堆栈内存溢出
  简体   繁体   English

从Spring Boot 1.5-2升级到Spring Security 4-5后,Spring Security不再重定向到登录页面

[英]Spring security no longer redirects to login page after upgrade to from Spring Boot 1.5-2,Spring Security 4-5

 原文  2018-10-19 13:40:02       java/ spring/ spring-boot/ spring-security

问题描述

I've got an OAUTH2 app where the oauth2 endpoints are secured by Spring Security, so some pages are protected by a form based login. 我有一个OAUTH2应用程序,其中的oauth2端点受Spring Security保护,因此某些页面受基于表单的登录名保护。

Previously if I hit one of these URLs, I was redirected, correctly, to the login page. 以前,如果我点击这些URL之一,则可以正确地重定向到登录页面。

I've just upgraded from Spring Boot 1.5.16 to Spring Boot 2.0.6. 我刚刚从Spring Boot 1.5.16升级到Spring Boot 2.0.6。 resulting in an upgrade via dependencies of Spring Security from 4.2.8 to 5.0.9 导致通过Spring Security的依赖项从4.2.8升级到5.0.9

Now if I hit a URL where I'm not logged in I just get a page like this served up: 现在,如果我打了一个未登录的URL,我将得到如下所示的页面: 

<oauth>
  <error_description>
    Full authentication is required to access this resource
  </error_description>
  <error>unauthorized</error>
</oauth>

What's more if I try and hit the login page I'm not authorized to that. 此外,如果我尝试点击登录页面,则无权这样做。 Has anyone got any idea about what the cause of this is ? 有谁知道这是什么原因的吗? Filter order possibly ? 过滤顺序可能吗?

This is what my security config looks like: 这是我的安全性配置: 

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final AuthenticationManager authenticationManager;

    private final Environment environment;

    @Autowired
    public SecurityConfig(AuthenticationManager authenticationManager, Environment environment) {
        this.authenticationManager = authenticationManager;
        this.environment = environment;
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().
                headers().frameOptions().disable().and()
                .formLogin().loginPage("/login").permitAll()
                .and()
                .requestMatchers().antMatchers("/login", "/logout", "/oauth/authorize", "/oauth/confirm_access")
                .and()
                .authorizeRequests().anyRequest().authenticated();
    }
}

and this is the filter chain that gets created: 这是创建的过滤器链: 

2018-10-19 15:22:10.865  INFO 19012 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/oauth/token'], Ant [pattern='/oauth/token_key'], Ant [pattern='/oauth/check_token']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@737f44b6, org.springframework.security.web.context.SecurityContextPersistenceFilter@61f7a8e9, org.springframework.security.web.header.HeaderWriterFilter@139be706, org.springframework.security.web.authentication.logout.LogoutFilter@60b40eca, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7467a12, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4fd13263, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1d003890, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6e762f08, org.springframework.security.web.session.SessionManagementFilter@13f07542, org.springframework.security.web.access.ExceptionTranslationFilter@2e2ecd3a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@65db717c]
2018-10-19 15:22:10.880  INFO 19012 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration$NotOAuthRequestMatcher@4432df93, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@c48f5fc, org.springframework.security.web.context.SecurityContextPersistenceFilter@731455ec, org.springframework.security.web.header.HeaderWriterFilter@67e583c6, org.springframework.security.web.authentication.logout.LogoutFilter@7bc67409, org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter@4c112545, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@16762cc2, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5dc67679, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5473e34c, org.springframework.security.web.session.SessionManagementFilter@4e9d0777, org.springframework.security.web.access.ExceptionTranslationFilter@750210bc, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@d7ab665]
2018-10-19 15:22:10.895  INFO 19012 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/login'], Ant [pattern='/logout'], Ant [pattern='/oauth/authorize'], Ant [pattern='/oauth/confirm_access']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@22671580, org.springframework.security.web.context.SecurityContextPersistenceFilter@412e0841, org.springframework.security.web.header.HeaderWriterFilter@60f6611f, org.springframework.security.web.authentication.logout.LogoutFilter@24ec00c6, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1531681a, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@242e419a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@77833299, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2ea3b229, org.springframework.security.web.session.SessionManagementFilter@38fd683f, org.springframework.security.web.access.ExceptionTranslationFilter@7e4364ca, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@63dad600]
201

1 个解决方案

解决方案1
 1  2019-01-30 10:57:20

This Works for Me 这对我有用 

    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
            http.authorizeRequests().
            antMatchers("/db*/**").fullyAuthenticated().
            antMatchers("/rest/**").permitAll().
            and().formLogin().  //login configuration
            loginPage("/index.jsf?faces-redirect=true");
        }
    }

and at the url you have to give localhost:8080/db/ and it will automatically redirected to your index page 并在网址上您必须提供localhost:8080 / db /,它将自动重定向到您的索引页

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Boot + Spring Security 的自定义登录页面 - Custom Login Page for Spring Boot + Spring Security Spring Security重定向到登录页面并在身份验证成功后终止会话 - Spring Security Redirects to login page and kills sessions after authentication success 覆盖Spring Boot 2安全性默认登录页面 - Override Spring boot 2 security default login page 带有自定义 AngularJS 登录页面的 Spring Boot 和安全性 - Spring Boot and Security with custom AngularJS Login page 升级到Spring Boot 2.0.2后,Spring Security .permitAll()不再有效 - Spring Security .permitAll() no longer effective after upgrading to Spring Boot 2.0.2 Spring Security登录页面 - Spring Security Login Page 从 Spring security 3 升级到 Spring security 4 后出现异常? - Getting exceptions after upgrade from Spring security 3 to Spring security 4? Spring 启动安全,总是打开登录页面 - Spring Boot security, always opens login page 无法登录 Spring 安全 - 总是将我重定向回登录页面 - Unable to login Spring Security - always redirects me back to login page Spring mvc / security:从spring security中删除登录页面 - Spring mvc / security : excluding the login page from spring security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM