0
我正在使用Spring构建REST服务并使用Spring Security。 loginform的默认解决方案不适合我。这是我的WebSecurityConfig:无法使用自定义loginProcessingUrl登录
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
class PostAuthSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.setStatus(200);
}
}
class PostAuthFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.setStatus(403);
e.printStackTrace(new PrintWriter(httpServletResponse.getOutputStream()));
}
}
@Autowired
private MySQLUserDetailsManager mySQLUserDetailsManager;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login", "/registration", "/checkUser", "/").permitAll()
.anyRequest().authenticated()
.and().formLogin()
.loginProcessingUrl("/login")
.successHandler(new PostAuthSuccessHandler())
.failureHandler(new PostAuthFailureHandler())
.permitAll()
.and().logout()
.permitAll()
.and().exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint());
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/scripts/**");
web.ignoring().antMatchers("/styles/**");
web.ignoring().antMatchers("/jquery-validate/**");
web.ignoring().antMatchers("/bootstrap-3.3.6/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(mySQLUserDetailsManager);
}
}
但/登录请求总是403禁止。我很理解,有些东西将我重定向到/ error。 UPD:所有页面都响应403 Forbidden,甚至是“/”,“/ checkuser”。