由于WebSecurityConfigurerAdapter
已被弃用,我尝试将configure(HttpSecurity http)
替换为SecurityFilterChain filterChain(HttpSecurity http)
。我试着拼凑以下代码,但它不起作用,并在chrome上给出localhost redirected you too many times
错误,但在控制台上没有显示任何错误。我甚至按照建议清除了cookie,但它仍然不起作用。
应用程序安全配置.java
@Configuration
public class AppSecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public AuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(new BCryptPasswordEncoder());
return provider;
}
//Trying to replace configure(HttpSecurity http) method
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.logout().invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/logout-success").permitAll();
return http.build();
}
}
.authorizeRequests()
已被弃用,因此我使用.authorizeHttpRequests()
。下面的SS是chrome的输出:Output error from chrome
家庭控制器.java
@Controller
public class HomeController {
@RequestMapping("/")
public String home() {
return "home.jsp";
}
@RequestMapping("/login")
public String loginPage() {
return "login.jsp";
}
@RequestMapping("/logout-success")
public String logoutPage() {
return "logout.jsp";
}
}
登录名.jsp
<body>
<h1>Login</h1>
${SPRING_SECURITY_LAST_EXCEPTION.message}
<form action="login" method="post">
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value='' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name='password' /></td>
</tr>
<tr>
<td><input type="submit" name='submit' value='submit' /></td>
</tr>
</table>
</form>
</body>
</html>
1条答案
按热度按时间pod7payv1#
.loginPage()
javadoc是这样说的:...login page to redirect to if authentication is required...
通过由控制器提供服务的终结点
/login
,您进入了重定向周期。您可以尝试下一步:1.创建
MvcConfig
类(根据您自己的规则进行自定义):1.从控制器中删除或
/login
端点。1.测试新配置。
希望它能有所帮助,随时为我的答案给予反馈。