使用基于Java配置的Spring安全自定义登录
我使用的是基于Java的Spring安全配置。但当用户提交登录表单时无法调用流程操作。这是我的配置文件和java文件。 请让我知道我哪里做错了。 提前谢谢 1)Spring安全Java配置类使用基于Java配置的Spring安全自定义登录,spring,spring-security,Spring,Spring Security,我使用的是基于Java的Spring安全配置。但当用户提交登录表单时无法调用流程操作。这是我的配置文件和java文件。 请让我知道我哪里做错了。 提前谢谢 1)Spring安全Java配置类 @Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserService userService; @B
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserService userService;
@Bean
public AuthenticationManager authenticationManager() throws Exception{
AuthenticationManager authenticationManager = new ProviderManager(
Arrays.asList(authenticationProvider()));
return authenticationManager;
}
@Bean
public AuthenticationProvider authenticationProvider() throws Exception {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userService);
authenticationProvider.afterPropertiesSet();
return authenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").permitAll()
.antMatchers("/process/success").authenticated()
.and()
.formLogin()
.usernameParameter("username")
.passwordParameter("password")
.loginPage("/")
.failureUrl("/?auth=fail")
.loginProcessingUrl("/process")
.and().logout().logoutUrl("/logout")
.invalidateHttpSession(true).deleteCookies("JSESSIONID")
.permitAll();
}
}
2)Jsp登录页面。
<form name="f" action="./process" method="post">
<fieldset>
<legend>Please Login</legend>
<c:if test="${'fail' eq param.auth}">
<div style="color: red">
Login Failed!!!<br /> Reason :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
<c:if test="${'succ' eq param.out}">
<div style="color: blue">
<h2>You have been successfully logged out.</h2>
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
<div class="alert alert-success">${param.logout}</div>
<label for="username">Username</label> <input type="text"id="username" name="username" /> <label for="password">Password</label>
<input type="password" id="password" name="password" />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<div class="form-actions">
<button type="submit" class="btn">Log in</button>
</div>
</fieldset>
</form>
@Controller
public class HomeController {
@Autowired
AuthenticationManager authenticationManager;
@RequestMapping(value = "/", method = RequestMethod.GET)
public String index() {
System.out.println("index.....");
return "index";
}
@RequestMapping(value = "/process", method = RequestMethod.POST)
public String process(@PathVariable("username") String userName,
@PathVariable("password") String password,
HttpServletRequest request, RedirectAttributes redirectAttr) {
try {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(userName, password);
Authentication authenticate = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticate);
} catch (AuthenticationException e) {
System.out.println(e.getMessage());
}
System.out.println("login....." + request.getSession(false));
return "redirect:/process/success";
}
@RequestMapping(value = "/process/success", method = RequestMethod.GET)
public String success() {
System.out.println("success.....");
return "success";
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request) {
System.out.println("logout....." + request.getSession(false)+ " is new " + request.getSession(false).isNew());
request.getSession(false).invalidate();
return "index";
}
}
问题在于Spring安全性使用过滤器,而对的请求通常被
UsernamePasswordAuthenticationFilter
拦截和处理。因此它无法到达您的控制器
SpringSecurity使用过滤器为您处理登录,您甚至不应该考虑使用控制器。您应该(再次)阅读参考手册并从教程开始。问题在于Spring Security使用过滤器,并且请求通常被
用户名密码验证过滤器拦截和处理。因此它无法到达您的控制器
SpringSecurity使用过滤器为您处理登录,您甚至不应该考虑使用控制器。您应该(再次)阅读参考手册并从教程开始。我们希望使用自定义登录url。我们想使用自定义登录url。