1. 首页
  2. 问答
  3. 即使在正确凭据后,弹簧安全性也无法登录

即使在正确凭据后,弹簧安全性也无法登录

2017-04-15 63 views
-1

即使在登录表单上提供了正确的凭证后,我仍无法登录。即使在正确凭据后,弹簧安全性也无法登录

的login.html

<div class="col-md-offset-3 col-md-6"> 
     <div th:if="${param.error != null}" style="color: red;">Incorrect Username or Password!</div> 
     <form th:action="@{/login}" method="post"> 
      <div class="imgcontainer"> 
       <img src="/image/img_avatar2.png" alt="Avatar" class="avatar" > 
      </div> 

      <div class="form-container"> 
       <label><b>Username</b></label> 
       <input type="text" placeholder="Enter Username" name="username" required> 

       <label><b>Password</b></label> 
       <input type="password" placeholder="Enter Password" name="password" required> 

       <button type="submit">Login</button> 
       <input type="checkbox" checked="checked"> Remember me 
      </div> 

      <div class="form-container" style="background-color:#f1f1f1"> 
       <button type="button" class="cancelbtn">Cancel</button> 
       <span class="psw">Forgot <a href="#">password?</a></span> 
      </div> 
     </form> 
    </div>

这是我securityconfig.java

@EnableWebSecurity 
@Configuration 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 


@Autowired 
private UserSecurityService userSecurityService; 

@Autowired 
private BCryptPasswordEncoder passwordEncoder(){ 
    return SecurityUtility.passwordEncoder(); 
} 

private static final String[] PUBLIC_MATCHERS={ 
     "/css/**", 
     "/js/**", 
     "/image/**", 
     "/login", 
     "/register", 
     "/fonts/**", 
     "/newUser", 
     "/forgetPassword", 
     "/" 
}; 

@Override 
protected void configure(HttpSecurity http) throws Exception{ 

    http 
      .authorizeRequests(). 
      antMatchers(PUBLIC_MATCHERS). 
      permitAll().anyRequest().authenticated(); 

    http 
      .csrf().disable().cors().disable() 
      .formLogin().failureUrl("/login?error") 
      .loginPage("/login").permitAll() 
      .defaultSuccessUrl("/") 
      .and() 
      .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) 
      .logoutSuccessUrl("/?logout").deleteCookies("remember-me").permitAll() 
      .and() 
      .rememberMe(); 
} 

@Autowired 
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{ 
    auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder()); 
} 

}

UserSecurityService.java

@Service 
public class UserSecurityService implements UserDetailsService { 

@Autowired 
private UserRepository userRepository; 

@Override 
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 

    Users users = userRepository.findByUsername(username); 
    if(users==null){ 
     throw new UsernameNotFoundException("Username not found"); 
    } 
    return users; 
} 
}

SecurityUtility.java

@Component 
public class SecurityUtility { 
private static final String SALT = "salt"; // Salt should be protected carefully 

@Bean 
public static BCryptPasswordEncoder passwordEncoder() { 
    return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes())); 
} 

@Bean 
public static String randomPassword() { 
    String SALTCHARS = "ABCEFGHIJKLMNOPQRSTUVWXYZ1234567890"; 
    StringBuilder salt = new StringBuilder(); 
    Random rnd = new Random(); 

    while (salt.length()<18) { 
     int index= (int) (rnd.nextFloat()*SALTCHARS.length()); 
     salt.append(SALTCHARS.charAt(index)); 
    } 
    String saltStr = salt.toString(); 
    return saltStr; 
} 
}

Users.java

@Entity 
public class Users implements UserDetails{ 

@Id 
@GeneratedValue(strategy = GenerationType.AUTO) 
private Long id; 

@Column(name = "username") 
private String username; 

@Column(name = "password") 
private String password; 
private String firstName; 
private String lastName; 

@Column(name = "email",nullable = false, updatable = false) 
private String email; 
private String phone; 
private boolean enabled=true; 

@OneToMany(mappedBy = "users", cascade = CascadeType.ALL, fetch = FetchType.EAGER) 
@JsonIgnore 
private Set<UserRoles> userRoles = new HashSet<>(); 

public Set<UserRoles> getUserRoles() { 
    return userRoles; 
} 

public void setUserRoles(Set<UserRoles> userRoles) { 
    this.userRoles = userRoles; 
} 

@Override 
public Collection<? extends GrantedAuthority> getAuthorities() { 
    Set<GrantedAuthority> authorities = new HashSet<>(); 
    userRoles.forEach(ur->authorities.add(new Authority(ur.getRoles().getName()))); 
    return authorities; 
} 

@Override 
public boolean isAccountNonExpired() { 
    return false; 
} 

@Override 
public boolean isAccountNonLocked() { 
    return false; 
} 

@Override 
public boolean isCredentialsNonExpired() { 
    return false; 
} 

===========other getter setters=================== 
}

我似乎无法找到确切位置是错误的。无论我插入在我的输入字段,它总是重定向与登录错误页面。

来源

2017-04-15 sagar limbu

回答

0

查看整个代码后,我又发现我在我的users.java类上犯了愚蠢的错误。

@Override 
public boolean isAccountNonExpired() { 
return false; 
} 

@Override 
public boolean isAccountNonLocked() { 
return false; 
} 

@Override 
public boolean isCredentialsNonExpired() { 
return false; 
}

的代码这三个块实际上应该返回true。所有在我的情况下返回false,这意味着我试图登录非活动,过期和锁定帐户。

来源

2017-04-15 19:54:30

相关问题

 相关问题