由于WebSecurityConfigurerAdapter
已被弃用,我试图用SecurityFilterChain filterChain(HttpSecurity http)
取代configure(HttpSecurity http)
。我试着把下面的代码拼凑在一起,但它不起作用,并且在chrome上给出localhost redirected you too many times
错误,但在控制台没有显示任何错误。我甚至按照建议清除了cookie,但它仍然不起作用。
AppSecurityConfig.java
@Configuration
public class AppSecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public AuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(new BCryptPasswordEncoder());
return provider;
}
//Trying to replace configure(HttpSecurity http) method
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.logout().invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/logout-success").permitAll();
return http.build();
}
}
.authorizeRequests()
已弃用,所以我使用.authorizeHttpRequests()
。下面SS是chrome的输出:chrome
输出错误HomeComtroller.java
@Controller
public class HomeController {
@RequestMapping("/")
public String home() {
return "home.jsp";
}
@RequestMapping("/login")
public String loginPage() {
return "login.jsp";
}
@RequestMapping("/logout-success")
public String logoutPage() {
return "logout.jsp";
}
}
login . jsp
<body>
<h1>Login</h1>
${SPRING_SECURITY_LAST_EXCEPTION.message}
<form action="login" method="post">
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value='' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name='password' /></td>
</tr>
<tr>
<td><input type="submit" name='submit' value='submit' /></td>
</tr>
</table>
</form>
</body>
</html>
.loginPage()
javadoc说:
...login page to redirect to if authentication is required...
您的端点/login
由控制器服务,您进入重定向周期。你可以试试下一个:
- 创建
MvcConfig
类(根据自己的规则自定义):
@Configuration
public class MvcConfig extends WebMvcConfigurationSupport {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
}
}
- 从控制器中删除
/login
端点 - 测试新配置
希望能有所帮助,请随时反馈我的答案。