1. 首页
  2. 问答
  3. 如何实现春季安全配置,从角部位

如何实现春季安全配置,从角部位

2015-11-01 58 views
0

我尝试使用角度$http春季WebSecurityConfigurerAdapter这里做出授权从网站呼叫授权是我的代码:如何实现春季安全配置,从角部位

Java的一部分:

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    private static final Logger LOGGER = Logger.getLogger(SecurityConfig.class); 

    @Autowired 
    private UserDetailsService customUserDetailsService; 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     // auth.inMemoryAuthentication().withUser("user").password("12345").roles("USER"); 
     auth.userDetailsService(customUserDetailsService); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 

     CsrfTokenResponseHeaderBindingFilter bindingFilter = new CsrfTokenResponseHeaderBindingFilter(); 
     http.addFilterAfter(bindingFilter, CsrfFilter.class); 

     http.authorizeRequests().antMatchers("/", "/home").permitAll() 
       .anyRequest().authenticated().and().formLogin().defaultSuccessUrl("/") 
       .loginProcessingUrl("/authenticate").usernameParameter("username").passwordParameter("password") 
       .successHandler(new AjaxAuthenticationSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler())) 
       .loginPage("/login/existinguser").and().httpBasic().and().logout().logoutUrl("/logout") 
       .logoutSuccessUrl("/login/existinguser").permitAll(); 

     if ("true".equals(System.getProperty("httpsOnly"))) { 
      LOGGER.info("launching the application in HTTPS-only mode"); 
      http.requiresChannel().anyRequest().requiresSecure(); 
     } 
    } 
}

JS部分:

$scope.login = function (username, password) { 
     var postData = 'username='+username+'&password='+password; 

     $http({ 
      method: 'POST', 
      url: '/authenticate', 
      data: postData, 
      headers: { 
       "Content-Type": "application/x-www-form-urlencoded", 
       "X-Login-Ajax-call": 'true' 
      } 
     }) 
     .then(function(response) { 
      if (response.data == 'ok') { 
       debugger; 
       window.location.replace('/'); 

      } 
      else { 
       debugger; 
      } 
     }); 
    };

问题是,我收到错误:

POST http://localhost:8080/authenticate 404 (Not Found)

有人可以说我需要做什么,使其工作?

来源

2015-11-01 Edgar

+0

我做了tomcat配置,不需要名称。是的,我有这个控制器,只是不确定是因为映射。感觉像'/ authenticate'没有映射。 – Edgar

+0

是的,我有控制器 – Edgar

回答

0

嗨,你必须配置验证REST服务here你有春天开机认证休息验证完整的教程 - 例如用了jQuery,但它不应该是一个问题,你的js部分改变角度

来源

2015-11-01 22:21:49 burovmarley

0

我认为问题是与csrf令牌。如果你确定使用你的控制器,post方法,那么你应该添加csrf标记到ajax调用的头部,如:

var token = $("input[name='_csrf']").val(); 
var header = "X-CSRF-TOKEN"; 
$(document).ajaxSend(function(e, xhr, options) { 
    xhr.setRequestHeader(header, token); 
});

或者您可以在您的SecurityConfig类中禁用csrf令牌。

来源

2015-11-02 07:55:48

0

你可以登录表单像login.ftl文件:

<#-- @ftlvariable name="_csrf" type="org.springframework.security.web.csrf.CsrfToken" --> 
    <#-- @ftlvariable name="error" type="java.util.Optional<String>" --> 

    <form role="form" action="/login" method="post"> 
     <#--<label for="email">Email</label>--> 
     <input type="text" name="email" id="email" placeholder="EMAIL" required autofocus/> 
     <#--<label for="password">Password</label>--> 
     <input type="password" name="password" id="password" placeholder="PASSWORD" required/> 
     <button type="submit"> LOGIN </button> 
    </form> 

    <#if error.isPresent()> 
     <p>The email or password you have entered is invalid, try again.</p> 
    </#if>
在爪哇(安全) 

@Override 
protected void configure(HttpSecurity httpSecurity) throws Exception { 
    httpSecurity 
      .authorizeRequests() 
      .antMatchers("/css/*").permitAll() 
      .antMatchers("/images/*").anonymous() 
      .antMatchers("/fonts/*").permitAll() 
      .antMatchers("/bower_components/**").permitAll() 
      .antMatchers("/scripts/**").permitAll() 
      .antMatchers("/template/**").permitAll() 
      .antMatchers("/views/**").permitAll() 
      .anyRequest().authenticated() 
      .and() 
      .formLogin() 
      .loginPage("/login") 
      .failureUrl("/login?error") 
      .usernameParameter("email") 
      .permitAll() 
      .and() 
      .logout() 
      .logoutUrl("/logout") 
      .deleteCookies("remember-me") 
      .logoutSuccessUrl("/login") 
      .permitAll(); 
}

和控制器:

@RequestMapping(value = "/login", method = RequestMethod.GET) 
public ModelAndView getLoginPage(@RequestParam Optional<String> error) { 
    return new ModelAndView("login", "error", error); 
}

这是为我工作。我想,我帮你。

来源

2015-11-08 13:17:04

相关问题

 相关问题