更新:我尝试过使用CSRF令牌,现在,当我尝试登录时,我总是被重定向到默认的Spring登录页面localhost:8080 / login,当我再次登录时,它再次将我重定向到登录成功网址。...
这是我的WebSecurityConfig
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AccountDetailsService accountDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(accountDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/api/me").permitAll()
.antMatchers( HttpMethod.POST,"/api/addthing", "/api/addotherthing").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("http://192.168.1.105:3000/api/adminpage", true)
.and()
.logout()
.logoutSuccessUrl("http://192.168.1.105:3000/")
.logoutUrl("/logout")
.deleteCookies("JSESSIONID");
http.csrf().disable();
}
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
这是我的AccountDetailsService
@Service("userDetailsService")
@Transactional
public class AccountDetailsService implements UserDetailsService {
@Autowired
AccountService accountService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Account account = accountService.findAccountByUsername(username);
return new org.springframework.security.core.userdetails.User(
account.getUsername(), account.getPassword(),
true, true, true, true,
accountService.getAuthorities(account)
);
}
}
还有帐户服务:
@Service
public class AccountService {
@Autowired
AccountRepository accountRepository;
@Autowired
PasswordEncoder passwordEncoder;
public Account findAccountByUsername(String username){
return accountRepository.findFirstByUsername(username);
}
public List<GrantedAuthority> getAuthorities(Account account){
List<GrantedAuthority> roles = new ArrayList<>();
String role = account.getRole();
roles.add(new SimpleGrantedAuthority(role));
return roles;
}
public void createNewAccount(String username, String password, String role) {
Account account = new Account(username, passwordEncoder.encode(password), role);
accountRepository.save(account);
}
}
我遇到的问题是,登录后,我被重定向到/api/adminpage/
站点,这意味着登录成功,对吗?但是,当我尝试使用这种方法获取Principal时:
@CrossOrigin
@GetMapping("/api/me")
public Principal getMe(Principal principal){
return principal;
}
这只会给我一个空的响应,这意味着我尚未登录。另外,当我尝试对antMatches中的某些URL发出POST请求时,我也无法...有人可以解释我在做什么吗?这里错了吗?
答案 0 :(得分:0)
好吧,我现在整天都在做这个愚蠢的小事情,但是我开始工作了,对此我甚至不满意
解决方法是在React应用程序的"proxy": "http://192.168.1.105:8080"
中添加package.json
。