我正在为Spring Boot项目实施Spring Security。
问题是:如果我使用像这样的Spring Security配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
public SecurityConfiguration(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public DaoAuthenticationProvider authProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(bCryptPasswordEncoder());
return authProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().
antMatchers("/index", "/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").failureUrl("/error")
.defaultSuccessUrl("/CarRentalServlet", true)
.permitAll()
.and()
.logout()
.permitAll()
.and()
.httpBasic();
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
控制器的逻辑是:
@Controller
public class CarRentalController {
final OrderRepository orderRepository;
final VehicleRepository vehicleRepository;
private final CommandFactory commandFactory;
public CarRentalController(OrderRepository orderRepository, VehicleRepository vehicleRepository, CommandFactory commandFactory) {
this.orderRepository = orderRepository;
this.vehicleRepository = vehicleRepository;
this.commandFactory = commandFactory;
}
@GetMapping("/{view}")
public String viewMapping(@PathVariable String view) {
return view;
}
@RequestMapping(value = { "/CarRentalServlet" }, method = { RequestMethod.GET, RequestMethod.POST })
public ModelAndView getCommand(@RequestParam(required = false) String command,
HttpServletRequest req, HttpServletResponse res,
HttpSession session,
@RequestParam(value = "page", required = false, defaultValue = "0") Integer page
) throws ServletException, IOException {
Page<Vehicle> vehiclePage = vehicleRepository.findAll(new PageRequest(page, 2, new Sort(Sort.Direction.DESC, "dailyPrice")));
session.setAttribute("number", vehiclePage.getNumber());
session.setAttribute("totalPages", vehiclePage.getTotalPages());
session.setAttribute("totalElements", vehiclePage.getTotalElements());
session.setAttribute("size", vehiclePage.getSize());
session.setAttribute("data",vehiclePage.getContent());
session.setAttribute("orderList", orderRepository.findAll());
session.setAttribute("vehicleList", vehicleRepository.findAll());
return commandFactory.getCommand(command).execute(req, res, session);
}
}
并login.jspx
以jsp形式归档:
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><fmt:message key="login.paneltitle" /></h3>
</div>
<div class="panel-body">
<form role="form" name="loginForm" method="POST" action="${pageContext.request.contextPath}/login">
<input type="hidden" name="command" value="logInCommand"/>
<fieldset>
<div class="form-group">
<fmt:message key="login.label.login" var="loginValue" />
<input class="form-control" placeholder="${loginValue}" name="username" type="text" autofocus=""/>
</div>
<div class="form-group">
<fmt:message key="login.label.password" var="passwordValue" />
<input class="form-control" placeholder="${passwordValue}" name="password" type="password" value=""/>
</div>
<fmt:message key="login.button.login" var="loginButtonValue" />
<input type="submit" class="btn btn-lg btn-success btn-block" value="${loginButtonValue}" />
</fieldset>
</form>
</div>
</div>
</div>
另一个jsp形式为index.jsp
:
<div class="navbar-default navbar-static-side" role="navigation">
<div class="sidebar-collapse">
<ul class="nav" id="side-menu">
<c:if test="${!empty sessionScope.userName}">
<li>
<form name="makeOrderButton" method="post" action="CarRentalServlet">
<input type="hidden" name="command" value="makeOrderButtonCommand"/>
<a href="" onclick="parentNode.submit();
return false;">
<i class="fa fa-shopping-cart fa-fw"></i>
<fmt:message key="index.button.makeOrder" />
</a>
</form>
</li>
<c:if test="${sessionScope.userTypeID == 1}">
<li>
<form name="adminZoneButton" method="post" action="CarRentalServlet">
<input type="hidden" name="command" value="adminZoneButtonCommand"/>
<a href="" onclick="parentNode.submit();
return false;">
<i class="fa fa-wrench fa-fw"></i>
<fmt:message key="index.button.adminZone" />
</a>
</form>
</li>
</c:if>
</c:if>
</ul>
<!-- /#side-menu -->
</div>
<!-- /.sidebar-collapse -->
</div>
它将我重定向到正确的端点/CarRentalServlet
,但登录根本无法正常工作。
例如,如果我不使用SecurityConfiguration
类,但是将修改我的jsp文件,例如:
action="CarRentalServlet"
代替action="${pageContext.request.contextPath}/login"
和name="login"
代替name="username"
它可以按预期工作,并且登录正常,但是在这种情况下,我不使用Spring Security。
有人可以建议我如何修复Spring Security配置或JSP表单,以使登录在没有Spring Security的情况下可以正常工作。
问题是由于使用率<c:if test="${!empty sessionScope.userName}">
和<c:if test="${sessionScope.userTypeID == 1}">
jsp文件中的原因。
为了解决这个问题,我使用了authorize tag。因此,我已更改为,<sec:authorize access="isAuthenticated()">
并<sec:authorize access="hasRole('ADMIN')">
相应地进行了更改。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句