我对Spring Security(总体而言是安全性)不熟悉,因此我尝试创建一个成功登录后进入产品页面的用户登录。在学习了有关安全性配置的所有教程之后,我不断出现“登录?错误”,我想不通为什么,我无法在调试器中查明原因。
我正在使用Postgresql,并具有表user,role,user_role。我已经验证了jdbcAuthentication的sql语句,并以多种不同方式配置了.formLogin
下面是我的Web安全配置,登录控制器和登录视图。 谁能告诉我我做错了吗?谢谢。
SpringSecurityConfig.java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.sql.DataSource;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
// Database authentication
auth.
jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("SELECT username, password, active FROM \"user\" WHERE username = ?")
.authoritiesByUsernameQuery("SELECT u.username, r.role FROM \"user\" u join user_role ur on (u.userid=ur.userid) join role r on (ur.roleid=r.roleid) WHERE u.username = ?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/products","/mycart","/images/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.successForwardUrl("/products")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
LoginController.java
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.security.Principal;
@Controller
public class LoginController {
@RequestMapping(value = {"/", "/login"}, method = RequestMethod.GET)
public String loginView(Principal principal) {
return "/login";
}
}
login.html
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<div>
<form th:action="@{/login}" method="POST">
<div th:if="${param.error}">
<div class="alert alert-danger">
Incorrect Username and Password
</div>
</div>
<div th:if="${param.logout}">
<div class="alert alert-danger">
User Logged Out
</div>
</div>
<div class="form-group">
<input type="text" placeholder="Username" id="username" class="form-control" required="true" autofocus="true"/>
</div>
<div class="form-group">
<input type="password" placeholder="Password" id="password" class="form-control" required="true" autofocus="true"/>
</div>
<div>
<input type="submit" class="btm btm-primary btn-block" value="Login"/>
</div>
</form>
<a href="/registration">Register</a>
</div>
</body>
</html>
答案 0 :(得分:0)
您的配置看起来不错,但您需要像这样在输入中添加“名称”属性:
<div class="form-group">
<input type="text" placeholder="Username" id="username" name="username" class="form-control" required="true" autofocus="true"/>
</div>
<div class="form-group">
<input type="password" placeholder="Password" id="password" name="password" class="form-control" required="true" autofocus="true"/>
</div>
第二,检查您是否已使用BCryptPasswordEncoder在数据库中对密码进行编码(或首先尝试在没有编码器的情况下设置普通密码)。
以另一种方式尝试在github中提交示例项目,也许我可以为您提供帮助。