我想创建简单的MVC登录/注销表单。
身份验证不起作用。它授予对我传递给表单的所有登录密码对的访问权限,但我在 authentication-manager 中只有1个用户。你能帮我配置一下吗?你能为Spring MVC Security认证提供很好的样本吗?
您可以在下面看到代码。
休息控制器:
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
@RequestMapping(value = LOGIN_PAGE_URL, method = RequestMethod.POST)
@ResponseStatus(HttpStatus.OK)
public String login(UserDto userDto, Principal principal) {
return "login";
}
@Secured("IS_AUTHENTICATED_FULLY")
@RequestMapping(value = LOGOUT_PAGE_URL, method = RequestMethod.POST)
@ResponseStatus(HttpStatus.OK)
public String logout(UserDto userDto) {
return "Success!";
}
安全配置xml:
<security:global-method-security
secured-annotations="enabled"
jsr250-annotations="enabled"
pre-post-annotations="enabled" />
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<security:form-login
login-page="/login"
username-parameter="email"
password-parameter="password"
default-target-url="/"
authentication-failure-url="/login?error" />
<security:logout
invalidate-session="true"
logout-success-url="/"
logout-url="/logout"
delete-cookies="JSESSIONID" />
<security:csrf/>
</security:http>
JSP with form:
<spring:bind path = "userDto">
<form class="form-signin" role="form" action="/login" method="post">
<spring:bind path = "userDto.email">
<input
type="email"
class="form-control"
placeholder="Email address"
name="${status.expression}"
value="${status.value}"
required autofocus>
</spring:bind>
<spring:bind path = "userDto.password">
<input
type="password"
class="form-control"
placeholder="Password"
name="${status.expression}"
value="${status.value}"
required>
</spring:bind>
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<button class="btn btn-primary btn-block" type="submit">Sign in</button>
</form>