我正在尝试使用 Java 配置设置 Spring Security + mvc,但由于某种原因它不起作用,我收到了 404 错误。
在我实现的 WebApplicationInitializer 类中,我下一步注册安全过滤器
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
...
FilterRegistration.Dynamic securityFilterChain = servletContext.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
securityFilterChain.addMappingForUrlPatterns(null, false, "/*");
..
SecurityContext 列表
@Configuration
@EnableWebSecurity
public class SecurityContext extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
// BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
// auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/assets/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/profile/**").hasAnyRole("ADMIN", "USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/profile")
.failureUrl("/login?error")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
// .and()
// .logout()
// .logoutUrl("/logout")
// .logoutSuccessUrl("/")
// .permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403");
}
}
对于 logoutUrl,我尝试了所有组合,但没有成功...... 当我尝试在我的 jsp 页面中使用此链接时
<c:url value='/j_spring_security_check' />
我收到 404 未找到异常。
我花了一整天的时间试图让它发挥作用。有人知道如何解决这个问题吗?
PS 例如,如果我将 logoutUrl 设置为“/logout”,我是否应该创建一个 Controller 来处理此 url?
最佳答案
您的注销机制不起作用...这是否意味着您的登录机制工作正常? 在这种情况下,真的,请尝试处理您的“/logOut”网址:
public LogInController{
...
@RequestMapping(value = "/logOut", method = RequestMethod.GET)
public String logOut(ModelMap model) {
//Redirect to your start page (mapping the url '/welcome' for example)
return "redirect:welcome";
}
...
}
如果没有,请检查您是否已将安全配置文件添加到“onStartup”方法中:
public void onStartup(ServletContext servletContext) throws ServletException {
AnnotationConfigWebApplicationContext rootContext =
new AnnotationConfigWebApplicationContext();
//adding your main config class
rootContext.register(WebAppConfig.class);
//adding your security config class
rootContext.register(SecurityConfiguration.class);
...
}
那么你可以尝试在http后面添加。在“配置”方法中(如果您在授权之前不使用 csrf token ):
csrf().disable()
并检查其他 bean:
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
list.add(daoAuthenticationProvider());
return new ProviderManager(list);
}
//If you use this filter (I think so, because you've defined 'username' and 'password' in
'configure' method)
@Bean
public UsernamePasswordAuthenticationFilter filter() {
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager(providerManager());
return filter;
}
关于java - Spring安全注销调用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24530603/