春季安全性:具有2个未通过身份验证的登录表单

时间:2020-10-03 12:24:50

标签: spring spring-security

我正在编写带有2个登录表单的spring安全代码,通过分别工作它们可以正常工作,但是当我将它们组合在一起时,会发生一些有趣的事情,ADMIN登录表单根本无法登录。它说明用户名或密码不正确。我应该再次提到,当单独工作时,它会进行身份验证。我不能弄清楚问题出在哪里,如果有人可以帮助,欢迎大家贡献力量。

代码是:

@Order(1)
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/assets/**");//under resources/static/assets/ I have added all the images
    }

    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .antMatcher("/librarian/**")
        .authorizeRequests()
        .antMatchers("/librarian/**").hasRole("USER")
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/librarian/login")
            .successForwardUrl("/librarian/librarianlogin")
            .defaultSuccessUrl("/librarian/librarianlogin",true)
            .permitAll()
            .and()
            .logout()
            .invalidateHttpSession(true)
            .clearAuthentication(true)
            .logoutRequestMatcher(new AntPathRequestMatcher("/librarian/logout"))
            .logoutSuccessUrl("/librarian/login?logout")
            .permitAll();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
        auth.setUserDetailsService(userService);
        auth.setPasswordEncoder(passwordEncoder());
        return auth;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }
}

和:

@Order(2)
@Configuration
@EnableWebSecurity
public class SecurityConfigurationAdmin extends WebSecurityConfigurerAdapter {
    
    
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/assets/**");//under resources/static/assets/ I have added all the images
    }

    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       
        http
        .antMatcher("/admin/**")
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/admin/login")
            .usernameParameter("username2")
            .passwordParameter("password2")
            .successForwardUrl("/admin/adminlogin")
            .defaultSuccessUrl("/admin/adminlogin",true)
            .permitAll()
            .and()
            .logout()
            .invalidateHttpSession(true)
            .clearAuthentication(true)
            .logoutRequestMatcher(new AntPathRequestMatcher("/admin/logout"))
            .logoutSuccessUrl("/admin/login?logout")
            .permitAll();
    }
    
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("admin").password("{noop}admin").roles("ADMIN");
    }
}

0 个答案:

没有答案
相关问题
最新问题