我已经进行了身份验证过程(同时使用:inMemoryAuthentication和jdbcAuthentication)。它适用于所有用户,我手动将其插入数据库。 在下一步中,我尝试进行一个简单的注册过程,但是控制器的PostMapping方法不允许我获取用户登录名和密码。 仅当未以其他帐户身份登录时,才会出现此问题。 当我将/ createUser方法用作登录用户时,它工作正常
那是我的控制器
@Controller
public class MainController {
@RequestMapping("/register")
public String createNewUser() {
System.out.println("register method");
return "register";
}
@PostMapping("/createUser")
public String afterUserCreation(HttpServletRequest request) {
System.out.println("start method");
String username = request.getParameter("username");
String password = request.getParameter("password");
String confirmedPassword = request.getParameter("confirm_password");
System.out.println("user: "+username + " pass: "+password+ " confirm: "+confirmedPassword);
return "login";
}
}
It's my Spring Security configuration
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("User").password("USER").roles("USER")
.and().withUser("Admin").password("ADMIN").roles("ADMIN");
auth.jdbcAuthentication().dataSource(dataSource)
.passwordEncoder(new BCryptPasswordEncoder())
.usersByUsernameQuery("select username, password, TRUE as enabled from auth_user_data where username=?")
.authoritiesByUsernameQuery("select username, role from auth_user_data where username=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login","/register").permitAll()
.antMatchers("/addNew").hasRole("ADMIN")
.antMatchers("/*").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").failureUrl("/login")
.and().exceptionHandling().accessDeniedPage("/accessDenied")
;
}
}
My HTML page:
<h1>Registr user:</h1>
<form th:action="@{/createUser}" method="post">
<label for="username">Username</label>: <input type="text"
id="username" name="username" autofocus="autofocus" /> <br />
<label for="password">Password</label>: <input type="password"
id="password" name="password" /> <br />
<label for="confirm_password">Confirm password</label>: <input type="password"
id="confirm_password" name="confirm_password"/> <br />
<input type="submit" value="Create account" />
</form>
我希望通过我的方法获取用户名和密码
答案 0 :(得分:1)
更改
.antMatchers("/login","/register").permitAll()
到
.antMatchers("/login","/register","/createUser").permitAll()
permitAll 告诉Spring Security,访问该URL不需要身份验证。在您的情况下,该URL为 / createUser 。