我对Spring框架不满意。
尝试为应用配置安全选项。我有以下作为我的(无xml)安全性配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("accountService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/admin/**" ).hasRole( "Admin" )
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl( "/j_spring_security_check" )
.failureUrl( "/loginfailed" )
.permitAll()
.and().logout().logoutSuccessUrl("/logout")
.and().exceptionHandling().accessDeniedPage("/403");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
它显示登录页面,但是在我提交时抛出
/j_spring_security_check Not Found异常。任何帮助深表感谢。因此,我的网络配置为:
public class WebConfig implements WebApplicationInitializer {
public void onStartup( ServletContext servletContext ) throws ServletException {
AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
applicationContext.register( MvcServletConfig.class );
applicationContext.register( SecurityConfig.class );
//Add the servlet mapping manually and make it initialize automatically
ServletRegistration.Dynamic servlet = servletContext.addServlet( "dispatcher", new DispatcherServlet( applicationContext ) );
servletContext.addListener(new ContextLoaderListener(applicationContext));
servlet.addMapping( "/" );
servlet.setLoadOnStartup( 1 );
}
}
最佳答案
请参见docs.loginPage("/")覆盖您必须提交的URL。
您可能想要的是.loginPage("/j_spring_security_check")