这是我的安全配置:
@Configuration
@EnableWebSecurity
@ComponentScan("lt.nortal.lab.web.security")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider authenticationProvider;
@Override
public void configure(final WebSecurity web) throws Exception {
// Allow static resources to be served
web.ignoring().antMatchers("/css**", "/js**", "/html**", "/bootstrap");
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.csrf()
.and()
.authorizeRequests()
.antMatchers("/admin**").hasAuthority("admin") // allow public pages
.antMatchers("/login**").permitAll()
.anyRequest().authenticated() // other pages - authenticated only
.and()
.formLogin() // generate login form
.loginPage("/login")
.permitAll() // permit all to access login form (logical)
.and()
.logout().logoutSuccessUrl("/").permitAll(); // Permit all to access logout url
// (logical)
}
@Override
protected void registerAuthentication(final AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider);
}
}
这是我的身份验证提供商:
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private LoginService loginService;
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
String email = authentication.getName();
String pass = (String) authentication.getCredentials();
User user = loginService.login(email);
if (user == null) {
throw new BadCredentialsException("Invalid email.");
}
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("user"));
if (user.getRole() == Role.ADMIN) {
authorities.add(new SimpleGrantedAuthority("admin"));
}
return new CustomAuthenticationToken(new AuthenticatedUser(user.getId(), user.getEmail()),
authorities);
}
@Override
public boolean supports(final Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}
登录控制器:
@Controller
public class LoginLogoutController {
private static final Logger log = LoggerFactory.getLogger(LoginLogoutController.class);
@Autowired
private CurrentUser currentUser;
@Autowired
private LoginService loginService;
/**
* Represents user login form.
*
*/
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(final ModelMap model) {
// add login form attribute
model.put("loginForm", new LoginForm());
return "login";
}
/**
* Processes login form.
*
*/
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String processLogin(
final ModelMap model,
final @Valid @ModelAttribute("loginForm") LoginForm loginForm,
final BindingResult bindingResult) {
User user = null;
// lets check for errors
if (!bindingResult.hasErrors()) {
// no errors, lets try to login user.
user = loginService.login(loginForm.getEmail());
if (user == null) {
// something has failed, reject it with a global errror.
bindingResult.reject("login-generic-fail");
}
}
// at this point, we should have a user. If no user - return same login form.
if (user == null) {
return "login";
}
return "redirect:/";
}
}
当我启动服务器并转到任何页面时,我得到一个空白页面,空的html文件。我似乎无法弄清楚这里有什么不对。如果您还有其他需要请告诉我