Question

更新：我尝试过使用CSRF令牌，现在，当我尝试登录时，我总是被重定向到默认的Spring登录页面localhost：8080 / login，当我再次登录时，它再次将我重定向到登录成功网址。...

这是我的WebSecurityConfig

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    AccountDetailsService accountDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(accountDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http
                .authorizeRequests()
                .antMatchers("/api/me").permitAll()
                .antMatchers(   HttpMethod.POST,"/api/addthing", "/api/addotherthing").hasRole("ADMIN")
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .defaultSuccessUrl("http://192.168.1.105:3000/api/adminpage", true)
        .and()
        .logout()
        .logoutSuccessUrl("http://192.168.1.105:3000/")
        .logoutUrl("/logout")
        .deleteCookies("JSESSIONID");

        http.csrf().disable();
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}

这是我的AccountDetailsService

@Service("userDetailsService")
@Transactional
public class AccountDetailsService implements UserDetailsService {
    @Autowired
    AccountService accountService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Account account = accountService.findAccountByUsername(username);

        return new org.springframework.security.core.userdetails.User(
                account.getUsername(), account.getPassword(),
                true, true, true, true,
                accountService.getAuthorities(account)
        );
    }
}

还有帐户服务：

@Service
public class AccountService {
    @Autowired
    AccountRepository accountRepository;

    @Autowired
    PasswordEncoder passwordEncoder;

    public Account findAccountByUsername(String username){
        return accountRepository.findFirstByUsername(username);
    }

    public List<GrantedAuthority> getAuthorities(Account account){
        List<GrantedAuthority> roles = new ArrayList<>();
        String role = account.getRole();
        roles.add(new SimpleGrantedAuthority(role));
        return roles;
    }

    public void createNewAccount(String username, String password, String role) {
        Account account = new Account(username, passwordEncoder.encode(password), role);
        accountRepository.save(account);
    }
}

我遇到的问题是，登录后，我被重定向到/api/adminpage/站点，这意味着登录成功，对吗？但是，当我尝试使用这种方法获取Principal时：

    @CrossOrigin
    @GetMapping("/api/me")
    public Principal getMe(Principal principal){
        return principal;
    }

这只会给我一个空的响应，这意味着我尚未登录。另外，当我尝试对antMatches中的某些URL发出POST请求时，我也无法...有人可以解释我在做什么吗？这里错了吗？

Answer 1

好吧，我现在整天都在做这个愚蠢的小事情，但是我开始工作了，对此我甚至不满意

解决方法是在React应用程序的"proxy": "http://192.168.1.105:8080"中添加package.json。

登录后被重定向，但我实际上并未登录Spring Security

1 个答案: