堆棧內存溢出
  簡體   English   中英

Spring Security 自定義登錄和自定義身份驗證提供程序

[英]Spring Security Custom Login And Custom Authentication Provider

 原文  2019-04-10 04:17:34       java/ spring/ spring-security

問題描述

我正在創建一個帶有 spring 安全登錄的項目,這是我項目的一部分,我想使用自定義登錄頁面和自定義身份驗證提供程序我已經搜索了教程,但我在顯示的自定義登錄頁面中結束了,但是,用戶無法登錄,(拒絕訪問)在堆棧跟蹤中收到,這是我的代碼,我更喜歡完整的 java 配置。

這是我的安全配置類

@Configuration
@EnableWebSecurity
@ComponentScan("id.config.configPack")
public class SecurityConfig extends WebSecurityConfigurerAdapter{


 @Autowired
    private CustomAuthenticationProvider authProvider;

    @Override
    protected void configure(
      AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider);
    }

@Override
public void configure(HttpSecurity http) throws Exception {
         http.csrf().disable();
         http
            .authorizeRequests()
                .antMatchers("/resources/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/menu")
                .permitAll()
                .and()
            .logout()                                    
                .permitAll();

}

}

這是為了初始化項目

public class SecurityWebApplicationInitializer extends 
AbstractSecurityWebApplicationInitializer {

public SecurityWebApplicationInitializer() {
    super(SecurityConfig.class);
}
}

這是我的自定義身份驗證提供程序

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(Authentication authentication) 
  throws AuthenticationException {

    String user = authentication.getName();
    String password = authentication.getCredentials().toString();
    List<GrantedAuthority> grantedAuths = new ArrayList<>();
    grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
    if (user.equalsIgnoreCase("test") && password.equals("test")) {        
        return new UsernamePasswordAuthenticationToken
                (user, password, grantedAuths);
    } else {
        throw new BadCredentialsException("Authentication failed");
    }

}

@Override
public boolean supports(Class<?> authentication) {
    return authentication.equals(
      UsernamePasswordAuthenticationToken.class);
}
}

這是我的登錄頁面,我沒有指定操作,因為據我所知,spring security 控制了它,CMIW。

<form id="loginForm" class="login-form">
    <input name="username" type="text" placeholder="Username" />
    <input name="password" type="password" placeholder="Password" />
    <button type="submit">Submit</button>
    <br />
    <br />
    <span id="err" class="errMsg"></span>
</form>

我還為登錄頁面和成功登錄頁面定義了一個控制器類。

我的預期結果是我可以登錄並重定向到我的安全配置中的默認登錄成功處理程序,是否缺少或需要任何代碼? 謝謝

1 個解決方案

解決方案1
 0  2020-11-11 15:07:38

不,動作必須是登錄,方法必須是發布,或者你可以像那樣 ovveride 動作。formLogin().loginPage("/login").loginProcessingUrl("/auth")

你需要添加東西到 java 類:

@Configuration
@EnableWebSecurity
public class BasicAuthConfiguration extends WebSecurityConfigurerAdapter {

@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.csrf().disable()
            .authorizeRequests()
            .anyRequest().authenticated()

            .and()
            .formLogin()
            .loginPage("/loginPage")
            .loginProcessingUrl("/auth")
            .successHandler(successHandler())
            .failureHandler(failureHandler())
            .permitAll()

            .and()
            .logout()
            .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK))
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .permitAll();
}

@Bean
public AuthenticationProvider authenticationProvider() {
    return new CustomAuthenticationProvider();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProvider());
}

private AuthenticationEntryPoint getRestAuthenticationEntryPoint() {
    return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/app/dist/*");
}

private AuthenticationSuccessHandler successHandler() {
    return new AuthenticationSuccessHandler() {
        @Override
        public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
                                            HttpServletResponse httpServletResponse, Authentication authentication)
                throws IOException, ServletException {
            httpServletResponse.setStatus(200);
            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
            if(authorities.toString().contains("ROLE_ADMIN")){
                httpServletResponse.setHeader("role", "ROLE_ADMIN");
            } else if(authorities.toString().contains("ROLE_NOPRICED")){
                httpServletResponse.setHeader("role", "ROLE_NOPRICED");
            }
        }
    };
}

private AuthenticationFailureHandler failureHandler() {
    return new AuthenticationFailureHandler() {
        @Override
        public void onAuthenticationFailure(HttpServletRequest httpServletRequest,
                                            HttpServletResponse httpServletResponse, AuthenticationException e)
                throws IOException, ServletException {
            httpServletResponse.setStatus(401);
        }
    };
}

}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Spring Security和自定義身份驗證提供程序 Spring Security自定義身份驗證提供程序始終重定向到登錄頁面 Spring Security自定義身份驗證提供程序403響應 使用Spring Security配置自定義LDAP身份驗證提供程序 Spring Security 2 userDetailsS​​ervice問題上的自定義身份驗證提供程序 Spring Security 和 Keycloak 因自定義身份驗證提供程序而失敗 使用事務包裝Spring Security自定義身份驗證提供程序 Spring安全自定義ldap身份驗證提供程序 Grails Spring安全身份驗證提供程序和自定義過濾器 Spring security請記住我和自定義身份驗證提供程序
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM