身份验证弹簧安全

Question

我正在尝试使用 spring security 和 jsf 进行身份验证，但是当我输入身份验证信息时它不起作用。 我尝试了一些解决方案，这是一个主题，这是我第一次配置 jsf，spring security

这是我的代码：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;

@Autowired
public void configurationGlobal(AuthenticationManagerBuilder auth) throws  Exception {
       auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
   // auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().
            authorizeRequests()
                .anyRequest()
                      .authenticated()
            .and()
            .formLogin()
                 .loginPage("/login.xhtml").loginProcessingUrl("login").failureUrl("/login.xhtml?error=true")
                      .permitAll()
            .defaultSuccessUrl("/index.xhtml");

}

@Bean
public BCryptPasswordEncoder passwordEncoder() {
 return new BCryptPasswordEncoder();
};
}

这是我的登录页面

      <form action="${request.contextPath}/login" method="POST">
        <h:outputLabel value="Enter UserName:" />
        <input type="text" name="username"/><br/><br/>
        <h:outputLabel value="Enter Password:" />
        <input type="password" name="password"/> <br/><br/>         
        <input type="submit" value="Login"/>
        <input type="hidden" name="${_csrf.parameterName}"   value="${_csrf.token}"/>           
      </form>

faces-config.xml

  <?xml version='1.0' encoding='UTF-8'?>
    <faces-config version="2.2"
          xmlns="http://xmlns.jcp.org/xml/ns/javaee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-facesconfig_2_2.xsd">
      <application>
    <el-resolver>
            org.springframework.web.jsf.el.SpringBeanFacesELResolver
    </el-resolver>
   </application>
 </faces-config>

这是我的 web.xml

  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
  <context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
  </context-param>
  <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>
<welcome-file-list>
    <welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>
    org.springframework.web.context.request.RequestContextListener
</listener-class>
 </listener>
</web-app>

Answer 1

Spring boot 是一个独立的服务器，JSF 是一个 WEB 前端框架。首先，您应该将两者结合起来。为了便于开始使用https://github.com/joinfaces/joinfaces。

Answer 2

我通过删除 passwordEncoder 来解决问题

 @Bean
 public BCryptPasswordEncoder passwordEncoder() {
   return new BCryptPasswordEncoder();
  };

因为我使用的是 spring security 5，所以我在密码前添加了 {noop}，就像这样

 auth.inMemoryAuthentication().withUser("admin").password("{noop}admin").roles("ADMIN");