我的项目使用的是Spring Boot 1.5.6,目标是有两个单独的登录表单,一个用于标准用户,另一个用于管理员。
我的问题是Spring忽略了/act_xxxxx/campaigns?fields=name,id的配置参数,用于管理员和用户区域。
看起来好像从来没有为POST请求注册过处理程序?
以下配置是本教程的改编版本: http://www.baeldung.com/spring-security-two-login-pages
WebSecurityConfig
loginProcessingUrl以下是 loginAdmin.html:
的相关部分@Configuration @EnableWebSecurity public class WebSecurityConfig { @Autowired private UserDetailsService userDetailsService; @Configuration @Order(1) public static class AdminSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { @Autowired DaoAuthenticationProvider daoAuthenticationProvider; public AdminSecurityConfigurationAdapter() { super(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(daoAuthenticationProvider); } @Override protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/admin/*") .authorizeRequests() .anyRequest() .hasRole("ADMIN") .and() .formLogin() .loginPage("/loginAdmin") .loginProcessingUrl("/doAdminLogin") .failureUrl("/loginAdmin?error=loginError") .defaultSuccessUrl("/admin/dashboard") //TODO implement logout pages .and() .logout() .logoutUrl("/admin_logout") .logoutSuccessUrl("/protectedLinks") .deleteCookies("JSESSIONID") .and() .exceptionHandling() .accessDeniedPage("/403") .and() .csrf().disable(); } } @Configuration @Order(2) public static class UserSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { @Autowired DaoAuthenticationProvider daoAuthenticationProvider; public UserSecurityConfigurationAdapter() { super(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(daoAuthenticationProvider); } protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/user/*") .authorizeRequests() .anyRequest() .hasRole("USER") .and() .formLogin() .loginPage("/loginUser") .loginProcessingUrl("/doUserLogin") .failureUrl("/loginUser?error=loginError") .defaultSuccessUrl("/user/start") //TODO configure logout .and() .logout() .logoutUrl("/user_logout") .logoutSuccessUrl("/protectedLinks") .deleteCookies("JSESSIONID") .and() .exceptionHandling() .accessDeniedPage("/403") .and() .csrf().disable(); } } @Bean public DaoAuthenticationProvider authenticationProvider() { DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); authProvider.setUserDetailsService(userDetailsService); authProvider.setPasswordEncoder(encoder()); return authProvider; } @Bean public PasswordEncoder encoder() { return new BCryptPasswordEncoder(11); }
(loginUser.html的版本基本相同,所以我在这里省略它。)
单击Submit按钮后,Spring返回只返回404消息。这是POST请求的调试日志:
要求记录
<form name="f" action="doAdminLogin" method="POST">
<input type="text" name="username" placeholder="Username" required="">
<input type="password" name="password" placeholder="Passwort" required="">
<button class="btn1">Submit</button>
</form>
以下是有关RequestMappingHandlers的启动日志部分:
启动日志
o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade@3da35d95
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/doAdminLogin'; against '/admin/*'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/doAdminLogin'; against '/user/*'
o.s.security.web.FilterChainProxy : /doAdminLogin has no matching filters
o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing POST request for [/doAdminLogin]
s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /doAdminLogin
s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/doAdminLogin]
o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/doAdminLogin] are [/**]
o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/doAdminLogin] are {}
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/doAdminLogin] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@1bdb3e41]]] and 1 interceptor
o.s.web.cors.DefaultCorsProcessor : Skip CORS processing: request is from same origin
o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
o.s.web.servlet.DispatcherServlet : Successfully completed request
在我看来,loginProcessingUrl配置参数会丢失吗?
任何帮助将不胜感激!
答案 0 :(得分:2)
根据baeldung教程,它是
antMatchers定义:
用户:http.antMatcher("/user*")和loginUrl loginProcessingUrl("/user_login")
在这种情况下,antMatcher与loginProcessingUrl定义匹配
新实施具有以下定义:
.antMatcher("/user/*")和loginUrl loginProcessingUrl("/doUserLogin")
在这种情况下,antMatcher与loginProcessingUrl定义
不匹配可能的解决方案(在此选项中,登录表单必须相应地将post方法更改为与anMatcher定义匹配的新loginProcessUrl)
更改loginProcessUrl以匹配anMatcher("/users/*) .loginProcessingUrl("/user/login")
最后与“管理员”部分相同。
希望此信息可以帮助您。