我试图通过集成spring security来启动Spring启动应用程序,下面是一个例子。 我的问题是如何正确配置我的应用程序, 现在,我成功登录然后当我尝试访问任何网址我总是错误403!我真的不明白这个问题。 这是我的securtyConfig:
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.csrf();;
}
MvcConfig:
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("login");
registry.addViewController("/hello").setViewName("hello");
registry.addViewController("/login").setViewName("login");
registry.addViewController("/403").setViewName("403");
}
我的登录页面:
<form action="/home" method="post" class="form-signin">
<p class="text-muted text-center btn-block btn btn-primary btn-rect">
Enter your username and password
</p>
<input type="text" placeholder="Username" name="username" class="form-control" />
<input type="password" placeholder="Password" name="password" class="form-control" />
<button class="btn text-muted text-center btn-danger" type="submit">Sign in</button>
<c:if test="${param.error ne null}">
<div class="alert-danger">Invalid username and password.</div>
</c:if>
<c:if test="${param.logout ne null}">
<div class="alert-normal">You have been logged out.</div>
</c:if>
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
</form>
现在登录后,当我尝试访问任何网址时,我遇到了错误403! 例如:
<form action="/alo" method = "POST">
<input type="text" name="test"/>
<input type="submit"/>
</form>
控制器:
@RequestMapping(value = "/alo", method = RequestMethod.POST)
public String dashboard() {
System.err.println("PRIN: ");
return "/";
}
控制器永远不会被调用!!
有人有想法吗?