[英]Spring security in angularjs returns 403 forbidden for login
[英]spring security angularjs forbidden 403
我试图将spring安全性添加到angularjs应用程序中。 我正在遵循有关使用Spring Security保护单页应用程序的教程:
https://spring.io/blog/2015/01/12/the-login-page-angular-js-and-spring-security-part-ii
所不同的是,我为此目的不是使用spring boot,而是使用spring mvc。 我想我添加了我需要的所有内容,但是由于某种原因,在键入inMemory凭据后,我被禁止使用403。
这是我的春季安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("initTT");
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/user").hasRole("USER")
.anyRequest().authenticated()
.and()
.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/app/**");
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
我使用了教程中的authenicate()函数,并将其添加到我的app.js文件中:
coursesApp.controller('loginController', function($rootScope, $scope, $http, $location) {
var authenticate = function(credentials, callback) {
var headers = credentials ? {authorization : "Basic "
+ btoa(credentials.username + ":" + credentials.password)
} : {};
console.log(headers);
$http.get('/basic-web-app/user', {headers : headers}).success(function(data) {
if (data.name) {
$rootScope.authenticated = true;
} else {
$rootScope.authenticated = false;
}
callback && callback();
}).error(function() {
$rootScope.authenticated = false;
callback && callback();
});
}
authenticate();
$scope.credentials = {};
$scope.login = function() {
console.log("login clicked!!!!!!!");
authenticate($scope.credentials, function() {
if ($rootScope.authenticated) {
console.log("authenticated");
$location.path("/");
$scope.error = false;
} else {
console.log("not authenticated");
$location.path("/login");
$scope.error = true;
}
});
};
});
如教程中所述,我具有UserController和/ user端点。 我正在用这个扫描包裹
<context:component-scan base-package="com.courses.portal.controllers"/>
我还附上了chrome控制台的屏幕截图,目的是清楚我在做什么:
web.xml文件:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/business-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
mvc-dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<context:component-scan base-package="com.courses.portal.controllers"/>
<mvc:resources mapping="/app/**" location="/app/build/"/>
<mvc:annotation-driven/>
<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<security:global-method-security pre-post-annotations="enabled">
<security:protect-pointcut expression="execution(* com.courses.portal.controllers.*.*(..))"
access="ROLE_USER"/>
</security:global-method-security>
</beans>
抱歉,这是一个常见问题,但我尝试在发布之前在网上找到任何有用的信息。 谢谢!
我的猜测(您尚未真正发布所有代码)是/ basic-web-app是上下文根,它是servlet API构造-如果要创建绝对路径,则需要在客户端中使用它,但实际上并没有我不了解servlet,但是Spring Security是基于servlet的,因此它不需要前缀(我注意到您从/app/**
配置中删除了您的静态资源)。 尝试从安全性配置路径中删除前缀。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.