-1
我試圖學習Spring,並且在我的應用程序中設置了Spring Security。我只希望只允許訪問數據庫中的用戶,使用我的登錄頁面,該頁面有一個簡單的形式,並且應該在https中,但是在https的時候,Spring不會強制執行,儘管它應該和任何人可以在我的應用程序中「登錄」,並且在他們使用登錄頁面後不會收到任何錯誤。Spring Security不會阻止未經授權的用戶登錄
這是我的SecurityConfig.java頁:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(
"select username, password" +
"from users where username=?")
.authoritiesByUsernameQuery(
"select username from users where username=?")
.passwordEncoder(new StandardPasswordEncoder("53cr3t"));
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.formLogin()
.loginPage("/Login.html")
.and()
.logout()
.and()
.authorizeRequests().antMatchers(HttpMethod.POST,"/Login").authenticated().
anyRequest().authenticated()
.and()
.requiresChannel()
.antMatchers("/Login").requiresSecure();
}
}
這是我的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>MusicPortal</display-name>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
</web-app>
這是我的春天 - 調度 - servlet.xml中:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.1.xsd">
<context:component-scan base-package="com.loucat.musicportal.controller,com.loucat.musicportal.model,com.loucat.musicportal.dao"/>
<bean id="viewResolver" class="org.thymeleaf.spring3.view.ThymeleafViewResolver" p:templateEngine-ref="templateEngine"/>
<bean id="templateEngine" class="org.thymeleaf.spring3.SpringTemplateEngine" p:templateResolver-ref="templateResolver" />
<bean id="templateResolver"
class="org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver">
<property name="prefix" value="/WEB-INF/" />
<property name="suffix" value=".html" />
<property name="templateMode" value="HTML5" />
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.postgresql.Driver" />
<property name="url" value="jdbc:postgresql://localhost:5432/musicportal" />
<property name="username" value="postgres" />
<property name="password" value="postgres" />
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
</beans>
我的登錄頁面是Login.html,它有一個表單將結果發佈到/PostLogin.html,它有另一個控制器。 我想知道這可能是一個問題,因爲在我看到他們重新使用登錄頁面本身。
我希望這足以得到一些幫助,謝謝!
什麼是SecurityConfig的包?它是否在spring-dispatcher-servlet.xml中列出? – chomnoue
我認爲這是個問題:anyRequest()。authenticated() –
@chomnoue:該軟件包沒有列出,感謝您發現這一點。但添加後行爲不會改變...... –