小贝子编程

Java找不到登录处理url



我正在尝试完成登录系统,但当我登录时,我收到以下错误

  • "HTTP错误404找不到";http://localhost:8181/user_login">

我知道这显然意味着找不到它,但我对它为什么找不到感到困惑。这是我的安全配置

@EnableWebSecurity
@Configuration
@Order(2)
public class UserSecurityConfig extends WebSecurityConfigurerAdapter {
protected void user(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.formLogin()
.loginPage("/user_login")
.defaultSuccessUrl("/success")
.failureUrl("/login?error==true")
.permitAll()
.and()
.csrf()
.disable()
;
}        
@Bean
public UserDetailsService userDetailsService() {
return new CustomUserDetailsService();
}
@Autowired
public void configurationGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

以及登录表单

<form:form name='user' action="/user_login" method='POST'>
<form:errors path="username" />

<label for="username">Email address</label>
<input type='text' class="form-control" name='username' value='' placeholder="Enter Email address"></td>
<label for="password">Password: </label>
<input type='password' class="form-control" name='password' /></td>


<input name="submit" class="btn btn-primary" type="submit" value="submit" /></td>

</form:form>

这是我的另一个安全管理员,工作

@EnableWebSecurity
@Configuration
@Order(1)
public class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin").password("12345").roles("ADMIN")
.and()
.withUser("tester").password("56789").roles("ADMIN");

}

@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login")
.permitAll()
.antMatchers("/newUser")
.permitAll()
.antMatchers("/admin")
.hasAnyRole("ADMIN")
.and()
.formLogin()
.loginPage("/login1")
.defaultSuccessUrl("/admin")
.failureUrl("/login?error=true")
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true) 
.and()
.csrf()
.disable()
;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

如果有人有任何想法或技巧来解决这个问题,我将不胜感激。谢谢Jim

主要问题是定义spring安全配置的方式不正确,当您使用WebSecurityConfigurerAdapter时,您应该使用方法重写来定义自定义设置,因为spring不知道如何找到该方法:

protected void user(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.formLogin()
.loginPage("/user_login")
.defaultSuccessUrl("/success")
.failureUrl("/login?error==true")
.permitAll()
.and()
.csrf()
.disable()
;
}

Ц工作版本Ж

@Configuration
@EnableWebSecurity
public class UserSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.formLogin()
.loginPage("/user_login")
.defaultSuccessUrl("/success")
.failureUrl("/login?error==true")
.permitAll()
.and()
.csrf().disable();
}
@Bean
public UserDetailsService userDetailsService() {
return new CustomUserDetailsService();
}
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService())
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

联合版本:我使用弹簧安全5.4.2

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/newUser").permitAll()
.antMatchers("/admin").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.failureUrl("/login?error==true")
.successHandler((httpServletRequest, httpServletResponse, authentication) -> {
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_ADMIN")) {
httpServletResponse.sendRedirect("/admin");
} else {
httpServletResponse.sendRedirect("/success");
}
})
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("admin").password("{noop}12345").roles("ADMIN")
.and()
.withUser("tester").password("{noop}56789").roles("ADMIN");
}
}

我测试了登录的可能性,所有的工作,当然我们不能支持两个不同的defaultSuccessUrl,因为http映射(HttpSecurity(是一个实例,哪个配置将首先加载,defaultSuccessUrl将用于登录表单。我省略了loginPage配置,我不认为我们可以支持这两个登录页面,就像defaultSuccessUrl配置一样。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium