限制用户直接访问URL——spring security

Question

I am trying to implement spring security and there are no errors / exceptions, but it is not working, I am not able to redirect to the success page.我正在尝试实施 spring 安全性并且没有错误/异常，但它不起作用，我无法重定向到成功页面。 My success page is /sucessPage , /Verify will verifying the user details against database.我的成功页面是/sucessPage ， /Verify将根据数据库验证用户详细信息。 I want to verify the user with 3 different parameters我想用 3 个不同的参数验证用户

SecurityConfig.java安全配置文件

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource(name="AdminDB")
    private DataSource datasource; 
    
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
        auth.eraseCredentials(false);
    }
    
    @Override
    protected void configure(HttpSecurity security) throws Exception {
        logger.info("Inside SecurityConfig - configure() - Spring security");
        security
                .authorizeRequests()
                    .antMatchers("/resources/**", "/unsecured/**", "/","/Verify").permitAll()
                    .anyRequest().authenticated()
                .and().formLogin()
                    .loginPage("/").permitAll()
                    .usernameParameter("email")
                    //.passwordParameter("password")
                    .defaultSuccessUrl("/sucessPage/")
                    .successHandler(successhandler())
                    .failureUrl("/")
                .and().logout()
                    .invalidateHttpSession(true).deleteCookies("JSESSIONID")
                    .permitAll()
                .and().exceptionHandling().accessDeniedPage("/systemError.html")
                .and().csrf().disable();
    }
    
    @Bean
    public CustomAuthenticationSuccessHandler successhandler() {
        return new CustomAuthenticationSuccessHandler();
    }

}

login page - HTML:登录页面 - HTML：

<form id="form" name="Form" action="#" th:action="@{/verify}" th:object="${Form}" method="post">
                
                    <div class="50">
                        <label for="first-name" class="label-first-name">First Name*</label>
                        <input type="text" id="firstName" name="first-name" placeholder="Enter First Name" th:field="*{firstName}">
                    </div>
                    <div class="50">
                        <label for="last-name" class="label-last-name">Last Name*</label>
                        <input type="text" id="lastName" name="last-name" placeholder="Enter Last Name" th:field="*{lastName}">
                    </div>
                </div>
                <div class="100">
                    <label for="email-1" class="label-email-address">Email Address*<span class="label-note">This is your login username</span></label>
                    <input type="text" id="email" name="email" placeholder="Enter Email" th:field="*{email}">
                </div>
                <div class="100">
                    <label for="email-2" class="label-email-address">Verify Email Address*</label>
                    <input type="text" id="verifyEmail" name="verifyEmail" placeholder="Re-enter Email" th:field="*{verifyEmail}">
                </div>
                <div class="100">
                    <label for="phone" class="label-phone-number">Phone Number<span class="label-note">(optional)</span></label>
                    <input type="text" id="phoneNumber" name="phoneNumber" placeholder="Enter Phone Number" th:field="*{phoneNumber}">
                </div>
                <input type="submit" id="submitBtn" value="Next">
            </form>

On submit it should verify user and redirect to the /sucessPage.在提交时，它应该验证用户并重定向到 /sucessPage。 I just want to restrict users to access other URLs directly and other flow will go as it is.我只想限制用户直接访问其他 URL，其他流程将照原样进行。 right now it's redirecting back to "/" without any error.现在它重定向回“/”而没有任何错误。

UserDetailsServiceImpl.java UserDetailsServiceImpl.java

@Service
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private LoginManager loginManager;
    

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
        UserDetails user = null;
        try {
            user = loginManager.findUserByEmail(userName);
        } catch (LoginException e) {
            throw new UsernameNotFoundException("Username not found: " + e.getMessage());
        }
        return user;
    }

}

loadUserByUsername takes only 1 argument. loadUserByUsername 只接受 1 个参数。 I want to verify the user by firstName, lastName, email against db and redirecting to success with spring security.Thanks我想通过名字、姓氏、针对数据库的电子邮件验证用户并使用 spring 安全性重定向到成功。谢谢

Answer 1

I think your SecurityConfig.java is incomplete我认为你的 SecurityConfig.java 不完整

.formLogin().loginPage("/") is missing : .formLogin().loginPage("/") 丢失：

.loginProcessingUrl("/j_spring_security_check")

and和

.defaultSuccessUrl("/sucessPage")

限制用户直接访问URL——spring security

问题描述

1 个解决方案

解决方案1
-1 2020-09-03 16:33:27

限制用户直接访问URL——spring security

问题描述

1 个解决方案

解决方案1 -1 2020-09-03 16:33:27

解决方案1
-1 2020-09-03 16:33:27