成功验证后,我会被重定向到访问被拒绝页面。
WebSecurityContext
@Configuration
@EnableWebSecurity
public class WebSecurityContext extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/login").permitAll()
.antMatchers("/admin/**").hasAnyRole("ROLE_ADMIN", "ROLE_CONTRIBUTOR","ROLE_ROOT")
.and()
.formLogin().loginPage("/admin/login")
.failureUrl("/admin/login/error")
.successHandler(new SuccessfulAuthHandler())
.loginProcessingUrl("/admin/login")
.defaultSuccessUrl("/admin")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/admin/login/logout");
}
@Bean(name = "passwordencoder")
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder(10);
}
SuccessHandler
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException {
final HttpSession currentSession = request.getSession();
final User user = userService.findByUsername(authentication.getName());
final List<Object> jObj = new ArrayList<>();
final List<Institution> institutions = institutionService.findAllByUserID(user.getId());
for(Institution i : institutions){
Map<String, Object> m = new HashMap<>();
m.put("name", i.getName());
m.put("id", i.getId());
jObj.add(m);
}
currentSession.setAttribute("userInInstitution", jObj);
currentSession.setAttribute("currentUser", user);
String servlet = "";
if(user.getRole() == ConstantsCommon.USER_ROLE_ADMIN){
servlet = DashBoardController.URL;
currentSession.setAttribute("dashboardServlet", servlet);
}else{
servlet = DashBoardController.URL;
currentSession.setAttribute("dashboardServlet", servlet);
}
if(jObj.size() > 1){
currentSession.setAttribute("institution",institutions.get(0));
}else{
currentSession.setAttribute("institution",institutions.get(0));
}
RedirectStrategy r = new DefaultRedirectStrategy();
r.sendRedirect(request,response, servlet);
}
登录HTML
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="pr-wrap">
<div class="pass-reset">
<label>
Enter the email you signed up with</label>
<input type="email" placeholder="Email" />
<input type="submit" value="Submit" class="pass-reset-submit btn btn-success btn-sm" />
</div>
</div>
<div class="wrap">
<p class="form-title">Sign In</p>
<form class="login" name="loginForm" method='POST'>
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
<input type="text" name="username" placeholder="Username"/>
<input type="password" name="password" placeholder="Password"/>
<input type="submit" name="submit" value="Sign In" class="btn btn-success btn-sm" />
<div class="remember-forgot">
<div th:if="${error}" class="alert alert-danger notificationMsg" role="alert">
<span th:text="${error}"></span>
</div>
<div th:if="${msg}" class="alert alert-success notificationMsg" role="alert">
<span th:text="${msg}"></span>
</div>
<!--<div class=" forgot-pass-content">-->
<!--<a href="javascript:void(0)" class="forgot-pass">Forgot Password</a>-->
<!--</div>-->
</div>
</form>
</div>
</div>
</div>
我在这里做错了什么??????登录的用户具有角色“ROLE_ADMIN”。我还注意到的一点是,我的成功处理程序甚至没有被触发,这表明mu认证不成功,但这不正确,因为密码和用户名是100%正确。