使用自定義表單的Spring Security登錄
[英]Spring Security login with customized form
問題描述
我的Spring安全配置:
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("username").password("password")
.authorities("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and().csrf().disable();
}
....
}
我的Spring啟動控制器:
@Controller
@RequestMapping("/")
public class IndexController extends BaseController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
return "login";
}
....
}
嗨,我正在嘗試使用帶有自定義登錄表單的Spring安全性。 我的問題是:
當我輸入
localhost:8080/login,瀏覽器沒有定向到我的login.jsp,它只是彈出帶有文本框的默認表單以輸入用戶名和密碼。輸入用戶名“ username”,密碼“ password”后,返回認證失敗。
追溯:
Request '/login' matched by universal pattern '/**'
DEBUG - matched
DEBUG - /login at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
DEBUG - /login at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG - /login at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
DEBUG - /login at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG - Trying to match using Ant [pattern='/logout', GET]
DEBUG - Checking match of request : '/login'; against '/logout'
DEBUG - Trying to match using Ant [pattern='/logout', POST]
DEBUG - Request 'GET /login' doesn't match 'POST /logout
DEBUG - Trying to match using Ant [pattern='/logout', PUT]
DEBUG - Request 'GET /login' doesn't match 'PUT /logout
DEBUG - Trying to match using Ant [pattern='/logout', DELETE]
DEBUG - Request 'GET /login' doesn't match 'DELETE /logout
DEBUG - No matches found
DEBUG - /login at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG - Basic Authentication Authorization header found for user 'username'
DEBUG - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG - User 'username' not found
DEBUG - Returning cached instance of singleton bean 'delegatingApplicationListener'
DEBUG - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
1 個解決方案
解決方案1
-1 2017-06-04 07:45:52
似乎匿名用戶無法訪問/ login
http
.authorizeRequests()
.antMatchers("/login").anonymous()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and().csrf().disable();
此外,看起來您正在使用基本身份驗證的Authorization標頭向服務器發出請求。
DEBUG - Basic Authentication Authorization header found for user 'username'
Spring Security表單登錄
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.