AngularJS - Spring安全配置问题
我正在尝试使用Spring Boot为AngularJS Web应用程序配置spring安全性。
我创建了一个自定义登录页面,配置如下。似乎在映射中存在一些问题但不确定在哪里。
角度路线
var mdmApp = angular.module("mdmApp");
mdmApp.config(function($routeProvider, $httpProvider) {
console.log("Calling Login route...");
$routeProvider
.when("/login", {
templateUrl : "4_security/login.html",
controller : "loginController"
})
.otherwise("/login");
// For Spring security
$httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
})
Spring Security配置
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// Login
.formLogin()
// Login url
.loginPage("/login")
// Failure url
.failureUrl("/login?error")
.and()
.authorizeRequests()
// Permit these resources
.antMatchers("/login", "/4_security/login.html", "/bower_components/**", "/1_reportingEntities/*.js", "/2_dataCollections/*.js",
"/3_calendar/*.js", "/error", "/")
.permitAll()
// Other requests
.anyRequest().authenticated()
.and()
// CSRF protection
.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
的login.html
<div ng-app="mdmApp">
<form name="loginForm" role="form" novalidate="novalidate">
<br>
<p class="heading">Login</p>
<br>
<div class="alert alert-danger" ng-show="error">Invalid Credentials. Please try again.</div>
<div class="form-group">
<label class="control-label col-md-2 required">Username</label>
<div class="col-md-3">
<input type="text" name="username" ng-model="credentials.username" class="form-control" required="required">
</div>
<div class="error" ng-messages="loginForm.username.$error" ng-if="loginForm.username.$touched">
<div ng-message="required">Required field</div>
</div>
</div>
<div class="form-group">
<label class="control-label col-md-2 required">Password</label>
<div class="col-md-3">
<input type="password" name="password" ng-model="credentials.password" class="form-control" required="required">
</div>
<div class="error" ng-messages="loginForm.password.$error" ng-if="loginForm.password.$touched">
<div ng-message="required">Required field</div>
</div>
</div>
<br>
<div class="row">
<button type="button" class="btn btn-primary" ng-click="login()">Login</button>
<button type="reset" class="btn btn-primary">Reset</button>
</div>
</form>
</div>
更新
错误截屏
错误日志
2016-02-02 11:54:24.631 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/**', GET]
2016-02-02 11:54:24.717 DEBUG 11236 --- [ (self-tuning)'] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-02-02 11:54:24.720 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/index.html' matched by universal pattern '/**'
2016-02-02 11:54:24.720 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2016-02-02 11:54:24.720 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2016-02-02 11:54:24.720 DEBUG 11236 --- [ (self-tuning)'] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2016-02-02 11:54:24.726 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/index.html'; against '/**/favicon.ico'
2016-02-02 11:54:24.727 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2016-02-02 11:54:24.727 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotia
tionStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb33b51, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2016-02-02 11:54:24.732 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[text/html]
2016-02-02 11:54:24.732 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing text/html
2016-02-02 11:54:24.732 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith text/html = false
2016-02-02 11:54:24.735 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.m.MediaTypeRequestMatcher : Did not match any media types
2016-02-02 11:54:24.735 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2016-02-02 11:54:24.735 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHe
aderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
2016-02-02 11:54:24.742 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2016-02-02 11:54:24.742 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.util.matcher.AndRequestMatcher : All requestMatchers returned true
<Feb 2, 2016 11:54:24 AM GMT> <Warning> <HTTP> <BEA-101394> <The exception "The request content-type is not a multipart/form-data" occurred when processing getParameter or getParameterValues from a mu
ltipart value of a ServletRequest.>
2016-02-02 11:54:24.749 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.s.HttpSessionRequestCache : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:7001/mdm2/index.html]
2016-02-02 11:54:24.749 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2016-02-02 11:54:24.749 DEBUG 11236 --- [ (self-tuning)'] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:7001/mdm2/login'
2016-02-02 11:54:24.749 DEBUG 11236 --- [ (self-tuning)'] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-02-02 11:54:24.752 DEBUG 11236 --- [ (self-tuning)'] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2016-02-02 11:54:24.755 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/css/**'
2016-02-02 11:54:24.755 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/js/**'
2016-02-02 11:54:24.755 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/images/**'
2016-02-02 11:54:24.755 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/**/favicon.ico'
2016-02-02 11:54:24.756 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/error'
2016-02-02 11:54:24.756 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFi
lter'
2016-02-02 11:54:24.757 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFi
lter'
2016-02-02 11:54:24.757 DEBUG 11236 --- [ (self-tuning)'] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2016-02-02 11:54:24.757 DEBUG 11236 --- [ (self-tuning)'] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: weblogic.servlet.internal.session.MemorySess
ionData@5cf05b51. A new one will be created.
