我在spring启动应用程序中使用Spring Security 。现在,当我尝试访问一个安全端点时,它会重定向到“/login”端点,这是预期的行为。此时,浏览器中的url为“http://example.com/login".
我要做的是更改这个“/登录名”,使url看起来像http://example.com/app/login". 其余的spring安全部分应该和以前一样工作。只需更改浏览器中显示的url即可。
这是我的WebSecurity配置类
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
final private MyUserDetailsService myUserDetailsService;
/**
* Logger object for logging
*/
Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
@Autowired
public WebSecurityConfig(MyUserDetailsService myUserDetailsService) {
this.myUserDetailsService = myUserDetailsService;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/app/login").permitAll()
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
String requestURL = request.getRequestURL().toString();
String redirectURL = requestURL.substring(0,
requestURL.length() - request.getRequestURI().length());
response.sendRedirect(redirectURL + "/main");
}
}).failureHandler(new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
response.sendRedirect(request.getContextPath() + "/login?error");
}
}).and().cors().and().csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).sessionFixation()
.changeSessionId();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
auth.authenticationProvider(authenticationProvider());
}
// Builds the authentication provider object for the authentication manager
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
}我在控制器中定义了一个端点,如下所示:
@GetMapping("/app/login")
public String loginUI(Model model) {
return "login";
}我的自定义登录页“login.html”位于src/main/resources/views/login.html中
这是login.html文件
<html xmlns:th="https://www.thymeleaf.org">
<head th:include="layout :: head(title=~{::title},links=~{})">
<title>Please Login</title>
</head>
<body th:include="layout :: body" th:with="content=~{::content}">
<div th:fragment="content">
<form name="f" th:action="@{/login}" method="post">
<fieldset>
<legend>Please Login</legend>
<div th:if="${param.error}" class="alert alert-error">
Invalid username and password.
</div>
<div th:if="${param.logout}" class="alert alert-success">
You have been logged out.
</div>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
<div class="form-actions">
<button type="submit" class="btn">Log in</button>
</div>
</fieldset>
</form>
</div>
</body>
</html>现在,当我尝试访问一个安全端点时,它确实重定向到“/app/login”,浏览器也显示了这一点。但是,返回404错误。
有人能帮我吗?
暂无答案!
目前还没有任何答案,快来回答吧!