我似乎在配置spring mvc和spring security时遇到问题,因为它总是在控制器内循环(试图获取静态内容)
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Inject
public UserDetailsService userService;
@Inject
public void configureGlobal(AuthenticationManagerBuilder auth)throws Exception{
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
/*@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers();
}//*/
public void configure(HttpSecurity http) throws Exception{
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/connect/**", "/**/*.{js,css,html}").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and().logout()
.logoutUrl("/logout").permitAll();
}
}
控制器
@Controller
class Main {
@RequestMapping(name = "/login",method=RequestMethod.GET)
public String index(@AuthenticationPrincipal User user): {
if(user != null){return "login";/*always enters here after login no matter the url*/}
else{ return "redirect:/index";}
}
}
问题在于无论url(例如/ pankackes)我试图使用该请求映射(使用调试器检查)
修改1 没有提到它,但我的目录结构已经像这样
src/
main/
resources/
static/
dist/
styles/
jspm_packages/
index.html
templates/
login.html
java/
.../
main.java
...
答案 0 :(得分:0)
将静态文件移动到resources / static下的相应文件夹中 - 这样您的树就像
src
main
resources
static
js
css
...
这些文件将在您的根路径下提供,如:
http://localhost:8080/css/filename.css
spring boot将为您处理静态文件上的permitAll。
关于 / pancakes - 所有路径"/connect/**", "/**/*.{js,css,html}"将被重定向到登录网站。
答案 1 :(得分:0)
您错过了身份验证管理器实现,请以此为例,(将它们添加到spring security xml文件中)
User.foo({id:'123', anotherParam: 'bar'}, <post data object>);
或使用此:
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="user1" password="user1Pass" authorities="ROLE_USER" />
<user name="admin1" password="admin1Pass" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>