Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/opencv/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
使用基于Java配置的Spring安全自定义登录_Spring_Spring Security - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 使用基于Java配置的Spring安全自定义登录

使用基于Java配置的Spring安全自定义登录

spring spring-security

使用基于Java配置的Spring安全自定义登录,spring,spring-security,Spring,Spring Security,我使用的是基于Java的Spring安全配置。但当用户提交登录表单时无法调用流程操作。这是我的配置文件和java文件。 请让我知道我哪里做错了。 提前谢谢 1)Spring安全Java配置类 @Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserService userService; @B

我使用的是基于Java的Spring安全配置。但当用户提交登录表单时无法调用流程操作。这是我的配置文件和java文件。 请让我知道我哪里做错了。 提前谢谢

1)Spring安全Java配置类

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserService userService;
    @Bean
    public AuthenticationManager authenticationManager() throws Exception{
        AuthenticationManager authenticationManager = new ProviderManager(
                    Arrays.asList(authenticationProvider()));
            return authenticationManager;
        }
    @Bean
    public AuthenticationProvider authenticationProvider() throws     Exception {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userService);
        authenticationProvider.afterPropertiesSet();
        return authenticationProvider;
        }
        @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/**").permitAll()
        .antMatchers("/process/success").authenticated()
        .and()
        .formLogin()
        .usernameParameter("username") 
        .passwordParameter("password") 
        .loginPage("/")
        .failureUrl("/?auth=fail")
        .loginProcessingUrl("/process")
        .and().logout().logoutUrl("/logout")
         .invalidateHttpSession(true).deleteCookies("JSESSIONID")
        .permitAll();
        }
}
2)Jsp登录页面。

<form name="f" action="./process" method="post">
    <fieldset>
    <legend>Please Login</legend>
    <c:if test="${'fail' eq param.auth}">
    <div style="color: red">
    Login Failed!!!<br /> Reason :
    ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
    </div>
    </c:if>
    <c:if test="${'succ' eq param.out}">
    <div style="color: blue">
    <h2>You have been successfully logged out.</h2>
    ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
    </div>
    </c:if>
    <div class="alert alert-success">${param.logout}</div>
    <label for="username">Username</label> <input type="text"id="username" name="username" /> <label for="password">Password</label>
    <input type="password" id="password" name="password" /> 
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
    <div class="form-actions">
    <button type="submit" class="btn">Log in</button>
    </div>
    </fieldset>
    </form>

@Controller
public class HomeController {
    @Autowired
    AuthenticationManager authenticationManager;
    @RequestMapping(value = "/", method = RequestMethod.GET)
    public String index() {
        System.out.println("index.....");
        return "index";
    }
    @RequestMapping(value = "/process", method = RequestMethod.POST)
    public String process(@PathVariable("username") String userName,
        @PathVariable("password") String password,
        HttpServletRequest request, RedirectAttributes redirectAttr) {
        try {
            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(userName, password);
            Authentication authenticate = authenticationManager.authenticate(token);
            SecurityContextHolder.getContext().setAuthentication(authenticate);
        } catch (AuthenticationException e) {
            System.out.println(e.getMessage());
        }
        System.out.println("login....." + request.getSession(false));
        return "redirect:/process/success";
    }
    @RequestMapping(value = "/process/success", method = RequestMethod.GET)
    public String success() {
        System.out.println("success.....");
        return "success";
    }
    @RequestMapping(value = "/logout", method = RequestMethod.GET)
    public String logout(HttpServletRequest request) {
        System.out.println("logout....." + request.getSession(false)+ " is new " + request.getSession(false).isNew());
        request.getSession(false).invalidate();
        return "index";
    }
}
问题在于Spring安全性使用过滤器,而对的请求通常被
UsernamePasswordAuthenticationFilter
拦截和处理。因此它无法到达您的控制器

SpringSecurity使用过滤器为您处理登录,您甚至不应该考虑使用控制器。您应该(再次)阅读参考手册并从教程开始。

问题在于Spring Security使用过滤器,并且请求通常被
用户名密码验证过滤器拦截和处理。因此它无法到达您的控制器


SpringSecurity使用过滤器为您处理登录,您甚至不应该考虑使用控制器。您应该(再次)阅读参考手册并从教程开始。
我们希望使用自定义登录url。我们想使用自定义登录url。