我正在编写带有2个登录表单的spring安全代码,通过分别工作它们可以正常工作,但是当我将它们组合在一起时,会发生一些有趣的事情,ADMIN登录表单根本无法登录。它说明用户名或密码不正确。我应该再次提到,当单独工作时,它会进行身份验证。我不能弄清楚问题出在哪里,如果有人可以帮助,欢迎大家贡献力量。
代码是:
@Order(1)
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/assets/**");//under resources/static/assets/ I have added all the images
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/librarian/**")
.authorizeRequests()
.antMatchers("/librarian/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/librarian/login")
.successForwardUrl("/librarian/librarianlogin")
.defaultSuccessUrl("/librarian/librarianlogin",true)
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/librarian/logout"))
.logoutSuccessUrl("/librarian/login?logout")
.permitAll();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
auth.setUserDetailsService(userService);
auth.setPasswordEncoder(passwordEncoder());
return auth;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
}
和:
@Order(2)
@Configuration
@EnableWebSecurity
public class SecurityConfigurationAdmin extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/assets/**");//under resources/static/assets/ I have added all the images
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/admin/**")
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/admin/login")
.usernameParameter("username2")
.passwordParameter("password2")
.successForwardUrl("/admin/adminlogin")
.defaultSuccessUrl("/admin/adminlogin",true)
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/admin/logout"))
.logoutSuccessUrl("/admin/login?logout")
.permitAll();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin").password("{noop}admin").roles("ADMIN");
}
}