Spring Security-配置HttpSecurity
[英]Spring Security - configure HttpSecurity
问题描述
I'm new to Spring Security, I'm trying to create a login form with Spring Security. 
我是Spring Security的新手,我正在尝试使用Spring Security创建一个登录表单。
This is the required scenario: 这是必需的方案:
1) users log into the app with username - password (please note that I'm using the default loginpage provided by spring Security) 2) if the login is OK, the user go to eventList.jsp 3) if the login is KO (wrong credentials) an error is shown 1)用户使用用户名-密码登录应用程序(请注意,我使用的是Spring Security提供的默认登录页面)2)如果登录正常,则用户进入eventList.jsp 3)如果登录名为KO(凭证错误)显示错误
My WebSecurityConfigurerAdapter configurations: 我的WebSecurityConfigurerAdapter配置:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("amdin").password("111111").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().defaultSuccessUrl("/eventList");
}
Error 1: if I insert the right credentials I don't see /eventList, but i receive a 404 (/spring-security-helloworld-annotation/WEB-INF/pages/login.jsp). 错误1:如果我插入正确的凭据,则看不到/ eventList,但收到404(/spring-security-helloworld-annotation/WEB-INF/pages/login.jsp)。 Why I am not redirect to /eventList? 为什么我不重定向到/ eventList? (pheraps because /eventList accept only GET in my RequestMapping annotation? (由于/ eventList在我的RequestMapping批注中仅接受GET,所以会产生冲突?
@RequestMapping(value = {"/eventList"}, method = RequestMethod.GET)
Error 2: if I try to "manually" go to /eventList, by adding "eventList" to the end of the URL in my browser, I can access to the requested page without performing the login operation!!! 错误2:如果我尝试“手动”访问/ eventList,只需在浏览器中的URL末尾添加“ eventList”,就可以访问请求的页面而无需执行登录操作!!! THe only URL that I want to be accessible without performing the login operation is the login page itself!!! 我不执行登录操作即可访问的唯一URL是登录页面本身!
The line .anyRequest().authenticated() should not allow all this!!! .anyRequest().authenticated()不应允许所有这些!!!
How could I obtain what I desire? 我如何获得自己想要的东西?
TY in advance 提前TY
1 个解决方案
解决方案1
0 2017-05-18 17:10:54
The correct security chain looks the following: 正确的安全链如下所示:
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/eventList")
.permitAll()
.and()
.logout()
.permitAll();
you forgot the permitAll() statement as well defining the loginPage() Hope it helps! 您忘记了permitAll()语句以及定义了loginPage()希望对您loginPage()帮助! Drop me a pm if you need further help with it. 如果您需要进一步的帮助,请给我下一个下午。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.