我真的在与Spring Security挣扎。我一整天都在努力(现在就像10个小时),想要一个简单的例子。
我遇到的问题是登录表单没有做任何事情。我将其发布到各种网址以尝试触发错误,但它只是在网址上获得了404.
有人可以告诉我应该发布的表单,以便Spring安全工作吗?
登录表单是:
<%@ include file="../../../../common/partials/commonIncludes.jsp" %>
<c:url value="/j_spring_security_check" var="url"/>
<!-- BEGIN LOGIN FORM -->
<form:form commandName="systemUser" class="login-form" action="${url}" method="post">
<tags:csrf />
<h3 class="form-title">Login to your account</h3>
<div class="alert alert-error display-hide">
<button class="close" data-close="alert"></button>
<span>
Enter any username and password.
</span>
</div>
<div class="form-group">
<!--ie8, ie9 does not support html5 placeholder, so we just show field title for that-->
<label class="control-label visible-ie8 visible-ie9">Username</label>
<div class="input-icon">
<i class="fa fa-user"></i>
<input class="form-control placeholder-no-fix" type="text" autocomplete="off" placeholder="Username" name="username"/>
</div>
</div>
<div class="form-group">
<label class="control-label visible-ie8 visible-ie9">Password</label>
<div class="input-icon">
<i class="fa fa-lock"></i>
<input class="form-control placeholder-no-fix" type="password" autocomplete="off" placeholder="Password" name="password"/>
</div>
</div>
<div class="form-actions">
<label class="checkbox">
<input type="checkbox" name="remember" value="1"/> Remember me </label>
<button type="submit" class="btn btn-info pull-right">
Login </button>
</div>
<div class="forget-password">
<h4>Forgot your password ?</h4>
<p>
no worries, click <a href="javascript:;" id="forget-password">here</a>
to reset your password.
</p>
</div>
</form:form>
<!-- END LOGIN FORM -->
我的SecurityConfig类看起来像这样:
package com.ideafactory.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import javax.sql.DataSource;
/**
* Creates the security configuration.
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Bean
public PasswordEncoder passwordEncoder() {
return new StandardPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user") // #1
.password("password")
.roles("USER")
.and()
.withUser("admin") // #2
.password("password")
.roles("ADMIN","USER");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**")
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/login", "/admin/login/new**", "/admin/register", "/admin/logout", "/assets/**", "/admin/session/timeout").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/admin/login")
.defaultSuccessUrl("/admin/customers")
.usernameParameter("username")
.passwordParameter("password")
.failureUrl("/admin/login?error")
.and()
.logout()
.logoutUrl("/admin/logout")
.logoutSuccessUrl("/")
.permitAll();
//.requiresChannel()
//.antMatchers("/admin/login/new", "/admin/login").requiresSecure()
//.antMatchers("/admin/logout").requiresInsecure()
//.and()
}
}