentials().toString();
String message=String.format(“用户名:'%s'密码:'%s',用户名,密码”);
UserBean UserBean=service.validate(用户名、密码);
LOG.debug(消息);
if(userBean!=null){
List grantedAuths=new ArrayList();
grantedAuths.add(新的SimpleGrantedAuthority(“用户”);
返回新的UsernamePasswordAuthenticationToken(userBean、authentication、grantedAuths);
}否则{
字符串错误=String.format(“无效凭据[%s]”,消息);
抛出新的BadCredentialsException(错误);
}
}
@凌驾
公共布尔支持(类身份验证){
返回authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
谢谢。在3.2版中,post参数已从j_用户名更改为用户名,j_密码更改为密码。登录url也已从/j_spring_security_check更改为/login 有关实施此更改的原因的解释,请参阅此链接:。这些是变化:
- GET/login呈现登录页面,而不是/spring\u security\u login
- POST/login对用户进行身份验证,而不是/j_spring_安全检查
- username参数默认为username,而不是j_username
- password参数默认为password,而不是j_password
下面是一个登录表单示例:@zeh:authenticate方法上的身份验证参数是什么样的?它的属性值是什么?@vincentks凭据和主体都是空的。在firebug网络控制台中检查时,这两个参数都被调度。看起来他们在某个时候迷路了。当我使用新的Spring功能(Java配置)时,可能Spring安全性会搜索另一个参数对名称(不是j_用户名或j_密码),我猜。我刚刚添加了一个控制器,通过echo方法绕过验证,携带用户名和密码,它们也是空的,使用@RequestParami我使用的是3.2-RC2,j_用户名和j_密码仍然有效。。。他们是否更改了RC2的参数和url名称?@pasemes确实如此!我只是来这里更新代码的。我在这里找到了这个,但正如你之前提到的,我给你指了指,谢谢。
@Component
@ComponentScan(basePackages = {"com.app.service"})
public class CustomAuthenticationProvider implements AuthenticationProvider {
private static final Logger LOG = LoggerFactory.getLogger(CustomAuthenticationProvider.class);
@Inject
private AppService service;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//Thread.dumpStack();
String username = authentication.getName();
String password = authentication.getCredentials().toString();
String message = String.format("Username: '%s' Password: '%s'", username, password);
UserBean userBean = service.validate(username, password);
LOG.debug(message);
if (userBean != null) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("USER"));
return new UsernamePasswordAuthenticationToken(userBean, authentication, grantedAuths);
} else {
String error = String.format("Invalid credentials [%s]", message);
throw new BadCredentialsException(error);
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}