stackoom
  简体   繁体   中英

Access Denied to html resources from spring security

 原文  2018-10-16 22:10:58       java/ spring/ security

Question

I'm trying to create a simple login using spring boot and spring security and i don't understand why it's not working. Basically i have 2 views that are located in resources/login/login.html and resources/login/registerUser.html Whenever i try to login or register it gives me access denied:( I guess that it's not having access to those 2 resources but i don't understand what's wrong:(

Controllers: 

@RequestMapping("/showReg")
    public String showRegistrationPage() {
        return "login/registerUser";
    }

    @RequestMapping(value = "/registerUser", method = RequestMethod.POST)
    public String register(@ModelAttribute("user") User user) {
        user.setPassword(encoder.encode(user.getPassword()));
        userRepository.save(user);
        return "login/login";
    }

    @RequestMapping(value = "/loginForm", method = RequestMethod.POST)
    public String login(@RequestParam("email") String email, @RequestParam("password") String password, Model model) {
        boolean loginResponse = securityService.login(email, password);
        System.out.println(loginResponse);
            if (loginResponse) {
                return "findFlights";
            } else {
                model.addAttribute("msg", "Invalid username or password.Please try again!");
            }
        return "login/login";
    }

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String getLogin() {
        return "login/login";
    }

WebSecurityConfig class 

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/assets/**" ,"/showReg", "/", "/index.html", "/registerUser", "/login", "/showLogin",
                        "/login/*", "/reservations/*")
                .permitAll().antMatchers("/admin/showFlight").hasAnyAuthority("ADMIN").anyRequest().authenticated()
                .and().csrf().disable();
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

1 answers

solution1
 1 ACCPTED  2018-10-17 05:30:47

Use the overloaded configure(WebSecurity web) method. 

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
       .antMatchers("/assets/**" ,"/showReg", "/", "/index.html", "/registerUser", "/login", "/showLogin", "/login/*", "/reservations/*");
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security OAuth - Access is denied Spring security 4: Access denied for admin role Understanding “Access Denied” in spring security with custom authentication spring-security access denied exception Spring security - Access denied to authorised user HTTP Status 403 - Access is denied Spring security Spring security 4 @PreAuthorize(hasAuthority()) access denied how to redirect the access denied page in spring security? Spring 4 Security access denied (user is not anonymous) spring security HTTP Status 403 - Access Denied
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM