我有以下AuthenticationProvider:
@Component
public class RestAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
// do nothing for now
//
return new UsernamePasswordAuthenticationToken(name, password);
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(
UsernamePasswordAuthenticationToken.class);
}
}
SecurityConfig:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthenticationProvider authProvider;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.eraseCredentials(true)
.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
// permitir siempre
.antMatchers("/", "/favicon.ico", "/resources/**", "/signup", "/about").permitAll()
// All remaining URLs require that the user be successfully authenticated
.anyRequest().authenticated()
.and()
// Setup form based authentication using the Java configuration defaults. Authentication is performed when a POST is submitted to the URL “/login” with the parameters “username” and “password”.
.formLogin()
.loginPage("/signin")
.permitAll()
.failureUrl("/signin?error=1")
.loginProcessingUrl("/authenticate")
.and()
.httpBasic()
.and()
.logout()
.logoutUrl("/logout")
.permitAll()
.logoutSuccessUrl("/signin?logout")
.and()
.rememberMe()
.and()
.authenticationProvider(authProvider)
;
}
}
配置应该足够,但永远不会调用身份验证方法。奇怪的是,这是昨晚的工作,我不知道发生了什么变化。
形式:
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Sign In</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<link href="../../../resources/css/bootstrap.min.css" rel="stylesheet" media="screen" th:href="@{/resources/css/bootstrap.min.css}"/>
<link href="../../../resources/css/core.css" rel="stylesheet" media="screen" th:href="@{/resources/css/core.css}" />
</head>
<body>
<div th:replace="fragments/layout :: header"></div>
<form class="form-narrow form-horizontal" action="#" method="post" th:action="@{/authenticate}">
<th:block th:if="${param.error != null}">
<div th:replace="fragments/components :: alert (type='danger', message='Sign in error. Please try again.')">Alert</div>
</th:block>
<fieldset>
<legend>Please Sign In</legend>
<div class="form-group">
<label for="inputEmail" class="col-lg-2 control-label">Username</label>
<div class="col-lg-10">
<input type="text" class="form-control" id="inputEmail" placeholder="Username" name="username" />
</div>
</div>
<div class="form-group">
<label for="inputPassword" class="col-lg-2 control-label">Password</label>
<div class="col-lg-10">
<input type="password" class="form-control" id="inputPassword" placeholder="Password" name="password" />
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-10">
<div class="checkbox">
<label>
<input type="checkbox" name="_spring_security_remember_me" /> Remember me
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-10">
<button type="submit" class="btn btn-default">Sign in</button>
</div>
</div>
</fieldset>
</form>
<div th:replace="fragments/layout :: footer"></div>
</body>
</html>
配置和配置。并且 authProvider 不为空。
显示登录表单。然后我把用户/名称我得到以下错误:
TFS Build vNext - copy all assemblies to one folder
HTTP错误404
答案 0 :(得分:0)
问题是另一回事。 404是关于缺少的错误处理程序。错误(在chrome开发人员控制台中可见)是:
spring无法验证提供的CSRF令牌,因为找不到您的会话。