以前这个项目没有嵌入式Tomcat,打包运行Tomcat,Spring安全登录就好了。 我不知道现在在哪里调试,没有异常提升...我怀疑是登录spring安全过滤器命令弄乱了登录过程,也许CSRF令牌传入但没有先检查结果403 ...
坚持这几天仍然没有运气......感谢任何建议!感谢
这是我的POM:
<packaging>jar</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.1.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-envers</artifactId>
<type>jar</type>
</dependency>
<dependency>
<!-- 2nd level cache -->
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
</dependency>
<!-- Additional add-on -->
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<type>jar</type>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<type>jar</type>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.apache.tika</groupId>
<artifactId>tika-core</artifactId>
<version>1.13</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-messaging</artifactId>
<type>jar</type>
</dependency>
<!-- https://mvnrepository.com/artifact/org.lucee/commons-fileupload -->
<dependency>
<groupId>org.lucee</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.2</version>
</dependency>
<!-- Enable JSP in Tomcat -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<!--scope>provided</scope-->
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<!--scope>provided</scope-->
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<!-- Enable Spring security taglib -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
<!-- Enable String AOP -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/com.mchange/c3p0 -->
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.5.2</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<type>jar</type>
</dependency>
<!-- Below for quartz scheduler support -->
<dependency>
<groupId>org.quartz-scheduler</groupId>
<artifactId>quartz</artifactId>
<version>2.2.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>com.dexcoder</groupId>
<artifactId>dexcoder-dal-spring</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.4</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<type>jar</type>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-dbcp/commons-dbcp -->
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
</dependency>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-endorsed-api</artifactId>
<version>6.0</version>
<type>jar</type>
</dependency>
安全配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter implements AuthenticationProvider {
@Autowired
public void configureAuth(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin/login").permitAll().antMatchers("/admin/**").hasAnyAuthority(
UserDetail.ROLETITLE_ADMIN, UserDetail.ROLETITLE_SUPERADMIN).antMatchers("/superadmin/**").hasAnyAuthority(
UserDetail.ROLETITLE_SUPERADMIN).antMatchers("/mobile/**").authenticated().antMatchers(
"/history/**").authenticated().anyRequest().permitAll()
.and().formLogin().loginPage("/login").failureUrl("/login?error").usernameParameter("username").passwordParameter(
"password").and().logout().logoutUrl("/logout").logoutSuccessUrl("/index.html")
.and().sessionManagement().sessionFixation().none();
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// this no execute when login using POST method after embedded Tomcat
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
@Override
public void configure(WebSecurity web) throws Exception {
//For versioning of static resources
web.ignoring().antMatchers("/include/**");
super.configure(web);
}
}