使用Spring Security春天开机j_spring_security_check不允许
问题描述:
我的春季安全配置使用Spring Security春天开机j_spring_security_check不允许
@Configuration
@EnableWebSecurity
@ComponentScan({"org.app.genesis.client.auth"})
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationProvider customAuthProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.and()
.formLogin().loginPage("/").failureUrl("/?error")
.and()
.logout().logoutSuccessUrl("/?logout")
.and()
.csrf();
}
}
我application.properties
spring.view.prefix: /WEB-INF/jsp/
spring.view.suffix: .jsp
security.basic.enabled=false
logging.level.org.springframework.security=INFO
我的春节,引导配置
@SpringBootApplication
@ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service",
"org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"})
@EnableJpaRepositories(basePackages = "org.app.genesis.*.repo")
@EntityScan(basePackages = "org.app.genesis.*.model")
public class Application extends SpringBootServletInitializer {
public static void main(String[] args) {
ApplicationContext ctx = SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
}
我POM的要点。 xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<!-- Spring Framework Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
登录表单
<form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST">
<fieldset>
<input class="form-control form-group" type="text" name="j_username" placeholder="Username">
<input class="form-control" type="password" name="j_password" placeholder="Password" >
<a class="forgot pull-right" href="#">Forgot password?</a>
<button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
</fieldset>
</form>
,在这个错误在日志生成的页面
@RequestMapping(value="/")
public String index() {
return "index";
}
然而控制器显示
我想要迁移我现有的注释上的security.xml配置。但是弹出所述错误。这里是我的security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.brightworks.genesis.client.auth"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http>
<intercept-url pattern="/api/*" requires-channel="https"/>
<!--TODO Add RESOURCE PATTERN checker -->
<form-login login-page="/index.jsp" default-target-url="/dashboard"/>
<logout />
</http>
<!-- Test Login values -->
<authentication-manager>
<!--use inMemoryUserDetailsService for faux auth -->
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
</beans:beans>
就在你们需要看到的封装结构
我错过了在配置什么情况?
答
从下面的链接,你可以看到,标注的Java配置以下的事情持有
http://spring.io/blog/2013/07/03/spring-security-java-config-preview-web-security/
GET /登录呈现登录页面,而不是/ spring_security_login的
POST /登录认证使用为r的不是/ j_spring_security_check
你需要做以下修改,让您的安全工作。
更改你的春季安全配置如下
@Override
protected void configure(HttpSecurity http) throws Exception { http
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login/")
.loginProcessingUrl("/login")
.failureUrl("/login?error")
.permitAll();
}
你的JSP应(j_spring_security_check与登录所取代,为j_username使用用户名代替)
<form class="form-signin"name="f" action="${pageContext.request.contextPath}/login" method="POST">
<fieldset>
<input class="form-control form-group" type="text" name="username" placeholder="Username">
<input class="form-control" type="password" name="password" placeholder="Password" >
<a class="forgot pull-right" href="#">Forgot password?</a>
<button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
</fieldset>
</form>
若要指定仪表板作为默认目标网址,您可以执行以下操作。
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.addViewController("/").setViewName("dashboard");
registry.addViewController("/dashboard").setViewName("dashboard");
}