我的spring security应用程序中的多个登录页有问题。
我读过很多关于如何配置多个登录页面的文章,例如,为spring启动应用程序中的多个登录页面配置Spring Security
最后,我可以调用两个不同的登录窗体以两种方式继续登录-分别针对具有不同角色的用户。
问题是第二个登录表单不起作用。两个登录页都被正确调用,但只有一个正常工作。在我提交第二个登录表单后,响应是405:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Sun Jan 31 21:35:51 UTC 2021
There was an unexpected error (type=Method Not Allowed, status=405).
Request method 'POST' not supported
org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported我的securityconfig类如下所示:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Configuration
@Order(1)
public static class UserConfigurationAdapter extends WebSecurityConfigurerAdapter {
private final DataSource dataSource;
private final UserDetailsService userDetailsService;
public UserConfigurationAdapter(DataSource dataSource, UserDetailsService userDetailsService) {
this.dataSource = dataSource;
this.userDetailsService = userDetailsService;
}
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(
"SELECT email, password, enabled FROM users WHERE email=?"
)
.authoritiesByUsernameQuery(
"SELECT email, authority FROM authorities WHERE email=?"
)
.passwordEncoder(encoder())
;
auth
.userDetailsService(userDetailsService)
.passwordEncoder(encoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "register/**")
.permitAll()
.antMatchers("/user/**")
.hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("email")
.defaultSuccessUrl("/user/my-donations")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
.logoutSuccessUrl("/")
.and()
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class AdminConfigurationAdapter extends WebSecurityConfigurerAdapter {
private final DataSource dataSource;
private final UserDetailsService userDetailsService;
public AdminConfigurationAdapter(DataSource dataSource, UserDetailsService userDetailsService) {
this.dataSource = dataSource;
this.userDetailsService = userDetailsService;
}
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(
"SELECT email, password, enabled FROM users WHERE email=?"
)
.authoritiesByUsernameQuery(
"SELECT email, authority FROM authorities WHERE email=?"
)
.passwordEncoder(encoder())
;
auth
.userDetailsService(userDetailsService)
.passwordEncoder(encoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/login")
.permitAll()
.antMatchers("/admin/**")
.hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/admin/login")
.usernameParameter("email")
.defaultSuccessUrl("/admin/dashboard", true)
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/admin/logout", "GET"))
.logoutSuccessUrl("/")
.and()
.csrf().disable();
}
}
}在上面的一个例子中 /login 很好,但是 /admin/login 不是。如果我换一个 @Order 就像下面的情况一样- /admin/login 正在工作并且 /login 表格提交后返回405:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// ...
@Configuration
@Order(2)
public static class UserConfigurationAdapter extends WebSecurityConfigurerAdapter {
// ...
}
@Configuration
@Order(1)
public static class AdminConfigurationAdapter extends WebSecurityConfigurerAdapter {
// ..
}
}当然,还配置了视图解析器。我试过这样做:https://www.yawintutor.com/multiple-login-pages-using-spring-boot-security-with-database-authentication/ 或者使用 requestMatcher() 如以下文章所示:springboot和springsecurity多个登录页面
但总是第一个登录表单工作,第二个响应405。
暂无答案!
目前还没有任何答案,快来回答吧!