2016-02-02 11:54:24.760 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-02-02 11:54:24.760 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.we
b.header.writers.HstsHeaderWriter$SecureRequestMatcher@6b6feeb2
2016-02-02 11:54:24.766 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-02-02 11:54:24.766 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 5 of 13 in additional filter chain; firing Filter: ''
2016-02-02 11:54:24.767 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 6 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-02-02 11:54:24.767 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout
2016-02-02 11:54:24.769 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 7 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticati
onFilter'
2016-02-02 11:54:24.769 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /login
2016-02-02 11:54:24.769 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-02-02 11:54:24.772 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.s.DefaultSavedRequest : pathInfo: both null (property equals)
2016-02-02 11:54:24.772 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.s.DefaultSavedRequest : queryString: both null (property equals)
2016-02-02 11:54:24.772 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.s.DefaultSavedRequest : requestURI: arg1=/mdm2/index.html; arg2=/mdm2/login (property not equals)
2016-02-02 11:54:24.772 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2016-02-02 11:54:24.775 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRe
questFilter'
2016-02-02 11:54:24.775 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilt
er'
2016-02-02 11:54:24.781 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.
AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4:
RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: QVyh1Wr7Z0W4Tday2EP8br59ZWpjEKd_6eVwI7-iht4ge-hDwWh1!1907728445!1454414064379; Granted Authorities: ROLE_ANONYMOUS'
2016-02-02 11:54:24.782 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-02-02 11:54:24.787 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-02-02 11:54:24.787 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-02-02 11:54:24.788 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
2016-02-02 11:54:24.788 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /login; Attributes: [permitAll]
2016-02-02 11:54:24.788 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@
9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0
:0:1; SessionId: QVyh1Wr7Z0W4Tday2EP8br59ZWpjEKd_6eVwI7-iht4ge-hDwWh1!1907728445!1454414064379; Granted Authorities: ROLE_ANONYMOUS
2016-02-02 11:54:24.790 DEBUG 11236 --- [ (self-tuning)'] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3fe0a47d, returned: 1
2016-02-02 11:54:24.790 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2016-02-02 11:54:24.790 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2016-02-02 11:54:24.791 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /login reached end of additional filter chain; proceeding with original chain
<Feb 2, 2016 11:54:24 AM GMT> <Warning> <HTTP> <BEA-101394> <The exception "The request content-type is not a multipart/form-data" occurred when processing getParameter or getParameterValues from a mu
ltipart value of a ServletRequest.>
2016-02-02 11:54:24.797 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/css/**'
2016-02-02 11:54:24.797 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/js/**'
2016-02-02 11:54:24.799 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/images/**'
2016-02-02 11:54:24.799 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/**/favicon.ico'
2016-02-02 11:54:24.799 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/error'
2016-02-02 11:54:24.799 DEBUG 11236 --- [ (self-tuning)'] o.s.security.web.FilterChainProxy : /error has an empty filter list
2016-02-02 11:54:24.803 DEBUG 11236 --- [ (self-tuning)'] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-02-02 11:54:24.805 DEBUG 11236 --- [ (self-tuning)'] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-02-02 11:54:24.805 DEBUG 11236 --- [ (self-tuning)'] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2016-02-02 11:54:24.805 DEBUG 11236 --- [ (self-tuning)'] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
0 个答案:
没有答案
相关问题
- Spring 3.0 / Hibernate配置文件的参考问题
- Spring社交Spring安全性与tomcat7上的java配置问题
- 将Spring安全性Java Config添加到Spring配置中
- 从Spring Security XML配置转换为Java Config的问题 - 找不到j_spring_security_check
- AngularJS - Spring安全配置问题
- 使用Java配置进行LDAP身份验证
- 将XML安全配置转换为Java配置
- Spring Security XML配置
- Spring安全性:使用xml config中的Java配置进行身份验证管理器和全局安全性配置
- Spring Boot Security + Sping Boot REST Repository配置问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?