我正在尝试使用前端使用AngularJS的Spring Security成功验证用户。
基本上应该发生的是: 1)新用户应该能够使用唯一的用户名和密码填写注册表 2)提交后,Angular将用户/传递组合POST到spring security指定的URL。 3)Spring Security验证帐户并记录用户。 4)用户的会话开始并显示为登录在前端。
挂断正在第2步中发生。信息未成功发布到spring登录URL。我的失败处理程序被触发(在下面的代码中)并且登录过程暂停。
POST http://localhost:8080/libroomreserve/login 401 (Unauthorized)
这是我的Spring Security配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private AuthenticationFailure authFailure;
@Autowired
private AuthenticationSuccess authSuccess;
@Autowired
private EntryPointUnauthorizedHandler unauthorizedHandler;
@Autowired
private UserDetailServiceImpl userDetails;
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler)
.and()
.formLogin()
.successHandler(authSuccess) //sets status to 200 OK
.failureHandler(authFailure) //sets status to 401 Unauthorized
.and()
.authorizeRequests()
.antMatchers("/**")
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetails);
}
失败处理程序:
@Component
public class AuthenticationFailure extends SimpleUrlAuthenticationFailureHandler{
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
}
成功处理程序:
@Component
public class AuthenticationSuccess extends SimpleUrlAuthenticationSuccessHandler{
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_OK);
}
}
的AuthenticationEntryPoint:
@Component
public class EntryPointUnauthorizedHandler implements AuthenticationEntryPoint{
@Override
public void commence(HttpServletRequest hsr, HttpServletResponse hsr1, AuthenticationException ae) throws IOException, ServletException {
hsr1.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access Denied.");
}
}
在AngularJS方面,这是我的服务:
.factory('sessionService', function($http, $base64){
var session = {};
session.login = function(data){
return $http.post("/libroomreserve/login", "username=" + data.userName + "&password" + data.password,
{
headers: {
'Content-Type' : 'application/x-www-form-urlencoded'
}
})
//.then() is a "PROMISE" which is executed after initial return function is performed
.then(function(){
console.log("Logged in the user!");
localStorage.setItem("session", {});
}, function(){
console.log("Error logging in the user...");
});
};
session.logout = function(){
localStorage.removeItem("session");
console.log("User has been logged out.");
};
session.isLoggedIn = function(){
return localStorage.getItem("session") !== null;
};
return session;
})
作为参考,我正在关注Chris Henkel的教程here。我发现他的代码与我的代码之间没有任何差异。
另外,新注册的用户正在登录数据库,因此凭据可用于身份验证。