试图让我的登录页面正确响应无效/有效的输入

我目前正试图让我的登录页面(使用spring boot/thyymeleaf)通过显示相同的页面来响应无效的输入(错误的电子邮件/密码)，但有额外的消息说"电子邮件或密码不正确"。到目前为止，它还不起作用，看起来我的控制器甚至根本没有与输入交互。我认为这是因为当我提交无效的输入时，它不会像在控制器的Post方法中指定的那样返回/login，而是转到"http://localhost:3307/login?error"，这让我认为控制器的Post方法根本不起作用。这是我的html代码(使用一些bootstrap模板)和我的UserController。

HTML代码(可能有点乱)

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">

<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>

<meta charset="ISO-8859-1">

<title>Login Page</title>
</head>
<body>
<div id="login">
<h3 class="text-center text-white pt-5">Login form</h3>
<div class="container">
<div id="login-row" class="row justify-content-center align-items-center">
<div id="login-column" class="col-md-6">
<div id="login-box" class="col-md-12">
<h3 class="text-center text-info">Login</h3>
<form id="login-form" class="form" th:action="@{/login}" th:object="${user}" method="post">
<p th:if="${invalidCredentials}" class="error">Email or Password is incorrect</p>
<div class="form-group">
<label for="email" class="text-info">Email:</label><br>
<input type="text" name="email" id="email" class="form-control">
</div>
<div class="form-group">
<label for="password" class="text-info">Password:</label><br>
<input type="text" name="password" id="password" class="form-control">
</div>
<div class="form-group">
<input type="submit" name="submit" class="btn btn-info btn-md" value="submit">
</div>
<div id="register-link" class="text-right">
<a href="#" class="text-info">Register here</a>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

My Controller Class


@Controller
public class UserController {

UserRepository userRepo;
UserService userService;

@GetMapping("/login")
public String login(Model model) {
User user=new User();
model.addAttribute("user", user);
return "login";
}

@PostMapping("/login")
public String loginUser(@ModelAttribute("user") User user, Model model) {
//Checking if User exists and if information is correct
if(userRepo.findByEmail(user.getEmail()).isPresent()) {
UserDetails userDetails = userService.loadUserByUsername(user.getEmail());
//Wrong PassWord
if(!userDetails.getPassword().equals(user.getPassword())) {
model.addAttribute("invaldCredentials", true);
return "login";
} 
//Correct info given, redirecting to home page
else {
return "home";
}
} 
//No existing User affiliated with given Email
model.addAttribute("invalidCredentials", true);

return "login";
}
}

我WebSecurityConfigurations


@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
private final UserService userService;
private final BCryptPasswordEncoder passwordEncoder;

public WebSecurityConfig(UserService userService, BCryptPasswordEncoder passwordEncoder) {
this.userService = userService;
this.passwordEncoder = passwordEncoder;
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeHttpRequests()
.antMatchers("/registration/**", "/login")
.permitAll()
.anyRequest()
.authenticated().and()
.formLogin().loginPage("/login").permitAll();;

return http.build();
}

protected void configure(AuthenticationManagerBuilder auth) throws Exception{

}

@Bean
public DaoAuthenticationProvider daoAutenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder);
provider.setUserDetailsService(userService);
return provider;
}
}

在登录错误的情况下，你可以告诉Spring重定向到另一个页面来处理这个错误(这是在配置Spring web安全时完成的)

....
.authenticated().and()
.formLogin().loginPage("/login").permitAll().failureUrl("/loginFailure")

如果你没有为失败的登录指定一个页面，Spring将返回一个带有错误参数的登录页面(例如/login?

，您可以在thyymeleaf中访问此参数，然后向用户显示错误。

<div th:if="${param.error != null}" >

<span  >Wrong credentials </span> 

</div>

同样，不需要编写端点(在本例中为loginUser)来处理登录过程，因为只要您正确设置了AuthenticationManager, Spring将自动为您完成此操作。

相关内容

最新更新

热门标签：