[英]SecurityFilterChain - http.authorizeHttpRequests() not working. localhost redirected you too many times
Since WebSecurityConfigurerAdapter
is deprecated I am trying to replace configure(HttpSecurity http)
with SecurityFilterChain filterChain(HttpSecurity http)
.由于
WebSecurityConfigurerAdapter
已弃用,我试图用SecurityFilterChain filterChain(HttpSecurity http)
替换configure(HttpSecurity http)
http) 。 I've tried to piece together below code but it is not working and is giving localhost redirected you too many times
error on chrome but is not showing any error in console.我试图拼凑下面的代码,但它不起作用,并且在 chrome 上给
localhost redirected you too many times
错误,但在控制台中没有显示任何错误。 I've even cleared cookies as suggested but it still isn't working.我什至按照建议清除了 cookies,但它仍然无法正常工作。
AppSecurityConfig.java AppSecurityConfig.java
@Configuration
public class AppSecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public AuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(new BCryptPasswordEncoder());
return provider;
}
//Trying to replace configure(HttpSecurity http) method
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.logout().invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/logout-success").permitAll();
return http.build();
}
}
.authorizeRequests()
is deprecated so I am using .authorizeHttpRequests()
. .authorizeRequests()
已弃用,所以我正在使用.authorizeHttpRequests()
。 Below SS is output from chrome: Output error from chrome SS 下方是来自 chrome 的 output:来自 chrome 的Output error
HomeComtroller.java HomeComtroller.java
@Controller
public class HomeController {
@RequestMapping("/")
public String home() {
return "home.jsp";
}
@RequestMapping("/login")
public String loginPage() {
return "login.jsp";
}
@RequestMapping("/logout-success")
public String logoutPage() {
return "logout.jsp";
}
}
login.jsp登录.jsp
<body>
<h1>Login</h1>
${SPRING_SECURITY_LAST_EXCEPTION.message}
<form action="login" method="post">
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value='' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name='password' /></td>
</tr>
<tr>
<td><input type="submit" name='submit' value='submit' /></td>
</tr>
</table>
</form>
</body>
</html>
.loginPage()
javadoc says this: .loginPage()
javadoc 是这样说的:
...login page to redirect to if authentication is required...
With your endpoint /login
served by controller, you enter redirects cycle.通过 controller 服务您的端点
/login
,您进入重定向周期。 You can try next:您可以尝试下一步:
MvcConfig
class (customize it due to your own rules):MvcConfig
class(根据自己的规则自定义):@Configuration
public class MvcConfig extends WebMvcConfigurationSupport {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
}
}
/login
endpoint from controller./login
端点。 Hope it helps, feel free to give feedback for my answer.希望对您有所帮助,请随时为我的回答提供反馈。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.