2017-06-04 70 views
0

我的春天安全配置:Spring Security的登錄與自定義表單

@EnableWebSecurity 
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{ 

     @Autowired 
     private ClientDetailsService clientDetailsService; 

     @Autowired 
     public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception { 
      auth.inMemoryAuthentication() 
       .withUser("username").password("password") 
       .authorities("USER"); 
     } 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      http 
      .authorizeRequests() 
       .anyRequest().authenticated() 
       .and() 
      .formLogin() 
       .loginPage("/login") 
       .permitAll() 
       .and().csrf().disable(); 
     } 

     .... 
} 

我的春天啓動控制器:

@Controller 
@RequestMapping("/") 
public class IndexController extends BaseController { 

    @RequestMapping(value = "/login", method = RequestMethod.GET) 
    public String login() { 
     return "login"; 
    } 
.... 
} 

嗨,我試圖使用Spring安全與定製的登錄表單。 我的問題是:

  1. 當我進入localhost:8080/login的瀏覽器不直接到我的login.jsp,它只是彈出一個默認的形式使用文本框輸入用戶名和密碼。

  2. 當我輸入「username」作爲用戶名,「password」作爲密碼後,它返回認證失敗。

回溯:

Request '/login' matched by universal pattern '/**' 
DEBUG - matched 
DEBUG - /login at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
DEBUG - /login at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG - /login at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
DEBUG - /login at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG - Trying to match using Ant [pattern='/logout', GET] 
DEBUG - Checking match of request : '/login'; against '/logout' 
DEBUG - Trying to match using Ant [pattern='/logout', POST] 
DEBUG - Request 'GET /login' doesn't match 'POST /logout 
DEBUG - Trying to match using Ant [pattern='/logout', PUT] 
DEBUG - Request 'GET /login' doesn't match 'PUT /logout 
DEBUG - Trying to match using Ant [pattern='/logout', DELETE] 
DEBUG - Request 'GET /login' doesn't match 'DELETE /logout 
DEBUG - No matches found 
DEBUG - /login at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
DEBUG - Basic Authentication Authorization header found for user 'username' 
DEBUG - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 
DEBUG - User 'username' not found 
DEBUG - Returning cached instance of singleton bean 'delegatingApplicationListener' 
DEBUG - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 

回答

-1

貌似匿名用戶沒有訪問/登錄

http 
    .authorizeRequests() 
     .antMatchers("/login").anonymous() 
     .anyRequest().authenticated() 
     .and() 
    .formLogin() 
     .loginPage("/login") 
     .permitAll() 
     .and().csrf().disable(); 

Overmore,看起來你與Authorization頭做請求對您的服務器用於基本認證。

DEBUG - Basic Authentication Authorization header found for user 'username'

相關問題