使用自定义表单的Spring Security登录

Question

My Spring security configurations: 我的Spring安全配置：

@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{

        @Autowired
        private ClientDetailsService clientDetailsService;

        @Autowired
        public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication()
              .withUser("username").password("password")
              .authorities("USER");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and().csrf().disable();
        }

       ....
}

My Spring boot controllers: 我的Spring启动控制器：

@Controller
@RequestMapping("/")
public class IndexController extends BaseController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String login() {
        return "login";
    } 
....
}

Hi, I am attempting to using Spring security with customized login form. 嗨，我正在尝试使用带有自定义登录表单的Spring安全性。 My problem is: 我的问题是：

When I enter the localhost:8080/login The browser doesn't direct to my login.jsp, it just pops out a default form with text boxes to enter username and password. 当我输入localhost:8080/login ，浏览器没有定向到我的login.jsp，它只是弹出带有文本框的默认表单以输入用户名和密码。
After I enter "username" as username, "password" as password, it returns an authentication failed. 输入用户名“ username”，密码“ password”后，返回认证失败。

The traceback: 追溯：

Request '/login' matched by universal pattern '/**'
DEBUG - matched
DEBUG - /login at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
DEBUG - /login at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG - /login at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
DEBUG - /login at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG - Trying to match using Ant [pattern='/logout', GET]
DEBUG - Checking match of request : '/login'; against '/logout'
DEBUG - Trying to match using Ant [pattern='/logout', POST]
DEBUG - Request 'GET /login' doesn't match 'POST /logout
DEBUG - Trying to match using Ant [pattern='/logout', PUT]
DEBUG - Request 'GET /login' doesn't match 'PUT /logout
DEBUG - Trying to match using Ant [pattern='/logout', DELETE]
DEBUG - Request 'GET /login' doesn't match 'DELETE /logout
DEBUG - No matches found
DEBUG - /login at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG - Basic Authentication Authorization header found for user 'username'
DEBUG - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG - User 'username' not found
DEBUG - Returning cached instance of singleton bean 'delegatingApplicationListener'
DEBUG - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

Answer 1

Looks like the anonymous user has not access to /login 似乎匿名用户无法访问/ login

http
    .authorizeRequests()
        .antMatchers("/login").anonymous()
        .anyRequest().authenticated()
        .and()
    .formLogin()
        .loginPage("/login")
        .permitAll()
        .and().csrf().disable();

Overmore, looks like you are doing request against your server with the Authorization header for the Basic Authentication. 此外，看起来您正在使用基本身份验证的Authorization标头向服务器发出请求。

DEBUG - Basic Authentication Authorization header found for user 'username'

使用自定义表单的Spring Security登录

问题描述

1 个解决方案

解决方案1
-1 2017-06-04 07:45:52

使用自定义表单的Spring Security登录

问题描述

1 个解决方案

解决方案1 -1 2017-06-04 07:45:52

解决方案1
-1 2017-06-04 07:45:52