Structure
java
-example
--controller
---LoginController
--security
---SecurityConfig
resources
-templates
--landingpage
---login.html
--about.html
这是控制者
@Controller
public class LoginController {
@GetMapping("/login")
public String login()
{
return "landingpage/login";
}
@RequestMapping("/about")
public String about() {
return "about";
}
}
这是安全配置
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(
"/",
"/js/**",
"/css/**",
"/img/**",
"/webjars/**").permitAll()
.antMatchers("/user/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll();
// .and()
// .logout()
// .invalidateHttpSession(true)
// .clearAuthentication(true)
// .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
// .logoutSuccessUrl("/login?logout")
// .permitAll()
// .and()
// .exceptionHandling()
// .accessDeniedHandler(accessDeniedHandler);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and()
.withUser("manager").password("password").roles("MANAGER");
}
}
这是loginhtml
<!DOCTYPE html>
<html lang="tr" xmlns:th="http://www.thymeleaf.org">
<head>
</head>
<body class="login-page">
<div class="login-container">
<div class="login-branding">
<a href="/dashboard"><img src="../../static/images/logo.png" alt="Clevex" title="Clevex"></a>
</div>
<div class="login-content">
<h2><strong>Welcome</strong>, please login</h2>
<form th:action="@{/login}" method="post">
<div class="form-group">
<input type="text" placeholder="Username" class="form-control">
</div>
<div class="form-group">
<input type="password" placeholder="Password" class="form-control">
</div>
<div class="form-group">
<button class="btn btn-primary btn-block">Login</button>
</div>
<p class="text-center"><a href="/forgot-password">Forgot your password?</a></p>
</form>
<p><a href="/" th:href="@{/}">Back to home page</a></p>
</div>
</div>
<!--Load JQuery-->
<script src="../../static/js/jquery.min.js"></script>
<script src="../../static/js/bootstrap.min.js"></script>
</body>
</html>
我去 http://localhost:8080/login
,它显示了我的登录页面。它显示了登录表单,但在控制台中,我看到了这些错误
拒绝执行“ http://localhost:8080/login”中的脚本,因为 其MIME类型('text / html')是不可执行的,并且是严格的MIME类型 检查已启用。 login:1 [DOM]输入元素应具有 自动完成属性(建议:“当前密码”):(更多信息: https)
当我打开调试模式并刷新时,它会调用/login endpoind 6次,然后带来登录表单。
如果我输入了错误的用户名/密码,然后点击了Submit,它将调用登录5次。对于user和password(在securityconfig中定义),它会调用6次,但不能转到abouthtml。
对于错误或真实的用户名-密码,它将重定向到 http://localhost:8080/login?error
它调用登录端点1次,然后显示空白页面。
在控制台中没有错误。
这是pomxml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>nz.net.ultraq.thymeleaf</groupId>
<artifactId>thymeleaf-layout-dialect</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- do you like thymeleaf? -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!-- optional, it brings userful tags to display spring security stuff -->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<!-- hot swapping, disable cache for template, enable live reload -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring5</artifactId>
<version>3.0.11.RELEASE</version>
</dependency>
<!-- Optional, for bootstrap -->
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
<version>3.3.7</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我想要的是简单的登录表格。使用inMemoryAuthentication,我定义了用户名和密码。并且使用该凭据成功登录后,它应该转到about.html,但不能通过。
对于manager也是一样。
我尝试禁用securityconfig,其中一些antmatchers。
https://memorynotfound.com/spring-boot-spring-security-thymeleaf-form-login-example/
这也和我一样,但还是一样。
为什么多次调用?
答案 0 :(得分:0)
我想问题是您没有在Spring Security设置中指定loginProcessingUrl。使用loginProcessingUrl(“ / authenticateTheUser”)方法,然后将POST请求发送到指定的指定URL。
<form th:action="@{/authenticateTheUser}" method="post">
此类设置的示例
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/authenticateTheUser")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll();