春季安全总是302
问题描述:
我试图把春季安全在我的春天启动的项目,但是当我尝试登录,服务器总是返回302春季安全总是302
package it.expenses.expenses;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.sql.DataSource;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/getHomePage").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/getLoginPage")
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/getHomePage")
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/", "/resources/static/**").permitAll()
.anyRequest().authenticated();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/script/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
}
其实控制器仅需要回报的模板。
这是登录页面
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title> Spring Boot MVC Security using Thymeleaf </title>
<link rel="stylesheet" href="/css/styles.css"/>
</head>
<body>
<h3> Spring Boot MVC Security using Thymeleaf </h3>
<p th:if="${param.error}" class="error">
Bad Credentials
</p>
<form action="login" method="POST">
User Name : <input type="text" name="username"/> <br/><br/>
Password: <input type="password" name="password"/> <br/><br/>
<input type="submit" value="Login"/>
</form>
</body>
</html>
UserDetailService:
@Service
public class UserDetailsServiceImpl implements UserDetailsService{
@Autowired
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException {
Users user = userDao.getActiveUser(userName);
GrantedAuthority authority = new SimpleGrantedAuthority(user.getRole());
UserDetails userDetails = new User(user.getUsername(),
user.getPassword(), Arrays.asList(authority));
return userDetails;
}
}
答
安全配置工作,但什么我不能看到的是什么记录是否保存在Users表中。
例:
+--------+---------+--------------------------------------------------------------+------+----------+
| idUser | enabled | password | role | username |
+--------+---------+--------------------------------------------------------------+------+----------+
| 1 | 1 | password | USER | user |
| 2 | 1 | $2a$10$eriuZaZsEWKB3wcpPMyexe4Ywe1AX9u148nrLmTTEIq6ORdLNiyp6 | USER | user2 |
+--------+---------+--------------------------------------------------------------+------+----------+
既然你已经启用密码编码:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
必须存储在用户表编码的密码(不是明文密码)
上面的示例数据显示了使用相同密码的user和user2(一个纯文本,th e其他编码)。如果user试图登录,您将得到BadCredentialsException,因为BCryptPasswordEncoder正期待编码密码
在包含用户名和密码的/ POST登录请求上发生302响应吗?什么是重定向位置? –
@ punkrocker27ka我上传了GT hub上的整个项目:https://github.com/StefanoPisano/expenses – untruste