[英]restrict users to access URL directly - spring security
I am trying to implement spring security and there are no errors / exceptions, but it is not working, I am not able to redirect to the success page.我正在尝试实施 spring 安全性并且没有错误/异常,但它不起作用,我无法重定向到成功页面。 My success page is /sucessPage , /Verify will verifying the user details against database.
我的成功页面是/sucessPage , /Verify将根据数据库验证用户详细信息。 I want to verify the user with 3 different parameters
我想用 3 个不同的参数验证用户
SecurityConfig.java安全配置文件
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Resource(name="AdminDB")
private DataSource datasource;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
auth.eraseCredentials(false);
}
@Override
protected void configure(HttpSecurity security) throws Exception {
logger.info("Inside SecurityConfig - configure() - Spring security");
security
.authorizeRequests()
.antMatchers("/resources/**", "/unsecured/**", "/","/Verify").permitAll()
.anyRequest().authenticated()
.and().formLogin()
.loginPage("/").permitAll()
.usernameParameter("email")
//.passwordParameter("password")
.defaultSuccessUrl("/sucessPage/")
.successHandler(successhandler())
.failureUrl("/")
.and().logout()
.invalidateHttpSession(true).deleteCookies("JSESSIONID")
.permitAll()
.and().exceptionHandling().accessDeniedPage("/systemError.html")
.and().csrf().disable();
}
@Bean
public CustomAuthenticationSuccessHandler successhandler() {
return new CustomAuthenticationSuccessHandler();
}
}
login page - HTML:登录页面 - HTML:
<form id="form" name="Form" action="#" th:action="@{/verify}" th:object="${Form}" method="post">
<div class="50">
<label for="first-name" class="label-first-name">First Name*</label>
<input type="text" id="firstName" name="first-name" placeholder="Enter First Name" th:field="*{firstName}">
</div>
<div class="50">
<label for="last-name" class="label-last-name">Last Name*</label>
<input type="text" id="lastName" name="last-name" placeholder="Enter Last Name" th:field="*{lastName}">
</div>
</div>
<div class="100">
<label for="email-1" class="label-email-address">Email Address*<span class="label-note">This is your login username</span></label>
<input type="text" id="email" name="email" placeholder="Enter Email" th:field="*{email}">
</div>
<div class="100">
<label for="email-2" class="label-email-address">Verify Email Address*</label>
<input type="text" id="verifyEmail" name="verifyEmail" placeholder="Re-enter Email" th:field="*{verifyEmail}">
</div>
<div class="100">
<label for="phone" class="label-phone-number">Phone Number<span class="label-note">(optional)</span></label>
<input type="text" id="phoneNumber" name="phoneNumber" placeholder="Enter Phone Number" th:field="*{phoneNumber}">
</div>
<input type="submit" id="submitBtn" value="Next">
</form>
On submit it should verify user and redirect to the /sucessPage.在提交时,它应该验证用户并重定向到 /sucessPage。 I just want to restrict users to access other URLs directly and other flow will go as it is.
我只想限制用户直接访问其他 URL,其他流程将照原样进行。 right now it's redirecting back to "/" without any error.
现在它重定向回“/”而没有任何错误。
UserDetailsServiceImpl.java UserDetailsServiceImpl.java
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private LoginManager loginManager;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
UserDetails user = null;
try {
user = loginManager.findUserByEmail(userName);
} catch (LoginException e) {
throw new UsernameNotFoundException("Username not found: " + e.getMessage());
}
return user;
}
}
loadUserByUsername takes only 1 argument. loadUserByUsername 只接受 1 个参数。 I want to verify the user by firstName, lastName, email against db and redirecting to success with spring security.Thanks
我想通过名字、姓氏、针对数据库的电子邮件验证用户并使用 spring 安全性重定向到成功。谢谢
I think your SecurityConfig.java is incomplete我认为你的 SecurityConfig.java 不完整
.formLogin().loginPage("/") is missing : .formLogin().loginPage("/") 丢失:
.loginProcessingUrl("/j_spring_security_check")
and和
.defaultSuccessUrl("/sucessPage")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.