我正在尝试使用SPRING 4.1.4 RELEASE进行“基本”安全配置。
我需要: - 自定义登录; - 使用数据库进行身份验证(Hibernate as ORM);
我只是尝试成功登录然后显示主页。 出现登录页面,但是当我验证自己时,我收到错误404.
我发布了整个配置:
login.jsp:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form action="/login" method="post">
<table>
<tr>
<td>Name:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td><input type="submit" value="ENTER"/></td>
</tr>
</table>
</form>
</body>
SecurityConfig :
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and().formLogin().loginPage("/login").permitAll().loginProcessingUrl("/login")
.defaultSuccessUrl("/home",true).failureUrl("/access_denied")
.usernameParameter("username").passwordParameter("password")
.and().httpBasic().and().csrf().disable().exceptionHandling()
.accessDeniedPage("/access_denied");
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public Md5PasswordEncoder passwordEncoder() {
return new Md5PasswordEncoder();
}
}
安全性初始化程序
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer{
}
UserDetailsServiceImpl
@Service("customUserDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService{
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
GenericDAO daoU = (GenericDAO) VisibleApplicationContext.getBean("daoUser");
com.aconti.stemunitcore.model.User u=
(com.aconti.stemunitcore.model.User) daoU.readByPropertyLike("username", username).get(0);
String password=u.getPassword();
Collection<GrantedAuthority> authorities=new ArrayList<>();
for(Role role: u.getRoles()){
authorities.add(new SimpleGrantedAuthority(role.getDescription()));
}
org.springframework.security.core.userdetails.User springUser =
new org.springframework.security.core.userdetails.User(username, password, authorities);
return springUser;
}
}
的AppConfig
@EnableWebMvc
@Configuration
@ComponentScan({ "com.aconti.stemunit4.*" })
@Import({ SecurityConfig.class })
public class AppConfig {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver
= new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/pages/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
SpringMVCInitializer
public class SpringMvcInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
答案 0 :(得分:0)
WTF,完全......我浪费了4个小时,包括在stackoverflow上发布15分钟,然后我想出了解决这个问题的方法。
我修改了表单操作 - &gt; action =“/ login”to - &gt;行动= “/ MyContextPath /登录”。
现在,调试,调用loadbyusername。有人可以解释原因吗?