[英]Spring Security Custom Login And Custom Authentication Provider
我正在創建一個帶有 spring 安全登錄的項目,這是我項目的一部分,我想使用自定義登錄頁面和自定義身份驗證提供程序我已經搜索了教程,但我在顯示的自定義登錄頁面中結束了,但是,用戶無法登錄,(拒絕訪問)在堆棧跟蹤中收到,這是我的代碼,我更喜歡完整的 java 配置。
這是我的安全配置類
@Configuration
@EnableWebSecurity
@ComponentScan("id.config.configPack")
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private CustomAuthenticationProvider authProvider;
@Override
protected void configure(
AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/menu")
.permitAll()
.and()
.logout()
.permitAll();
}
}
這是為了初始化項目
public class SecurityWebApplicationInitializer extends
AbstractSecurityWebApplicationInitializer {
public SecurityWebApplicationInitializer() {
super(SecurityConfig.class);
}
}
這是我的自定義身份驗證提供程序
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String user = authentication.getName();
String password = authentication.getCredentials().toString();
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
if (user.equalsIgnoreCase("test") && password.equals("test")) {
return new UsernamePasswordAuthenticationToken
(user, password, grantedAuths);
} else {
throw new BadCredentialsException("Authentication failed");
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(
UsernamePasswordAuthenticationToken.class);
}
}
這是我的登錄頁面,我沒有指定操作,因為據我所知,spring security 控制了它,CMIW。
<form id="loginForm" class="login-form">
<input name="username" type="text" placeholder="Username" />
<input name="password" type="password" placeholder="Password" />
<button type="submit">Submit</button>
<br />
<br />
<span id="err" class="errMsg"></span>
</form>
我還為登錄頁面和成功登錄頁面定義了一個控制器類。
我的預期結果是我可以登錄並重定向到我的安全配置中的默認登錄成功處理程序,是否缺少或需要任何代碼? 謝謝
不,動作必須是登錄,方法必須是發布,或者你可以像那樣 ovveride 動作。formLogin().loginPage("/login").loginProcessingUrl("/auth")
你需要添加東西到 java 類:
@Configuration
@EnableWebSecurity
public class BasicAuthConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/loginPage")
.loginProcessingUrl("/auth")
.successHandler(successHandler())
.failureHandler(failureHandler())
.permitAll()
.and()
.logout()
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK))
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.permitAll();
}
@Bean
public AuthenticationProvider authenticationProvider() {
return new CustomAuthenticationProvider();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
private AuthenticationEntryPoint getRestAuthenticationEntryPoint() {
return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/app/dist/*");
}
private AuthenticationSuccessHandler successHandler() {
return new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse, Authentication authentication)
throws IOException, ServletException {
httpServletResponse.setStatus(200);
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
if(authorities.toString().contains("ROLE_ADMIN")){
httpServletResponse.setHeader("role", "ROLE_ADMIN");
} else if(authorities.toString().contains("ROLE_NOPRICED")){
httpServletResponse.setHeader("role", "ROLE_NOPRICED");
}
}
};
}
private AuthenticationFailureHandler failureHandler() {
return new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse, AuthenticationException e)
throws IOException, ServletException {
httpServletResponse.setStatus(401);
}
};
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.