Spring 如何通过@RestController中的authenticate方法将登录表单重定向到@Controller中的html文件?
这是登录表Spring 如何通过@RestController中的authenticate方法将登录表单重定向到@Controller中的html文件?,spring,security,authentication,redirect,Spring,Security,Authentication,Redirect,这是登录表 <html lang="en"> <head> <meta charset="utf-8"> <title>Login Customer</title> </head> <body> <div class="container"> <form class="form-signin"
<html lang="en">
<head>
<meta charset="utf-8">
<title>Login Customer</title>
</head>
<body>
<div class="container">
<form class="form-signin" method="POST" action="/api/v1/auth/login">
<h2 class="form-signin-heading">Login</h2>
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username" class="form-control" placeholder="Username" required>
</p>
<p>
<label for="password">Password</label>
<input type="password" id="password" name="password" class="form-control" placeholder="Password" required>
</p>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</div>
</body>
</html>
这里是@Controller,我用它来获取我的登录页面和成功页面
@Controller
@RequestMapping("/auth")
public class AuthController {
@GetMapping("/login")
public String getLoginPage(){
return "login";
}
@GetMapping("/success")
public String getSuccessPage(){
return "success";
}
}
它不起作用,因为使用控制器时,您绕过了Spring Security的原始登录,这样配置就不会应用。您将按原样从控制器返回响应,并完全绕过Spring安全登录配置。因此,您可以从login方法返回一个JWT令牌,或者使用Spring安全性进行登录,并让它处理它。您无法执行2次响应,返回一个令牌并转到默认主页。感谢您的帮助,它不起作用,因为您的控制器绕过了Spring Security的原始登录,因此配置将不适用。您将按原样从控制器返回响应,并完全绕过Spring安全登录配置。因此,您可以从login方法返回一个JWT令牌,或者使用Spring安全性进行登录,并让它处理它。您无法进行2次响应,返回令牌并转到默认主页。感谢您的帮助
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final JwtConfigurer jwtConfigurer;
private final JwtAuthenticationSuccessHandler successHandler;
public SecurityConfig(JwtConfigurer jwtConfigurer, JwtAuthenticationSuccessHandler successHandler) {
this.jwtConfigurer = jwtConfigurer;
this.successHandler = successHandler;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/v1/auth/login").permitAll()
.antMatchers("/auth/login").permitAll()
.anyRequest().authenticated().and().apply(jwtConfigurer)
.and().formLogin().loginPage("/auth/login").permitAll().successForwardUrl("/auth/success");
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
@Bean
protected PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder(12);
}
}
@Controller
@RequestMapping("/auth")
public class AuthController {
@GetMapping("/login")
public String getLoginPage(){
return "login";
}
@GetMapping("/success")
public String getSuccessPage(){
return "success";
}
}