当尝试在Spring Security配置中使用Vaadin Flow登录表单时,我一直在获取-Whitelabel错误页面,找不到404。
我遵循了一些有关如何实现Spring Security以及如何配置使用MySQL数据库进行身份验证的说明-与Bakery示例的配置方式保持一致。
https://vaadin.com/tutorials/securing-your-app-with-spring-security https://www.youtube.com/watch?v=egXtoL5Kg08&t=2288s
这是我的Spring Security配置
package com.admEx.app.security;
import com.admex.demo.DAOs.UserDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* Configures spring security, doing the following:
* <li>Bypass security checks for static resources,</li>
* <li>Restrict access to the application, allowing only logged in users,</li>
* <li>Set up the login form,</li>
*/
@EnableWebSecurity
@EnableJpaRepositories(basePackageClasses = UserDAO.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final String LOGIN_PROCESSING_URL = "/login";
private static final String LOGIN_FAILURE_URL = "/login?error";
private static final String LOGIN_URL = "/login";
private static final String LOGOUT_SUCCESS_URL = "/login";// + BakeryConst.PAGE_STOREFRONT;
private static final String DEFAULT_LANDING_PAGE = "/home";
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService)
.passwordEncoder(getPasswordEncoder());
}
private PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* Require login to access internal pages and configure login form.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable() //
// Register our CustomRequestCache that saves unauthorized access attempts, so
// the user is redirected after login.
.requestCache().requestCache(new CustomRequestCache()) //
// Restrict access to our application.
.and().authorizeRequests()
// Allow all flow internal requests.
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll() //
// Allow all requests by logged in users.
.anyRequest().authenticated() //
// Configure the login page.
.and().formLogin().loginPage(LOGIN_URL).permitAll() //
.defaultSuccessUrl(DEFAULT_LANDING_PAGE, true)
.loginProcessingUrl(LOGIN_PROCESSING_URL) //
.failureUrl(LOGIN_FAILURE_URL)
// Configure logout
.and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
}
/**
* Allows access to static resources, bypassing Spring security.
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(
// Vaadin Flow static resources //
"/VAADIN/**",
// the standard favicon URI
"/favicon.ico",
// the robots exclusion standard
"/robots.txt",
// web application manifest //
"/manifest.webmanifest",
"/sw.js",
"/offline-page.html",
// (development mode) static resources //
"/frontend/**",
// (development mode) webjars //
"/webjars/**",
// (production mode) static resources //
"/frontend-es5/**", "/frontend-es6/**");
}
}
在这里,loginView仅由Java完成
@Tag("sa-login-view")
@SpringUI(path = "/login")
@Route(value = LoginView.ROUTE)
@PageTitle("Login")
public class LoginView extends VerticalLayout {
public static final String ROUTE = "login";
private LoginForm login = new LoginForm(); //
public LoginView(){
login.setAction("login"); //
getElement().appendChild(login.getElement()); //
}
}