SpringSecurity 自定义登录功能不适用于 SpringBoot 和 REST api
[英]SpringSecurity custom login functionality doesn't work with SpringBoot and REST api
问题描述
I try to implement login functionality with custom login page, but unfortunately it doesn't work.. I also can't find the reason why.. probably I don't exactly understand the SpringSecurity mechanism.
我尝试使用自定义登录页面实现登录功能,但不幸的是它不起作用..我也找不到原因..可能我不完全理解SpringSecurity机制。 It looks like submit button do nothing.看起来提交按钮什么都不做。 My code below.我的代码如下。 I will be greatfull for help.我将非常乐意提供帮助。
login.html登录.html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>test login page</h1>
<form name="login" action="/login" method="post">
User: <input type="text" name="username"/>
Password: <input type="password" name="password"/>
<input name="submit" type="submit" value="LOGIN"/>
<hr>
<button id="loginAsGuest">Login as a guest</button>
</form>
</body>
</html>
WebSecurityConfig.java:网络安全配置.java:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin").password("{noop}admin").roles("ADMIN")
.and()
.withUser("userguest").password("{noop}userguest").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/").hasAnyRole("ADMIN")
.antMatchers("/").hasAnyRole("USER")
.antMatchers("/login*").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login.html")
.defaultSuccessUrl("/bookmarks-app/index.html", true)
.failureUrl("/login.html")
.and()
.logout().permitAll().logoutRequestMatcher(new AntPathRequestMatcher("/logout")
);
}
}
1 个解决方案
解决方案1
0 已采纳 2021-08-13 19:17:41
Just pointing out something.只是指出一些事情。
hasAnyRole supports more than one role, so you can write something like this .antMatchers("/**").hasAnyRole("ADMIN", "USER") hasAnyRole支持多个角色,所以你可以这样写.antMatchers("/**").hasAnyRole("ADMIN", "USER")
if you put /** every rest service will trigger the role check, if you put just / only the / rest service will trigger the check.如果你放 /** 每个 rest 服务都会触发角色检查,如果你放 / 只有 / rest 服务会触发检查。
Remove .antMatchers("/login*").permitAll() and replace .loginPage("/login.html") with .loginPage("/login").permitAll()删除.antMatchers("/login*").permitAll()并将.loginPage("/login.html")替换为.loginPage("/login").permitAll()
In the end your config will look like this:最后,您的配置将如下所示:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/**").hasAnyRole("ADMIN", "USER")
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login.html").permitAll().loginProcessingUrl("/perform_login")
//No need to add a LoginController.
// Needed because if you don't put this, when you call the POST to login you will be redirected to the login.html page.
.defaultSuccessUrl("/bookmarks-app/index.html", true)
.failureUrl("/login.html").permitAll()
.and()
.logout().permitAll().logoutRequestMatcher(new AntPathRequestMatcher("/logout")
);
}
If your Login page it's in the resources, don't forget to configure the ResourceHandler correctly.如果您的登录页面在资源中,请不要忘记正确配置 ResourceHandler。
Sources:资料来源:
https://docs.spring.io/spring-security/site/docs/4.1.3.RELEASE/guides/html5/form-javaconfig.html https://docs.spring.io/spring-security/site/docs/4.1.3.RELEASE/guides/html5/form-javaconfig.html
How to use Spring Security to custom login page? 如何使用Spring Security自定义登录页面?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.