Spring security中的自定义formLogin()返回一个(type=Forbidden, status=403)
[英]Custom formLogin() in Spring security returns a (type=Forbidden, status=403)
问题描述
I've Setup a Spring boot app using dependencies of Spring Security and Spring Web.
我已经使用 Spring Security 和 Spring Web 的依赖项设置了一个 Spring 启动应用程序。 I use for this example inMemoryAuthentication().我在这个例子中使用了 inMemoryAuthentication()。 I setup 3 html pages and placed them in the Static folder (I'm not using Thymeleaf or JSP pages just plain html).我设置了 3 个 html 页面并将它们放在静态文件夹中(我没有使用 Thymeleaf 或 JSP 页面,只是纯 html)。
When I use default formLogin() , and run the app , I get the default login page of spring security , once I type user and password I'm able to get the destined page dash.html as expected.当我使用默认的 formLogin() 并运行应用程序时,我得到了 spring security 的默认登录页面,一旦我输入用户和密码,我就可以按预期获得目标页面 dash.html。
When I use a customized formLogin() , run the app , I get status 403 type Forbidden:当我使用自定义的 formLogin() ,运行应用程序时,我得到状态 403 类型禁止:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Thu Dec 12 10:10:14 IST 2019 There was an unexpected error (type=Forbidden, status=403).
Forbidden
I searched in StackOverflow , also searched in the link below , but didn't see any solution (In the link it uses Thymeleaf , whereas I'm using HTML pages placed in the resources/static folder)我在 StackOverflow 中搜索,也在下面的链接中搜索,但没有看到任何解决方案(在链接中它使用 Thymeleaf ,而我使用的是放在 resources/static 文件夹中的 HTML 页面)
https://docs.spring.io/spring-security/site/docs/current/guides/html5/form-javaconfig.html#creating-a-login-view https://docs.spring.io/spring-security/site/docs/current/guides/html5/form-javaconfig.html#creating-a-login-view
Did someone have this issue also ?有人也有这个问题吗?
Please Advise,请指教,
Regards, Shalem问候, 沙勒姆
Related Data and Code:相关数据和代码:
- I'm Using Spring boot 2.1.3我正在使用 Spring Boot 2.1.3
- JAVA8 JAVA8
- Project folders layout in the linked image: folder layout链接图像中的项目文件夹布局:文件夹布局
I setup Spring Security code as follows:我设置 Spring Security 代码如下:
package com.rc1.conig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("shalem")
.password(passwordEncoder().encode("12"))
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/dash/**").authenticated()
.and()
.formLogin()
.loginPage("/mylogin")
.permitAll();
}
}
- Controllers Code : - 控制器代码:
package com.rc1.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class DashController {
@RequestMapping("/dash")
public String getDashboard() {
return "dash.html";
}
}
package com.rc1.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class LoginController {
@RequestMapping("/mylogin")
public String getLogin() {
return "login-page.html";
}
}
* HTML Pages: * HTML页面:
<!-- index.html page -->
<!DOCTYPE html>
<html>
<head>
<meta charset="windows-1255">
<title>Home</title>
</head>
<body>
<h1>Home Page</h1>
<h3>
<a href="http://localhost:8080/dash">dashboard</a>
</h3>
</body>
</html>
<!-- Customized login-page.html -->
<!DOCTYPE html>
<html>
<head>
<meta charset="windows-1255">
<title>mylogin</title>
</head>
<body>
<form action="http://localhost:8080/mylogin" method="post">
<p>
user: <input type="text" name="user">
</p>
<p>
pass :<input type="password" name="password">
</p>
<button type="submit">login</button>
</form>
</body>
</html>
<!-- dash.html page -->
<!DOCTYPE html>
<html>
<head>
<meta charset="windows-1255">
<title>Insert title here</title>
</head>
<body>
<h1>dashboard receieved</h1>
</body>
</html>
1 个解决方案
解决方案1
0 2019-12-22 15:40:19
If you want to use a custom login page, then you should specify where username and password submitted to.如果要使用自定义登录页面,则应指定用户名和密码提交到的位置。 So, just change here,所以,只要改变这里,
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/dash/**").authenticated()
.and()
.formLogin()
.loginPage("/mylogin")
.loginProcessingUrl("/perform_login")
.defaultSuccessUrl("/homepage")
.permitAll();
}
After that, any anonymous user hit any authenticated url, then redirect to之后,任何匿名用户点击任何经过身份验证的 url,然后重定向到
/mylogin
after that user put username and password then that username and password submitted to在该用户输入用户名和密码之后,该用户名和密码提交给
/perform_login
If credential are valid then redirect to如果凭据有效,则重定向到
/homepage
otherwise go back to否则回到
/mylogin
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.