1. 首页
  2. 问答
  3. 春季安全总是302

春季安全总是302

2017-07-18 136 views
0

我试图把春季安全在我的春天启动的项目,但是当我尝试登录,服务器总是返回302春季安全总是302

package it.expenses.expenses; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.builders.WebSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 

import javax.sql.DataSource; 

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

@Autowired 
private UserDetailsService userDetailsService; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .csrf().disable() 
       .authorizeRequests() 
       .antMatchers("/getHomePage").permitAll() 
       .anyRequest().fullyAuthenticated() 
       .and() 
       .formLogin() 
       .loginPage("/getLoginPage") 
       .loginProcessingUrl("/login") 
       .usernameParameter("username") 
       .passwordParameter("password") 
       .defaultSuccessUrl("/getHomePage") 
       .permitAll() 
       .and() 
       .authorizeRequests() 
       .antMatchers("/", "/resources/static/**").permitAll() 
       .anyRequest().authenticated(); 


    } 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web.ignoring().antMatchers("/script/**"); 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); 
     auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); 
    } 
}

其实控制器仅需要回报的模板。

这是登录页面

<!DOCTYPE html> 
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> 
<head> 
    <title> Spring Boot MVC Security using Thymeleaf </title> 
    <link rel="stylesheet" href="/css/styles.css"/> 
</head> 
<body> 
<h3> Spring Boot MVC Security using Thymeleaf </h3> 
<p th:if="${param.error}" class="error"> 
    Bad Credentials 
</p> 
<form action="login" method="POST"> 
    User Name : <input type="text" name="username"/> <br/><br/> 
    Password: <input type="password" name="password"/> <br/><br/> 
    <input type="submit" value="Login"/> 
</form> 
</body> 
</html>

UserDetailService:

@Service 
public class UserDetailsServiceImpl implements UserDetailsService{ 

    @Autowired 
    private UserDao userDao; 

    @Override 
    public UserDetails loadUserByUsername(String userName) 
      throws UsernameNotFoundException { 
     Users user = userDao.getActiveUser(userName); 
     GrantedAuthority authority = new SimpleGrantedAuthority(user.getRole()); 
     UserDetails userDetails = new User(user.getUsername(), 
       user.getPassword(), Arrays.asList(authority)); 
     return userDetails; 
    } 
}

这是项目https://github.com/StefanoPisano/expenses

来源

2017-07-18 untruste

+0

在包含用户名和密码的/ POST登录请求上发生302响应吗?什么是重定向位置? –

+0

@ punkrocker27ka我上传了GT hub上的整个项目:https://github.com/StefanoPisano/expenses – untruste

回答

1

安全配置工作,但什么我不能看到的是什么记录是否保存在Users表中。

+--------+---------+--------------------------------------------------------------+------+----------+ 
| idUser | enabled | password              | role | username | 
+--------+---------+--------------------------------------------------------------+------+----------+ 
|  1 |  1 | password              | USER | user  | 
|  2 |  1 | $2a$10$eriuZaZsEWKB3wcpPMyexe4Ywe1AX9u148nrLmTTEIq6ORdLNiyp6 | USER | user2 | 
+--------+---------+--------------------------------------------------------------+------+----------+

既然你已经启用密码编码:

@Autowired 
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); 
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); 
}

必须存储在用户表编码的密码(不是明文密码)

上面的示例数据显示了使用相同密码的useruser2(一个纯文本,th e其他编码)。如果user试图登录,您将得到BadCredentialsException,因为BCryptPasswordEncoder正期待编码密码

来源

2017-07-19 14:32:51

+0

嗨,我解决了一个问题。基本上,数据库正在截断编码密码。现在问题是,当我点击'登录'时,它将我重定向到http:// localhost:8080/css/styles.css(??)我将一个System.Out放在/ getHomePage上,并且它不打印任何东西 – untruste

+1

解决!第一个问题是我告诉过你关于数据库截断的问题,第二个问题(我认为)是Spring没有正确地将我重定向到正确的页面。我解决了使用.defaultSuccessUrl(“/ home”,true) – untruste

相关问题

 相关问题