Spring Security中的后期制图

时间:2019-02-12 19:30:03

标签: java spring-boot spring-security

我已经进行了身份验证过程(同时使用:inMemoryAuthentication和jdbcAuthentication)。它适用于所有用户,我手动将其插入数据库。 在下一步中,我尝试进行一个简单的注册过程,但是控制器的PostMapping方法不允许我获取用户登录名和密码。 仅当未以其他帐户身份登录时,才会出现此问题。 当我将/ createUser方法用作登录用户时,它工作正常

那是我的控制器

@Controller
public class MainController {
@RequestMapping("/register")
    public String createNewUser() {
        System.out.println("register method");
        return "register";
    }

    @PostMapping("/createUser")
    public String afterUserCreation(HttpServletRequest request) {
        System.out.println("start method");
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        String confirmedPassword = request.getParameter("confirm_password");
        System.out.println("user: "+username + " pass: "+password+ " confirm: "+confirmedPassword);
        return "login";
    }
}


It's my Spring Security configuration

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Autowired
    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("User").password("USER").roles("USER")
        .and().withUser("Admin").password("ADMIN").roles("ADMIN");

        auth.jdbcAuthentication().dataSource(dataSource)
        .passwordEncoder(new BCryptPasswordEncoder())
        .usersByUsernameQuery("select username, password, TRUE as enabled from auth_user_data where username=?")
        .authoritiesByUsernameQuery("select username, role from auth_user_data where username=?");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/login","/register").permitAll()
        .antMatchers("/addNew").hasRole("ADMIN")
        .antMatchers("/*").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
        .anyRequest().authenticated() 
        .and().formLogin().loginPage("/login").failureUrl("/login")
        .and().exceptionHandling().accessDeniedPage("/accessDenied")
        ;
    }
}

My HTML page:

<h1>Registr user:</h1>
        <form th:action="@{/createUser}" method="post">
            <label for="username">Username</label>: <input type="text"
                id="username" name="username" autofocus="autofocus" /> <br />
            <label for="password">Password</label>: <input type="password"
                id="password" name="password" /> <br />
            <label for="confirm_password">Confirm password</label>: <input type="password"
                id="confirm_password" name="confirm_password"/> <br />
            <input type="submit" value="Create account" />
        </form>

我希望通过我的方法获取用户名和密码

1 个答案:

答案 0 :(得分:1)

更改

    .antMatchers("/login","/register").permitAll()

   .antMatchers("/login","/register","/createUser").permitAll()

permitAll 告诉Spring Security,访问该URL不需要身份验证。在您的情况下,该URL为 / createUser