不允许使用 Spring Security j_spring_security_check 的 Spring Boot

【问题标题】:Spring boot with Spring Security j_spring_security_check not allowed不允许使用 Spring Security j_spring_security_check 的 Spring Boot
【发布时间】:2015-04-06 14:26:04
【问题描述】:

我的 Spring 安全配置

@Configuration
@EnableWebSecurity
@ComponentScan({"org.app.genesis.client.auth"})
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationProvider customAuthProvider;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthProvider);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .and()
            .formLogin().loginPage("/").failureUrl("/?error")
            .and()
            .logout().logoutSuccessUrl("/?logout")
            .and()
            .csrf();
    }
}

我的应用程序.properties

spring.view.prefix: /WEB-INF/jsp/
spring.view.suffix: .jsp
security.basic.enabled=false
logging.level.org.springframework.security=INFO

我的 Spring 启动配置

@SpringBootApplication
@ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service",
    "org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"})
@EnableJpaRepositories(basePackages = "org.app.genesis.*.repo")
@EntityScan(basePackages = "org.app.genesis.*.model")
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) {
        ApplicationContext ctx = SpringApplication.run(Application.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }

}

我的 pom.xml 的要点

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-tomcat</artifactId>
    <scope>provided</scope>
</dependency>
<!-- Spring Framework Dependencies -->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-actuator</artifactId>
</dependency>
<dependency>
    <groupId>org.apache.tomcat.embed</groupId>
    <artifactId>tomcat-embed-jasper</artifactId>
    <scope>provided</scope>
</dependency>
<dependency>
    <groupId>javax.servlet</groupId>
    <artifactId>jstl</artifactId>
    <scope>provided</scope>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

登录表单

<form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST">
            <fieldset>
                    <input class="form-control form-group" type="text" name="j_username" placeholder="Username">
                    <input class="form-control" type="password" name="j_password" placeholder="Password" >
                    <a class="forgot pull-right" href="#">Forgot password?</a>
                    <button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
            </fieldset>
        </form>

生成页面的控制器

@RequestMapping(value="/")
public String index() {
    return "index";
}

但是在登录时显示此错误

我正在尝试在注释上迁移我现有的 security.xml 配置。但是,弹出上述错误。这是我的security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd
           http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="org.brightworks.genesis.client.auth"/>

    <http pattern="/resources/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>

    <http>
        <intercept-url pattern="/api/*" requires-channel="https"/>
        <!--TODO Add RESOURCE PATTERN checker -->
        <form-login login-page="/index.jsp" default-target-url="/dashboard"/>
        <logout />
    </http>

    <!-- Test Login values -->
    <authentication-manager>
        <!--use inMemoryUserDetailsService for faux auth -->
        <authentication-provider ref="customAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>

以防万一你们需要查看包结构

我是否遗漏了配置中的任何内容?

【问题讨论】:

    标签: java spring spring-security spring-boot


    【解决方案1】:

    从下面的链接中,你可以看到注解 java config 有以下内容

    http://spring.io/blog/2013/07/03/spring-security-java-config-preview-web-security/

    1. GET /login 呈现登录页面而不是 /spring_security_login

    2. POST /login 对用户进行身份验证,而不是 /j_spring_security_check

    您需要进行以下更改才能使您的安全性正常工作。

    如下更改您的 spring 安全配置

        @Override
    protected void configure(HttpSecurity http) throws Exception {  http
        .authorizeRequests()
            .antMatchers("/login").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login/")
            .loginProcessingUrl("/login")
            .failureUrl("/login?error")
            .permitAll();
    }

    你的 JSP 应该是(j_spring_security_check 替换为登录名,j_username 替换为用户名)

    <form class="form-signin"name="f" action="${pageContext.request.contextPath}/login" method="POST">
            <fieldset>
                    <input class="form-control form-group" type="text" name="username" placeholder="Username">
                    <input class="form-control" type="password" name="password" placeholder="Password" >
                    <a class="forgot pull-right" href="#">Forgot password?</a>
                    <button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
            </fieldset>
        </form>

    要将仪表板指定为默认目标 URL,您可以执行以下操作。

    @Override
public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/login").setViewName("login");
    registry.addViewController("/").setViewName("dashboard");
    registry.addViewController("/dashboard").setViewName("dashboard");
}

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2015-07-22
      • 2013-05-03
      • 2013-08-20
      • 2022-10-24
      • 1970-01-01
      • 2013-03-10
      • 2015-07-10
      • 2014-01-09
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode