我正在尝试学习Spring,并且已经在我的应用程序中设置了Spring Security。我只想允许只访问数据库中的用户,使用我的登录页面,该页面具有简单的格式并且应该是https,但目前https不是由Spring执行的,尽管它应该,任何人都可以登录"在我的应用程序中,使用登录页面后没有收到任何错误。
这是我的SecurityConfig.java页面:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(
"select username, password" +
"from users where username=?")
.authoritiesByUsernameQuery(
"select username from users where username=?")
.passwordEncoder(new StandardPasswordEncoder("53cr3t"));
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.formLogin()
.loginPage("/Login.html")
.and()
.logout()
.and()
.authorizeRequests().antMatchers(HttpMethod.POST,"/Login").authenticated().
anyRequest().authenticated()
.and()
.requiresChannel()
.antMatchers("/Login").requiresSecure();
}
}
这是我的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>MusicPortal</display-name>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
</web-app>
这是我的spring-dispatcher-servlet.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.1.xsd">
<context:component-scan base-package="com.loucat.musicportal.controller,com.loucat.musicportal.model,com.loucat.musicportal.dao"/>
<bean id="viewResolver" class="org.thymeleaf.spring3.view.ThymeleafViewResolver" p:templateEngine-ref="templateEngine"/>
<bean id="templateEngine" class="org.thymeleaf.spring3.SpringTemplateEngine" p:templateResolver-ref="templateResolver" />
<bean id="templateResolver"
class="org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver">
<property name="prefix" value="/WEB-INF/" />
<property name="suffix" value=".html" />
<property name="templateMode" value="HTML5" />
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.postgresql.Driver" />
<property name="url" value="jdbc:postgresql://localhost:5432/musicportal" />
<property name="username" value="postgres" />
<property name="password" value="postgres" />
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
</beans>
我的登录页面是Login.html,它有一个表格,将结果发布到/PostLogin.html,后者有另一个Controller。 我想知道这可能是一个问题,因为在一些教程中,我已经看到他们重新使用了登录页面。
我希望这足以得到一些帮助,谢谢!
答案 0 :(得分:-1)
尝试添加
changeController()到spring-dispatcher-servlet.xml