[英]I keep getting 404 error while trying to login
我有兩個單獨的登錄名 forms,一個用於用戶,一個用於管理員。
問題是 Spring 忽略了loginProcessingUrl
的配置參數,對於管理員和用戶都是如此。 每當我嘗試登錄時,它都會給我 404 錯誤。
當我使用RequestMatchers()
時,它工作得很好,但只適用於其中一個(用戶或管理員),但不能同時適用於兩者。 所以我切換到SecurityMatcher()
,它確實限制用戶在沒有登錄的情況下訪問任何路徑,例如/admin/**
或/user/**
但問題是登錄不起作用。 有人可以幫我弄這個嗎?
配置 class:
package com.business.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import com.business.service.impl.UserDetailsServiceImpl;
@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfiguration {
@Autowired
UserDetailsServiceImpl userDetailService;
@Bean
public static BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailService);
provider.setPasswordEncoder(passwordEncoder());
return provider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Order(1)
public static class UserSecurityConfig {
@Bean
public SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
http
.securityMatcher("/user/**")
.authorizeHttpRequests()
.requestMatchers("/user/**").hasRole("ROLE_USER")
.and()
.formLogin()
.loginPage("/user-login")
.loginProcessingUrl("/userLogin")
.permitAll()
.usernameParameter("email")
.passwordParameter("password")
.defaultSuccessUrl("/user/home")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and()
.exceptionHandling()
.accessDeniedPage("/403");
return http.build();
}
}
@Order(2)
public static class AdminSecurityConfig {
@Bean
public SecurityFilterChain filterChain2(HttpSecurity http) throws Exception {
http
.securityMatcher("/admin/**")
.authorizeHttpRequests()
.requestMatchers("/admin/**").hasRole("ROLE_ADMIN")
.and()
.formLogin()
.loginPage("/admin-login")
.loginProcessingUrl("/adminLogin")
.permitAll()
.usernameParameter("email")
.passwordParameter("password")
.defaultSuccessUrl("/admin/home")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.and()
.exceptionHandling()
.accessDeniedPage("/403");
return http.build();
}
}
@Order(3)
public static class GeneralSecurityConfig {
@Bean
public SecurityFilterChain filterChain3(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers("/**").permitAll();
http
.csrf().disable()
.headers()
.frameOptions().disable();
return http.build();
}
}
}
管理員登錄頁面:
<!DOCTYPE html>
<html lang="en" xmlns:th="https://www.thymeleaf.org"
th:replace="~{base::layout(~{::section})}">
<head>
<meta charset="ISO-8859-1">
<title>Universal Education : Login</title>
</head>
<body>
<section>
<div class="background-img">
<div class="container auth-container-login bg-white">
<div class="row">
<h3 class="text-center mb-3">Admin Login</h3>
<div th:if="${register}" class="text-center mb-2">
<h6 th:text="${register}" class="text-success"></h6>
<th:block></th:block>
</div>
<!-- Pills navs -->
<ul class="nav nav-pills nav-justified mb-3" id="ex1"
role="tablist">
<li class="nav-item" role="presentation"><a
class="nav-link active" id="tab-login" data-mdb-toggle="pill"
href="#pills-login" role="tab" aria-controls="pills-login"
aria-selected="true">Login</a></li>
<li class="nav-item" role="presentation"><a class="nav-link"
id="tab-register" data-mdb-toggle="pill" href="/admin-register"
role="tab" aria-controls="pills-register" aria-selected="false">Register</a>
</li>
</ul>
<!-- Pills navs -->
<div th:if="${param.error}" class="alert alert-danger">Invalid Email
and Password</div>
<div th:if="${param.logout}" class="alert alert-success">
Successfully Logged Out</div>
<!-- Pills content -->
<div class="tab-content">
<div class="tab-pane fade show active" id="pills-login"
role="tabpanel" aria-labelledby="tab-login">
<form th:action="@{/adminLogin}" method="post">
<!-- Email input -->
<div class="form-outline mb-2">
<input type="email" id="loginName" class="form-control"
name="email" /> <label class="form-label" for="loginName">Email</label>
</div>
<!-- Password input -->
<div class="form-outline mb-2">
<input type="password" id="loginPassword" class="form-control"
name="password" /> <label class="form-label"
for="loginPassword">Password</label>
</div>
<!-- 2 column grid layout -->
<div class="text-center">
<div class="row">
<!-- Submit button -->
<button type="submit" class="btn btn-primary btn-block mb-2">Sign
in</button>
</div>
<div class="row mb-2">
<!-- Simple link -->
<a href="#!">Forgot password?</a>
</div>
<!-- Register buttons -->
<p>
Not a member? <a th:href="@{/user-register}">Register</a>
</p>
</div>
</form>
</div>
</div>
<!-- Pills content -->
</div>
</div>
</div>
</section>
</body>
</html>
截屏:
我遵循了您在評論中發布的相同教程鏈接。 我遇到了類似的問題,並通過將該教程與第二個多登錄頁面相結合來解決
本質上,我按照 baeldung 教程中的描述在 SecurityConfig 文件中保留了兩個 static 類,但我沒有配置 SecurityFilterChain,而是使用 configure 方法來建立兩個登錄。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.