本文介绍了不允许使用 Spring Security j_spring_security_check 的 Spring Boot的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的 Spring 安全配置
My Spring Security Config
@Configuration
@EnableWebSecurity
@ComponentScan({"org.app.genesis.client.auth"})
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationProvider customAuthProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.formLogin().loginPage("/").failureUrl("/?error")
.and()
.logout().logoutSuccessUrl("/?logout")
.and()
.csrf();
}
}
我的 application.properties
my application.properties
spring.view.prefix: /WEB-INF/jsp/
spring.view.suffix: .jsp
security.basic.enabled=false
logging.level.org.springframework.security=INFO
我的 Spring 启动配置
my Spring boot configuration
@SpringBootApplication
@ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service",
"org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"})
@EnableJpaRepositories(basePackages = "org.app.genesis.*.repo")
@EntityScan(basePackages = "org.app.genesis.*.model")
public class Application extends SpringBootServletInitializer {
public static void main(String[] args) {
ApplicationContext ctx = SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
}
我的 pom.xml 的要点
A Gist of my pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<!-- Spring Framework Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
登录表单
<form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST">
<fieldset>
<input class="form-control form-group" type="text" name="j_username" placeholder="Username">
<input class="form-control" type="password" name="j_password" placeholder="Password" >
<a class="forgot pull-right" href="#">Forgot password?</a>
<button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
</fieldset>
</form>
生成页面的控制器
@RequestMapping(value="/")
public String index() {
return "index";
}
但是登录后显示这个错误
However upon logging in this error shows
我正在尝试在注释上迁移我现有的 security.xml 配置.但是会弹出上述错误.这是我的 security.xml
I am trying to migrate my existing security.xml configuration on annotation. but however the said error pops up. here is my security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.brightworks.genesis.client.auth"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http>
<intercept-url pattern="/api/*" requires-channel="https"/>
<!--TODO Add RESOURCE PATTERN checker -->
<form-login login-page="/index.jsp" default-target-url="/dashboard"/>
<logout />
</http>
<!-- Test Login values -->
<authentication-manager>
<!--use inMemoryUserDetailsService for faux auth -->
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
</beans:beans>
以防万一你们需要查看包结构
Just in case you guys need to see the package structure
我是否遗漏了配置中的任何内容?
Have I missed anything in the configurations?
推荐答案
从下面的链接中,您可以看到注解 java config 的内容如下
From the below link, you can see that for annotation java config the following things hold
http://spring.io/blog/2013/07/03/spring-security-java-config-preview-web-security/
GET/login 呈现登录页面而不是/spring_security_login
POST/login 验证用户而不是/j_spring_security_check
您需要进行以下更改才能使您的安全工作.
You need to make the following changes to get your security working.
按如下方式更改您的 spring 安全配置
@Override
protected void configure(HttpSecurity http) throws Exception { http
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login/")
.loginProcessingUrl("/login")
.failureUrl("/login?error")
.permitAll();
}
您的 JSP 应该是(j_spring_security_check 替换为登录名,j_username 替换为用户名)
<form class="form-signin"name="f" action="${pageContext.request.contextPath}/login" method="POST">
<fieldset>
<input class="form-control form-group" type="text" name="username" placeholder="Username">
<input class="form-control" type="password" name="password" placeholder="Password" >
<a class="forgot pull-right" href="#">Forgot password?</a>
<button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
</fieldset>
</form>
要将仪表板指定为默认目标 URL,您可以执行以下操作.
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.addViewController("/").setViewName("dashboard");
registry.addViewController("/dashboard").setViewName("dashboard");
}
这篇关于不允许使用 Spring Security j_spring_security_check 的 Spring Boot的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!