SecurityFilterChain - http.authorizeHttpRequests() 不工作。 本地主机重定向你太多次
[英]SecurityFilterChain - http.authorizeHttpRequests() not working. localhost redirected you too many times
问题描述
Since WebSecurityConfigurerAdapter is deprecated I am trying to replace configure(HttpSecurity http) with SecurityFilterChain filterChain(HttpSecurity http) .
由于WebSecurityConfigurerAdapter已弃用,我试图用SecurityFilterChain filterChain(HttpSecurity http)替换configure(HttpSecurity http) http) 。 I've tried to piece together below code but it is not working and is giving localhost redirected you too many times error on chrome but is not showing any error in console.我试图拼凑下面的代码,但它不起作用,并且在 chrome 上给localhost redirected you too many times错误,但在控制台中没有显示任何错误。 I've even cleared cookies as suggested but it still isn't working.我什至按照建议清除了 cookies,但它仍然无法正常工作。
AppSecurityConfig.java AppSecurityConfig.java
@Configuration
public class AppSecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public AuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(new BCryptPasswordEncoder());
return provider;
}
//Trying to replace configure(HttpSecurity http) method
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.logout().invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/logout-success").permitAll();
return http.build();
}
}
.authorizeRequests() is deprecated so I am using .authorizeHttpRequests() . .authorizeRequests()已弃用,所以我正在使用.authorizeHttpRequests() 。 Below SS is output from chrome: Output error from chrome SS 下方是来自 chrome 的 output:来自 chrome 的Output error
HomeComtroller.java HomeComtroller.java
@Controller
public class HomeController {
@RequestMapping("/")
public String home() {
return "home.jsp";
}
@RequestMapping("/login")
public String loginPage() {
return "login.jsp";
}
@RequestMapping("/logout-success")
public String logoutPage() {
return "logout.jsp";
}
}
login.jsp登录.jsp
<body>
<h1>Login</h1>
${SPRING_SECURITY_LAST_EXCEPTION.message}
<form action="login" method="post">
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value='' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name='password' /></td>
</tr>
<tr>
<td><input type="submit" name='submit' value='submit' /></td>
</tr>
</table>
</form>
</body>
</html>
1 个解决方案
解决方案1
0 2022-12-06 16:03:12
.loginPage() javadoc says this: .loginPage() javadoc 是这样说的:
...login page to redirect to if authentication is required...
With your endpoint /login served by controller, you enter redirects cycle.通过 controller 服务您的端点/login ,您进入重定向周期。 You can try next:您可以尝试下一步:
- Create
MvcConfigclass (customize it due to your own rules):创建MvcConfigclass(根据自己的规则自定义):
@Configuration
public class MvcConfig extends WebMvcConfigurationSupport {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
}
}
- Delete yor
/loginendpoint from controller.从 controller 中删除您的/login端点。 - Test new configuration.测试新配置。
Hope it helps, feel free to give feedback for my answer.希望对您有所帮助,请随时为我的回答提供反馈。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.