我是Spring Security的新手。我有简单的mvc应用程序,当我想调用控制器的post方法(请求映射值与loginProcessingUrl的值相同)时会出现问题。
控制器类:
@Controller
public class LoginController {
@RequestMapping(value = "/showlogin", method = RequestMethod.GET)
public String showLogin() {
System.out.println("Showing login...");
return "login";
}
// this method is not being invoked
@RequestMapping(value = "/authuser", method = RequestMethod.POST)
public void printUserData() {
System.out.println("Printing user data...");
}
}
配置类:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
User.UserBuilder users = User.withDefaultPasswordEncoder();
auth.inMemoryAuthentication()
.withUser(users.username("dejan").password("dejan").roles("EMPLOYEE"))
.withUser(users.username("marko").password("marko").roles("ADMINISTRATOR"));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/showlogin")
.loginProcessingUrl("/authuser")
.permitAll()
.and()
.csrf().disable();
}
}
自定义登录页面:
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<form th:action="@{/authuser}" method="post">
Username: <input type="text" name="username" />
Password: <input type="password" name="password" />
<input type="submit" value="Login" />
</form>
</body>
</html>
答案 0 :(得分:0)
我猜你的问题在这里:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
...
}
将此更改为:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.formLogin()
.loginPage("/showlogin")
.loginProcessingUrl("/authuser")
.permitAll()
.and()
.anyRequest().authenticated()
.csrf().disable();
}
答案 1 :(得分:0)
continueChainBeforeSuccessfulAuthentication
中有一个名为AbstractAuthenticationProcessingFilter
的属性可以做到这一点。但似乎它并未公开任何配置,
因此,您需要自己创建UsernamePasswordAuthenticationFilter
而不是formLogin
,并将continueChainBeforeSuccessfulAuthentication
设置为true