Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java spring引导和spring安全定制登录页面和控制器

4 月,1 周 Questions & Answers

我想通过自定义控制器和登录页面对登录和注销进行更多控制

我的安全配置代码目前如下所示:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private SpringDataJpaUserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .userDetailsService(this.userDetailsService)
                .passwordEncoder(Manager.PASSWORD_ENCODER);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
            .antMatchers("/resources/**", "/built/**", "/main.css", "/login.css").permitAll() 
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/loginSecure")
            .defaultSuccessUrl("/index", true)
            .permitAll()
            .usernameParameter("username").passwordParameter("password")
            .and()
        .csrf().disable()
        .logout()                                    
            .permitAll();
    }

}

我的控制器中的登录配置:

@RequestMapping(value = "/login")
public String login() {
    return "login";
}

我的控制器中的登录安全映射:

@RequestMapping(value="/loginSecure", method = RequestMethod.POST)
    public String login(@RequestAttribute("username") String userName, @RequestAttribute("password")  String password) {

        //does the authentication
        final Authentication authentication = authenticationManager.authenticate(
                new UsernamePasswordAuthenticationToken(
                        userName,
                        password
                )
        );
        SecurityContextHolder.getContext().setAuthentication(authentication);
        return "index";
    }

我的登录。html:

<form class="login100-form validate-form" action="/loginSecure" method="post">
                    <span class="login100-form-title p-b-26">
                        Welcome
                    </span>
                    <span class="login100-form-title p-b-48">
                        <i class="zmdi zmdi-font"></i>
                    </span>     
                        <div class="wrap-input100 validate-input" data-validate = "Valid email is: a@b.c">
                            <input class="input100" type="text" id="username" name="username"/>
                            <span class="focus-input100" data-placeholder="Email/Username"></span>
                        </div>

                        <div class="wrap-input100 validate-input" data-validate="Enter password">
                            <span class="btn-show-pass">
                                <i class="zmdi zmdi-eye"></i>
                            </span>
                            <input class="input100" type="password" id="password" name="password"/>
                            <span class="focus-input100" data-placeholder="Password"></span>
                        </div>

                        <div class="container-login100-form-btn">
                            <div class="wrap-login100-form-btn">
                                <div class="login100-form-bgbtn"></div>
                                    <button class="login100-form-btn">
                                        Login
                                    </button>
                            </div>
                        </div>
                    </form>

当我提交表单时,在chrome开发工具中,它作为loginSecure提交?使用url编码,但它只是重定向回登录。又是html。 chrome web tools network

编辑:从登录中删除了额外的表单。html并添加了csfr()。禁用安全配置。将loginProcessUrl添加到httpSecurity,并修复了它。以上代码有效


共 (1) 个答案