使用AngularJS登录401的Spring Security未经授权

Question

我正在尝试使用前端使用AngularJS的Spring Security成功验证用户。

基本上应该发生的是： 1）新用户应该能够使用唯一的用户名和密码填写注册表 2）提交后，Angular将用户/传递组合POST到spring security指定的URL。 3）Spring Security验证帐户并记录用户。 4）用户的会话开始并显示为登录在前端。

挂断正在第2步中发生。信息未成功发布到spring登录URL。我的失败处理程序被触发（在下面的代码中）并且登录过程暂停。

POST http://localhost:8080/libroomreserve/login 401 (Unauthorized)

这是我的Spring Security配置：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource dataSource;

@Autowired
private AuthenticationFailure authFailure;

@Autowired
private AuthenticationSuccess authSuccess;

@Autowired
private EntryPointUnauthorizedHandler unauthorizedHandler;

@Autowired
private UserDetailServiceImpl userDetails;

@Override
protected void configure(HttpSecurity http) throws Exception{
    http
            .csrf().disable()
            .exceptionHandling()
                .authenticationEntryPoint(unauthorizedHandler)
            .and()
            .formLogin()
                .successHandler(authSuccess) //sets status to 200 OK
                .failureHandler(authFailure) //sets status to 401 Unauthorized
            .and()
            .authorizeRequests()
                .antMatchers("/**")
                    .permitAll();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth
            .userDetailsService(userDetails);
}

失败处理程序：

@Component
public class AuthenticationFailure extends    SimpleUrlAuthenticationFailureHandler{

  @Override
  public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  }
}

成功处理程序：

@Component
public class AuthenticationSuccess extends SimpleUrlAuthenticationSuccessHandler{

  @Override
  public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
    response.setStatus(HttpServletResponse.SC_OK);
  }
}    

的AuthenticationEntryPoint：

@Component
public class EntryPointUnauthorizedHandler implements AuthenticationEntryPoint{

    @Override
    public void commence(HttpServletRequest hsr, HttpServletResponse hsr1, AuthenticationException ae) throws IOException, ServletException {
    hsr1.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access Denied.");
    }  
}

在AngularJS方面，这是我的服务：

.factory('sessionService', function($http, $base64){
    var session = {};
    session.login = function(data){
        return $http.post("/libroomreserve/login", "username=" + data.userName + "&password" + data.password,
            {
                headers: {
                    'Content-Type' : 'application/x-www-form-urlencoded'
                }
            })
            //.then() is a "PROMISE" which is executed after initial return function is performed        
            .then(function(){
                console.log("Logged in the user!");
                localStorage.setItem("session", {}); 
            }, function(){
                console.log("Error logging in the user...");
            });
    };
    session.logout = function(){
        localStorage.removeItem("session");
        console.log("User has been logged out.");
    };
    session.isLoggedIn = function(){
        return localStorage.getItem("session") !== null;
    };
    return session;
})

作为参考，我正在关注Chris Henkel的教程here。我发现他的代码与我的代码之间没有任何差异。

另外，新注册的用户正在登录数据库，因此凭据可用于身份验证。