[英]Spring security login gives error page, is authentication failing?
我是Spring Security(一般來說是安全性)的新手,我試圖創建一個成功登錄后進入產品頁面的用戶登錄。在學習了有關安全性配置的所有教程之后,我不斷獲得“登錄?錯誤”,我想不通為什么,我無法在調試器中查明原因。
我正在使用Postgresql,並具有表user,role,user_role。 我已經驗證了jdbcAuthentication的sql語句,並以多種不同方式配置了.formLogin
以下是我的Web安全配置,登錄控制器和登錄視圖。 誰能告訴我我做錯了嗎? 謝謝。
SpringSecurityConfig.java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.sql.DataSource;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
// Database authentication
auth.
jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("SELECT username, password, active FROM \"user\" WHERE username = ?")
.authoritiesByUsernameQuery("SELECT u.username, r.role FROM \"user\" u join user_role ur on (u.userid=ur.userid) join role r on (ur.roleid=r.roleid) WHERE u.username = ?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/products","/mycart","/images/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.successForwardUrl("/products")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
LoginController.java
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.security.Principal;
@Controller
public class LoginController {
@RequestMapping(value = {"/", "/login"}, method = RequestMethod.GET)
public String loginView(Principal principal) {
return "/login";
}
}
login.html
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<div>
<form th:action="@{/login}" method="POST">
<div th:if="${param.error}">
<div class="alert alert-danger">
Incorrect Username and Password
</div>
</div>
<div th:if="${param.logout}">
<div class="alert alert-danger">
User Logged Out
</div>
</div>
<div class="form-group">
<input type="text" placeholder="Username" id="username" class="form-control" required="true" autofocus="true"/>
</div>
<div class="form-group">
<input type="password" placeholder="Password" id="password" class="form-control" required="true" autofocus="true"/>
</div>
<div>
<input type="submit" class="btm btm-primary btn-block" value="Login"/>
</div>
</form>
<a href="/registration">Register</a>
</div>
</body>
</html>
您的配置看起來不錯,但是您需要像這樣在輸入中添加“ name”屬性:
<div class="form-group">
<input type="text" placeholder="Username" id="username" name="username" class="form-control" required="true" autofocus="true"/>
</div>
<div class="form-group">
<input type="password" placeholder="Password" id="password" name="password" class="form-control" required="true" autofocus="true"/>
</div>
其次,檢查是否已使用BCryptPasswordEncoder在數據庫中對密碼進行了編碼(或首先嘗試在沒有編碼器的情況下設置普通密碼)。
以另一種方式嘗試在github中提交示例項目,也許我可以為您提供幫助。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.