[英]I keep getting 404 error while trying to login
我有两个单独的登录名 forms,一个用于用户,一个用于管理员。
问题是 Spring 忽略了loginProcessingUrl
的配置参数,对于管理员和用户都是如此。 每当我尝试登录时,它都会给我 404 错误。
当我使用RequestMatchers()
时,它工作得很好,但只适用于其中一个(用户或管理员),但不能同时适用于两者。 所以我切换到SecurityMatcher()
,它确实限制用户在没有登录的情况下访问任何路径,例如/admin/**
或/user/**
但问题是登录不起作用。 有人可以帮我弄这个吗?
配置 class:
package com.business.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import com.business.service.impl.UserDetailsServiceImpl;
@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfiguration {
@Autowired
UserDetailsServiceImpl userDetailService;
@Bean
public static BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailService);
provider.setPasswordEncoder(passwordEncoder());
return provider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Order(1)
public static class UserSecurityConfig {
@Bean
public SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
http
.securityMatcher("/user/**")
.authorizeHttpRequests()
.requestMatchers("/user/**").hasRole("ROLE_USER")
.and()
.formLogin()
.loginPage("/user-login")
.loginProcessingUrl("/userLogin")
.permitAll()
.usernameParameter("email")
.passwordParameter("password")
.defaultSuccessUrl("/user/home")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and()
.exceptionHandling()
.accessDeniedPage("/403");
return http.build();
}
}
@Order(2)
public static class AdminSecurityConfig {
@Bean
public SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
http
.securityMatcher("/admin/**")
.authorizeHttpRequests()
.requestMatchers("/admin/**").hasRole("ROLE_ADMIN")
.and()
.formLogin()
.loginPage("/admin-login")
.loginProcessingUrl("/adminLogin")
.permitAll()
.usernameParameter("email")
.passwordParameter("password")
.defaultSuccessUrl("/admin/home")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.and()
.exceptionHandling()
.accessDeniedPage("/403");
return http.build();
}
}
@Order(3)
public static class GeneralSecurityConfig {
@Bean
public SecurityFilterChain filterChain3(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers("/**").permitAll();
http
.csrf().disable()
.headers()
.frameOptions().disable();
return http.build();
}
}
}
管理员登录页面:
<!DOCTYPE html>
<html lang="en" xmlns:th="https://www.thymeleaf.org"
th:replace="~{base::layout(~{::section})}">
<head>
<meta charset="ISO-8859-1">
<title>Universal Education : Login</title>
</head>
<body>
<section>
<div class="background-img">
<div class="container auth-container-login bg-white">
<div class="row">
<h3 class="text-center mb-3">Admin Login</h3>
<div th:if="${register}" class="text-center mb-2">
<h6 th:text="${register}" class="text-success"></h6>
<th:block></th:block>
</div>
<!-- Pills navs -->
<ul class="nav nav-pills nav-justified mb-3" id="ex1"
role="tablist">
<li class="nav-item" role="presentation"><a
class="nav-link active" id="tab-login" data-mdb-toggle="pill"
href="#pills-login" role="tab" aria-controls="pills-login"
aria-selected="true">Login</a></li>
<li class="nav-item" role="presentation"><a class="nav-link"
id="tab-register" data-mdb-toggle="pill" href="/admin-register"
role="tab" aria-controls="pills-register" aria-selected="false">Register</a>
</li>
</ul>
<!-- Pills navs -->
<div th:if="${param.error}" class="alert alert-danger">Invalid Email
and Password</div>
<div th:if="${param.logout}" class="alert alert-success">
Successfully Logged Out</div>
<!-- Pills content -->
<div class="tab-content">
<div class="tab-pane fade show active" id="pills-login"
role="tabpanel" aria-labelledby="tab-login">
<form th:action="@{/adminLogin}" method="post">
<!-- Email input -->
<div class="form-outline mb-2">
<input type="email" id="loginName" class="form-control"
name="email" /> <label class="form-label" for="loginName">Email</label>
</div>
<!-- Password input -->
<div class="form-outline mb-2">
<input type="password" id="loginPassword" class="form-control"
name="password" /> <label class="form-label"
for="loginPassword">Password</label>
</div>
<!-- 2 column grid layout -->
<div class="text-center">
<div class="row">
<!-- Submit button -->
<button type="submit" class="btn btn-primary btn-block mb-2">Sign
in</button>
</div>
<div class="row mb-2">
<!-- Simple link -->
<a href="#!">Forgot password?</a>
</div>
<!-- Register buttons -->
<p>
Not a member? <a th:href="@{/user-register}">Register</a>
</p>
</div>
</form>
</div>
</div>
<!-- Pills content -->
</div>
</div>
</div>
</section>
</body>
</html>
截屏:
我遵循了您在评论中发布的相同教程链接。 我遇到了类似的问题,并通过将该教程与第二个多登录页面相结合来解决
本质上,我按照 baeldung 教程中的描述在 SecurityConfig 文件中保留了两个 static 类,但我没有配置 SecurityFilterChain,而是使用 configure 方法来建立两个登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.