我的 Spring 安全配置
@Configuration
@EnableWebSecurity
@ComponentScan({"org.app.genesis.client.auth"})
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationProvider customAuthProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.formLogin().loginPage("/").failureUrl("/?error")
.and()
.logout().logoutSuccessUrl("/?logout")
.and()
.csrf();
}
}
我的应用程序属性
spring.view.prefix: /WEB-INF/jsp/
spring.view.suffix: .jsp
security.basic.enabled=false
logging.level.org.springframework.security=INFO
我的 Spring 启动配置
@SpringBootApplication
@ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service",
"org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"})
@EnableJpaRepositories(basePackages = "org.app.genesis.*.repo")
@EntityScan(basePackages = "org.app.genesis.*.model")
public class Application extends SpringBootServletInitializer {
public static void main(String[] args) {
ApplicationContext ctx = SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
}
我的 pom.xml 要点
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<!-- Spring Framework Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
登录表单
<form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST">
<fieldset>
<input class="form-control form-group" type="text" name="j_username" placeholder="Username">
<input class="form-control" type="password" name="j_password" placeholder="Password" >
<a class="forgot pull-right" href="#">Forgot password?</a>
<button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
</fieldset>
</form>
生成页面的 Controller
@RequestMapping(value="/")
public String index() {
return "index";
}
但是登录后会显示此错误
我正在尝试迁移注释上现有的 security.xml 配置。但还是会弹出上述错误。这是我的 security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.brightworks.genesis.client.auth"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http>
<intercept-url pattern="/api/*" requires-channel="https"/>
<!--TODO Add RESOURCE PATTERN checker -->
<form-login login-page="/index.jsp" default-target-url="/dashboard"/>
<logout />
</http>
<!-- Test Login values -->
<authentication-manager>
<!--use inMemoryUserDetailsService for faux auth -->
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
</beans:beans>
以防万一你们需要查看包结构
我是否遗漏了配置中的任何内容?
最佳答案
从下面的链接中,您可以看到注释 java 配置包含以下内容
http://spring.io/blog/2013/07/03/spring-security-java-config-preview-web-security/
GET/login 呈现登录页面,而不是/spring_security_login
POST/login 对用户进行身份验证,而不是/j_spring_security_check
您需要进行以下更改才能使安全性发挥作用。
按如下方式更改 Spring Security 配置
@Override
protected void configure(HttpSecurity http) throws Exception { http
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login/")
.loginProcessingUrl("/login")
.failureUrl("/login?error")
.permitAll();
}
您的 JSP 应该是(j_spring_security_check 替换为登录名,j_username 替换为用户名)
<form class="form-signin"name="f" action="${pageContext.request.contextPath}/login" method="POST">
<fieldset>
<input class="form-control form-group" type="text" name="username" placeholder="Username">
<input class="form-control" type="password" name="password" placeholder="Password" >
<a class="forgot pull-right" href="#">Forgot password?</a>
<button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
</fieldset>
</form>
要将仪表板指定为默认目标 URL,您可以执行以下操作。
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.addViewController("/").setViewName("dashboard");
registry.addViewController("/dashboard").setViewName("dashboard");
}
关于java - 不允许使用 Spring Security j_spring_security_check 进行 Spring 启动,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29454078/