堆栈内存溢出
  繁体   English   中英

春季:始终禁止发言-状态403

[英]Spring : Always say forbidden - Status 403

 原文  2018-04-08 06:24:09       java/ spring/ authentication/ authorization

问题描述

我已经为spring项目配置了所有设置,但是当我尝试登录该应用程序时,它会为每个请求说 

"The server understood the request but refuses to authorize it."

最初,我尝试实现JDBC身份验证,(您可以看到我在代码中使用了数据源)。 但是后来我也尝试了内存身份验证,在两种情况下,我都无法访问资源。

以下是我的spring配置文件, 

package com.nobalg.config;

import java.beans.PropertyVetoException;
import java.util.logging.Logger;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;

import com.mchange.v2.c3p0.ComboPooledDataSource;

@Configuration
@EnableWebMvc
@ComponentScan(basePackages="com.nobalg")
@PropertySource("classpath:persistence-mysql.properties")
public class AppConfig {

    @Autowired
    private Environment env;

    private Logger logger = Logger.getLogger(getClass().getName());
    @Bean
    public ViewResolver viewResolver(){
        InternalResourceViewResolver resolver = new InternalResourceViewResolver();
        resolver.setPrefix("/WEB-INF/view/");
        resolver.setSuffix(".jsp");
        return resolver;
    }

    @Bean
    public DataSource secureDataSource(){
        ComboPooledDataSource dataSource = new ComboPooledDataSource();
        try {
            //Datasource
            dataSource.setDriverClass(env.getProperty("jdbc.driver"));
            dataSource.setJdbcUrl(env.getProperty("jdbc.url"));
            dataSource.setUser(env.getProperty("jdbc.user"));
            dataSource.setPassword(env.getProperty("jdbc.password"));

            //Connection polling
            dataSource.setInitialPoolSize(Integer.parseInt(env.getProperty("connection.pool.initialPoolSize")));
            dataSource.setMaxPoolSize(Integer.parseInt(env.getProperty("connection.pool.maxPoolSize")));
            dataSource.setMinPoolSize(Integer.parseInt(env.getProperty("connection.pool.minPoolSize")));
            dataSource.setMaxIdleTime(Integer.parseInt(env.getProperty("connection.pool.maxIdleTime")));
        } catch (PropertyVetoException e) {
            throw new RuntimeException(e);
        }
        return dataSource;
    }
}

分派器Servlet初始化程序文件 

package com.nobalg.config;

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;

public class MvcSpringInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        // TODO Auto-generated method stub
        return new Class[]{AppConfig.class};
    }

    @Override
    protected String[] getServletMappings() {
        // TODO Auto-generated method stub
        return new String[]{"/"};
    }

}

Spring安全配置文件: 

package com.nobalg.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //auth.jdbcAuthentication().dataSource(dataSource);
        auth.inMemoryAuthentication().withUser("Nobal").password("test@123").authorities("MANAGER");
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                    .anyRequest()
                    .authenticated()
                    .and()
                    .formLogin()
                    .loginPage("/loginPage")
                    .loginProcessingUrl("/loginProcessing")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .permitAll();
    }


}

Spring安全初始化文件 

package com.nobalg.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;


public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {

}

唯一的控制器 

package com.nobalg.controllers;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;

@Controller
public class MainContoller {

    @GetMapping("/loginPage")
    public String showLoginForm(){
        return "login";
    }


}

和登录页面 

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
    <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form:form method="POST" action="${pageContext.request.contextPath}/loginProcessing">
<p>Enter Username : <input type="text" placeholder="Enter Username" name="username"></p>
<p>Enter Password : <input type="password" placeholder="Enter Password" name="password"></p>
<p><input type="submit" value="LOG IN"></p>
</form:form>

</body>
</html>

1 个解决方案

解决方案1
 1  2018-04-08 08:44:07

将此添加为您的表单字段: 

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

或者如果您想使用Spring Security JSP标签库的其他方法:

(可选)您可以禁用csrf(默认情况下已启用): 

@Override
protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
}

EDIT1

使用passwordEncoder添加此bean。 

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

并将密码编码器设置为auth: 

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.passwordEncoder(this.passwordEncoder());
}

EDIT2

将需要UserDetailsService .loginProcessingUrl("/loginProcessing")更改为.defaultSuccessUrl("/")

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring 启动 HttpSecurity 始终 403 禁止 Spring security中的自定义formLogin()返回一个(type=Forbidden, status=403) 禁止使用Spring Tomcat 403 403 禁止 - Spring 安全 Spring-boot 与 spring 安全错误:出现意外错误(类型=禁止,状态=403) 春季安全angularjs禁止403 “状态”:403,“错误”:“禁止”“消息”:邮递员弹簧启动代码中的“访问被拒绝” 使用带有 Spring Security v3.0.0 和 Thymeleaf 的 csrf 出现意外错误(类型=禁止,状态=403) 为什么Spring Security总是在所有表单帖子上回复403 Forbidden? 出现意外错误(类型=禁止,状态=403)。禁止
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM